From c493e5804f705968eb0f2e4bf42687aad835053a Mon Sep 17 00:00:00 2001 From: David Anderson Date: Mon, 28 Sep 2020 23:46:39 +0000 Subject: [PATCH] wgengine/router: make v6-ness configurable in test, for consistent results. Signed-off-by: David Anderson --- wgengine/router/router_linux.go | 17 ++++++++--------- wgengine/router/router_linux_test.go | 2 +- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/wgengine/router/router_linux.go b/wgengine/router/router_linux.go index d4c75a4ef..bd73ebd0e 100644 --- a/wgengine/router/router_linux.go +++ b/wgengine/router/router_linux.go @@ -113,8 +113,11 @@ func newUserspaceRouter(logf logger.Logf, _ *device.Device, tunDev tun.Device) ( return nil, err } + supportsV6 := supportsV6() + supportsV6NAT := supportsV6 && supportsV6NAT() + var ipt6 netfilterRunner - if supportsV6() { + if supportsV6 { // The iptables package probes for `ip6tables` and errors out // if unavailable. We want that to be a non-fatal error. ipt6, err = iptables.NewWithProtocol(iptables.ProtocolIPv6) @@ -123,10 +126,10 @@ func newUserspaceRouter(logf logger.Logf, _ *device.Device, tunDev tun.Device) ( } } - return newUserspaceRouterAdvanced(logf, tunname, ipt4, ipt6, osCommandRunner{}) + return newUserspaceRouterAdvanced(logf, tunname, ipt4, ipt6, osCommandRunner{}, supportsV6, supportsV6NAT) } -func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netfilter4, netfilter6 netfilterRunner, cmd commandRunner) (Router, error) { +func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netfilter4, netfilter6 netfilterRunner, cmd commandRunner, supportsV6, supportsV6NAT bool) (Router, error) { ipRuleAvailable := (cmd.run("ip", "rule") == nil) mconfig := dns.ManagerConfig{ @@ -134,8 +137,6 @@ func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netfilter4, ne InterfaceName: tunname, } - supportsV6 := supportsV6() - return &linuxRouter{ logf: logf, tunname: tunname, @@ -143,7 +144,7 @@ func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netfilter4, ne ipRuleAvailable: ipRuleAvailable, v6Available: supportsV6, - v6NATAvailable: supportsV6 && supportsV6NAT(), + v6NATAvailable: supportsV6NAT, ipt4: netfilter4, ipt6: netfilter6, @@ -1003,9 +1004,7 @@ func supportsV6() bool { // Some distros ship ip6tables separately from iptables. if _, err := exec.LookPath("ip6tables"); err != nil { - if _, err := os.Stat("/sbin/ip6tables"); err != nil { - return false - } + return false } return true diff --git a/wgengine/router/router_linux_test.go b/wgengine/router/router_linux_test.go index 6f9ffe932..bcc93af8f 100644 --- a/wgengine/router/router_linux_test.go +++ b/wgengine/router/router_linux_test.go @@ -279,7 +279,7 @@ v6/nat/POSTROUTING -j ts-postrouting } fake := NewFakeOS(t) - router, err := newUserspaceRouterAdvanced(t.Logf, "tailscale0", fake.netfilter4, fake.netfilter6, fake) + router, err := newUserspaceRouterAdvanced(t.Logf, "tailscale0", fake.netfilter4, fake.netfilter6, fake, true, true) if err != nil { t.Fatalf("failed to create router: %v", err) }