TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-01-07 08:07:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

net/tstun,wgengine: split PreFilterOut into multiple hooks

Browse Source 
A subsequent commit implements handling of magicDNS traffic via netstack.
Implementing this requires a hook for traffic originating from the host and
hitting the tun, so we make another hook to support this.

Signed-off-by: Tom DNetto <tom@tailscale.com>
This commit is contained in:
Tom DNetto 2022-04-14 14:59:46 -07:00 committed by Tom
parent 9dee6adfab
commit dc71d3559f
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
net/tstun/wrap.go
View File

@ -135,9 +135,16 @@ type Wrapper struct {
PreFilterIn FilterFunc PreFilterIn FilterFunc
// PostFilterIn is the inbound filter function that runs after the main filter. // PostFilterIn is the inbound filter function that runs after the main filter.
PostFilterIn FilterFunc PostFilterIn FilterFunc
// PreFilterOut is the outbound filter function that runs before the main filter // PreFilterFromTunToNetstack is a filter function that runs before the main filter
// and therefore sees the packets that may be later dropped by it. // for packets from the local system. This filter is populated by netstack to hook
PreFilterOut FilterFunc // packets that should be handled by netstack. If set, this filter runs before
// PreFilterFromTunToEngine.
PreFilterFromTunToNetstack FilterFunc
// PreFilterFromTunToEngine is a filter function that runs before the main filter
// for packets from the local system. This filter is populated by wgengine to hook
// packets which it handles internally. If both this and PreFilterFromTunToNetstack
// filter functions are non-nil, this filter runs second.
PreFilterFromTunToEngine FilterFunc
// PostFilterOut is the outbound filter function that runs after the main filter. // PostFilterOut is the outbound filter function that runs after the main filter.
PostFilterOut FilterFunc PostFilterOut FilterFunc
@ -451,9 +458,16 @@ func (t *Wrapper) filterOut(p *packet.Parsed) filter.Response {
return filter.DropSilently return filter.DropSilently
} }
if t.PreFilterOut != nil { if t.PreFilterFromTunToNetstack != nil {
if res := t.PreFilterOut(p, t); res.IsDrop() { if res := t.PreFilterFromTunToNetstack(p, t); res.IsDrop() {
// Handled by userspaceEngine.handleLocalPackets (quad-100 DNS primarily). // Handled by netstack.Impl.handleLocalPackets (quad-100 DNS primarily)
return res
}
}
if t.PreFilterFromTunToEngine != nil {
if res := t.PreFilterFromTunToEngine(p, t); res.IsDrop() {
// Handled by userspaceEngine.handleLocalPackets (primarily handles
// quad-100 if netstack is not installed).
return res return res
} }
} }

2
wgengine/userspace.go
View File

@ -362,7 +362,7 @@ func NewUserspaceEngine(logf logger.Logf, conf Config) (_ Engine, reterr error)
if conf.RespondToPing { if conf.RespondToPing {
e.tundev.PostFilterIn = echoRespondToAll e.tundev.PostFilterIn = echoRespondToAll
} }
e.tundev.PreFilterOut = e.handleLocalPackets e.tundev.PreFilterFromTunToEngine = e.handleLocalPackets
if envknob.BoolDefaultTrue("TS_DEBUG_CONNECT_FAILURES") { if envknob.BoolDefaultTrue("TS_DEBUG_CONNECT_FAILURES") {
if e.tundev.PreFilterIn != nil { if e.tundev.PreFilterIn != nil {