mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-07 08:07:42 +00:00
net/tstun,wgengine: split PreFilterOut into multiple hooks
A subsequent commit implements handling of magicDNS traffic via netstack. Implementing this requires a hook for traffic originating from the host and hitting the tun, so we make another hook to support this. Signed-off-by: Tom DNetto <tom@tailscale.com>
This commit is contained in:
parent
9dee6adfab
commit
dc71d3559f
@ -135,9 +135,16 @@ type Wrapper struct {
|
||||
PreFilterIn FilterFunc
|
||||
// PostFilterIn is the inbound filter function that runs after the main filter.
|
||||
PostFilterIn FilterFunc
|
||||
// PreFilterOut is the outbound filter function that runs before the main filter
|
||||
// and therefore sees the packets that may be later dropped by it.
|
||||
PreFilterOut FilterFunc
|
||||
// PreFilterFromTunToNetstack is a filter function that runs before the main filter
|
||||
// for packets from the local system. This filter is populated by netstack to hook
|
||||
// packets that should be handled by netstack. If set, this filter runs before
|
||||
// PreFilterFromTunToEngine.
|
||||
PreFilterFromTunToNetstack FilterFunc
|
||||
// PreFilterFromTunToEngine is a filter function that runs before the main filter
|
||||
// for packets from the local system. This filter is populated by wgengine to hook
|
||||
// packets which it handles internally. If both this and PreFilterFromTunToNetstack
|
||||
// filter functions are non-nil, this filter runs second.
|
||||
PreFilterFromTunToEngine FilterFunc
|
||||
// PostFilterOut is the outbound filter function that runs after the main filter.
|
||||
PostFilterOut FilterFunc
|
||||
|
||||
@ -451,9 +458,16 @@ func (t *Wrapper) filterOut(p *packet.Parsed) filter.Response {
|
||||
return filter.DropSilently
|
||||
}
|
||||
|
||||
if t.PreFilterOut != nil {
|
||||
if res := t.PreFilterOut(p, t); res.IsDrop() {
|
||||
// Handled by userspaceEngine.handleLocalPackets (quad-100 DNS primarily).
|
||||
if t.PreFilterFromTunToNetstack != nil {
|
||||
if res := t.PreFilterFromTunToNetstack(p, t); res.IsDrop() {
|
||||
// Handled by netstack.Impl.handleLocalPackets (quad-100 DNS primarily)
|
||||
return res
|
||||
}
|
||||
}
|
||||
if t.PreFilterFromTunToEngine != nil {
|
||||
if res := t.PreFilterFromTunToEngine(p, t); res.IsDrop() {
|
||||
// Handled by userspaceEngine.handleLocalPackets (primarily handles
|
||||
// quad-100 if netstack is not installed).
|
||||
return res
|
||||
}
|
||||
}
|
||||
|
@ -362,7 +362,7 @@ func NewUserspaceEngine(logf logger.Logf, conf Config) (_ Engine, reterr error)
|
||||
if conf.RespondToPing {
|
||||
e.tundev.PostFilterIn = echoRespondToAll
|
||||
}
|
||||
e.tundev.PreFilterOut = e.handleLocalPackets
|
||||
e.tundev.PreFilterFromTunToEngine = e.handleLocalPackets
|
||||
|
||||
if envknob.BoolDefaultTrue("TS_DEBUG_CONNECT_FAILURES") {
|
||||
if e.tundev.PreFilterIn != nil {
|
||||
|
Loading…
x
Reference in New Issue
Block a user