David Anderson
0fe262f093
ipn: plumb NetfilterMode all the way out to the CLI.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-14 23:51:44 -07:00
David Anderson
c67c8913c3
wgengine/router: add a test for linux router state transitions.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-14 23:51:44 -07:00
David Anderson
292606a975
wgengine/router: support multiple levels of netfilter involvement.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-14 23:51:44 -07:00
David Anderson
9ccbcda612
wgengine/router: rename config.Settings to config.Config, make pointer.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-12 15:58:33 -07:00
David Anderson
cd01bcc395
wgengine/router: allow loopback traffic from our own IP(s).
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-11 16:57:35 -07:00
David Anderson
bfdc8175b1
wgengine/router: add a setting to disable SNAT for subnet routes.
...
Part of #320 .
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-11 20:17:13 +00:00
David Anderson
21ac65d3da
wgengine/router: explicitly detect and complain about busybox's ip
.
...
Defensive programming against #368 in environments other than Docker,
e.g. if you try using Tailscale in Alpine Linux directly, sans
container.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-10 17:12:17 -07:00
David Anderson
381b94d4d1
wgengine/router: include command output if ip rule list
fails.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-10 17:12:17 -07:00
David Anderson
efc1feedc9
wgengine/router: include more information when iptables ops fail.
...
The iptables package we use doesn't include command output, so we're
left with guessing what went wrong most of the time. This will at
least narrow things down to which operation failed.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-10 22:14:33 +00:00
David Anderson
b01db109f5
wgengine/router: use inet.af/netaddr, not wgcfg.CIDR.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 23:40:03 -07:00
David Anderson
b8f01eed34
wgengine/router: remove wireguard-go config from settings.
...
Instead, pass in only exactly the relevant configuration pieces
that the OS network stack cares about.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 19:04:13 -07:00
David Anderson
8861bb5a19
wgengine/router: alter API to support multiple addrs, and use on linux.
...
FreeBSD and OpenBSD will error out with a complaint if we pass >1 address
right now, but we don't yet so that's okay.
2020-05-08 00:18:18 +00:00
David Anderson
6802481bf5
wgengine/router: don't use gateway routes on linux.
2020-05-07 19:22:50 +00:00
David Anderson
78b1ed39ea
wgengine/router: add more documentation.
2020-05-07 18:30:37 +00:00
David Anderson
c9de43cd59
wgengine/router: fix typo.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 18:01:55 +00:00
David Anderson
89198b1691
wgengine/router: rewrite netfilter and routing logic.
...
New logic installs precise filters for subnet routes,
plays nice with other users of netfilter, and lays the
groundwork for fixing routing loops via policy routing.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-06 22:13:38 +00:00
David Anderson
7618d7e677
wgengine/router: simplify some cmd invocations.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-06 22:13:38 +00:00
David Anderson
1ac570def7
wgengine/router: split out from wgengine.
...
The router implementations are logically separate, with their own API.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-30 13:31:24 -07:00