Commit Graph

118 Commits

Author SHA1 Message Date
David Anderson
0fe262f093 ipn: plumb NetfilterMode all the way out to the CLI.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-14 23:51:44 -07:00
David Anderson
c67c8913c3 wgengine/router: add a test for linux router state transitions.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-14 23:51:44 -07:00
David Anderson
292606a975 wgengine/router: support multiple levels of netfilter involvement.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-14 23:51:44 -07:00
David Anderson
9ccbcda612 wgengine/router: rename config.Settings to config.Config, make pointer.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-12 15:58:33 -07:00
David Anderson
cd01bcc395 wgengine/router: allow loopback traffic from our own IP(s).
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-11 16:57:35 -07:00
David Anderson
bfdc8175b1 wgengine/router: add a setting to disable SNAT for subnet routes.
Part of #320.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-11 20:17:13 +00:00
David Anderson
21ac65d3da wgengine/router: explicitly detect and complain about busybox's ip.
Defensive programming against #368 in environments other than Docker,
e.g. if you try using Tailscale in Alpine Linux directly, sans
container.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-10 17:12:17 -07:00
David Anderson
381b94d4d1 wgengine/router: include command output if ip rule list fails.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-10 17:12:17 -07:00
David Anderson
efc1feedc9 wgengine/router: include more information when iptables ops fail.
The iptables package we use doesn't include command output, so we're
left with guessing what went wrong most of the time. This will at
least narrow things down to which operation failed.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-10 22:14:33 +00:00
David Anderson
b01db109f5 wgengine/router: use inet.af/netaddr, not wgcfg.CIDR.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 23:40:03 -07:00
David Anderson
b8f01eed34 wgengine/router: remove wireguard-go config from settings.
Instead, pass in only exactly the relevant configuration pieces
that the OS network stack cares about.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 19:04:13 -07:00
David Anderson
8861bb5a19 wgengine/router: alter API to support multiple addrs, and use on linux.
FreeBSD and OpenBSD will error out with a complaint if we pass >1 address
right now, but we don't yet so that's okay.
2020-05-08 00:18:18 +00:00
David Anderson
6802481bf5 wgengine/router: don't use gateway routes on linux. 2020-05-07 19:22:50 +00:00
David Anderson
78b1ed39ea wgengine/router: add more documentation. 2020-05-07 18:30:37 +00:00
David Anderson
c9de43cd59 wgengine/router: fix typo.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 18:01:55 +00:00
David Anderson
89198b1691 wgengine/router: rewrite netfilter and routing logic.
New logic installs precise filters for subnet routes,
plays nice with other users of netfilter, and lays the
groundwork for fixing routing loops via policy routing.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-06 22:13:38 +00:00
David Anderson
7618d7e677 wgengine/router: simplify some cmd invocations.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-06 22:13:38 +00:00
David Anderson
1ac570def7 wgengine/router: split out from wgengine.
The router implementations are logically separate, with their own API.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-30 13:31:24 -07:00