mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 11:35:35 +00:00
8cc5c51888
When reverse path filtering is in strict mode on Linux, using an exit node blocks all network connectivity. This change adds a warning about this to `tailscale status` and the logs. Example in `tailscale status`: ``` - not connected to home DERP region 22 - The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 ``` Example in the logs: ``` 2024/02/21 21:17:07 health("overall"): error: multiple errors: not in map poll The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 ``` Updates #3310 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
77 lines
1.4 KiB
Go
77 lines
1.4 KiB
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
package netutil
|
|
|
|
import (
|
|
"io"
|
|
"net"
|
|
"runtime"
|
|
"testing"
|
|
)
|
|
|
|
type conn struct {
|
|
net.Conn
|
|
}
|
|
|
|
func TestOneConnListener(t *testing.T) {
|
|
c1 := new(conn)
|
|
a1 := dummyAddr("a1")
|
|
|
|
// Two Accepts
|
|
ln := NewOneConnListener(c1, a1)
|
|
if got := ln.Addr(); got != a1 {
|
|
t.Errorf("Addr = %#v; want %#v", got, a1)
|
|
}
|
|
c, err := ln.Accept()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if c != c1 {
|
|
t.Fatalf("didn't get c1; got %p", c)
|
|
}
|
|
c, err = ln.Accept()
|
|
if err != io.EOF {
|
|
t.Errorf("got %v; want EOF", err)
|
|
}
|
|
if c != nil {
|
|
t.Errorf("unexpected non-nil Conn")
|
|
}
|
|
|
|
// Close before Accept
|
|
ln = NewOneConnListener(c1, a1)
|
|
ln.Close()
|
|
_, err = ln.Accept()
|
|
if err != io.EOF {
|
|
t.Fatalf("got %v; want EOF", err)
|
|
}
|
|
|
|
// Implicit addr
|
|
ln = NewOneConnListener(c1, nil)
|
|
if ln.Addr() == nil {
|
|
t.Errorf("nil Addr")
|
|
}
|
|
}
|
|
|
|
func TestIPForwardingEnabledLinux(t *testing.T) {
|
|
if runtime.GOOS != "linux" {
|
|
t.Skipf("skipping on %s", runtime.GOOS)
|
|
}
|
|
got, err := ipForwardingEnabledLinux(ipv4, "some-not-found-interface")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if got {
|
|
t.Errorf("got true; want false")
|
|
}
|
|
}
|
|
|
|
func TestCheckReversePathFiltering(t *testing.T) {
|
|
if runtime.GOOS != "linux" {
|
|
t.Skipf("skipping on %s", runtime.GOOS)
|
|
}
|
|
warn, err := CheckReversePathFiltering(nil)
|
|
t.Logf("err: %v", err)
|
|
t.Logf("warnings: %v", warn)
|
|
}
|