2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2020-04-30 21:20:09 +01:00
|
|
|
|
|
|
|
// Package router presents an interface to manipulate the host network
|
|
|
|
// stack's state.
|
|
|
|
package router
|
|
|
|
|
|
|
|
import (
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
"net/netip"
|
2022-06-28 23:32:09 +01:00
|
|
|
"reflect"
|
|
|
|
|
2022-12-09 23:12:20 +00:00
|
|
|
"github.com/tailscale/wireguard-go/tun"
|
2024-04-26 18:12:46 +01:00
|
|
|
"tailscale.com/health"
|
2023-04-18 22:26:58 +01:00
|
|
|
"tailscale.com/net/netmon"
|
2020-04-30 21:20:09 +01:00
|
|
|
"tailscale.com/types/logger"
|
2021-02-04 21:12:42 +00:00
|
|
|
"tailscale.com/types/preftype"
|
2020-04-30 21:20:09 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
// Router is responsible for managing the system network stack.
|
|
|
|
//
|
|
|
|
// There is typically only one instance of this interface per process.
|
|
|
|
type Router interface {
|
|
|
|
// Up brings the router up.
|
|
|
|
Up() error
|
|
|
|
|
2020-05-12 08:08:52 +01:00
|
|
|
// Set updates the OS network stack with a new Config. It may be
|
|
|
|
// called multiple times with identical Configs, which the
|
2020-05-08 02:07:13 +01:00
|
|
|
// implementation should handle gracefully.
|
2020-05-12 08:08:52 +01:00
|
|
|
Set(*Config) error
|
2020-04-30 21:20:09 +01:00
|
|
|
|
2023-12-05 23:12:02 +00:00
|
|
|
// UpdateMagicsockPort tells the OS network stack what port magicsock
|
|
|
|
// is currently listening on, so it can be threaded through firewalls
|
|
|
|
// and such. This is distinct from Set() since magicsock may rebind
|
|
|
|
// ports independently from the Config changing.
|
|
|
|
//
|
|
|
|
// network should be either "udp4" or "udp6".
|
|
|
|
UpdateMagicsockPort(port uint16, network string) error
|
|
|
|
|
2020-04-30 21:20:09 +01:00
|
|
|
// Close closes the router.
|
|
|
|
Close() error
|
|
|
|
}
|
|
|
|
|
2020-04-30 21:37:30 +01:00
|
|
|
// New returns a new Router for the current platform, using the
|
|
|
|
// provided tun device.
|
2021-07-20 21:28:06 +01:00
|
|
|
//
|
2023-04-18 22:26:58 +01:00
|
|
|
// If netMon is nil, it's not used. It's currently (2021-07-20) only
|
2021-07-20 21:28:06 +01:00
|
|
|
// used on Linux in some situations.
|
2024-04-26 18:12:46 +01:00
|
|
|
func New(logf logger.Logf, tundev tun.Device, netMon *netmon.Monitor, health *health.Tracker) (Router, error) {
|
2020-07-14 14:12:00 +01:00
|
|
|
logf = logger.WithPrefix(logf, "router: ")
|
2024-04-26 18:12:46 +01:00
|
|
|
return newUserspaceRouter(logf, tundev, netMon, health)
|
2020-04-30 21:20:09 +01:00
|
|
|
}
|
|
|
|
|
2024-04-03 03:52:19 +01:00
|
|
|
// CleanUp restores the system network configuration to its original state
|
2020-07-13 11:17:58 +01:00
|
|
|
// in case the Tailscale daemon terminated without closing the router.
|
|
|
|
// No other state needs to be instantiated before this runs.
|
2024-04-27 06:06:20 +01:00
|
|
|
func CleanUp(logf logger.Logf, netMon *netmon.Monitor, interfaceName string) {
|
2024-04-03 03:52:19 +01:00
|
|
|
cleanUp(logf, interfaceName)
|
2020-07-13 11:17:58 +01:00
|
|
|
}
|
|
|
|
|
2020-05-12 08:08:52 +01:00
|
|
|
// Config is the subset of Tailscale configuration that is relevant to
|
|
|
|
// the OS's network stack.
|
|
|
|
type Config struct {
|
2021-04-01 15:50:50 +01:00
|
|
|
// LocalAddrs are the address(es) for this node. This is
|
|
|
|
// typically one IPv4/32 (the 100.x.y.z CGNAT) and one
|
|
|
|
// IPv6/128 (Tailscale ULA).
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
LocalAddrs []netip.Prefix
|
2021-04-01 15:50:50 +01:00
|
|
|
|
2021-04-08 23:56:51 +01:00
|
|
|
// Routes are the routes that point into the Tailscale
|
2021-04-01 15:50:50 +01:00
|
|
|
// interface. These are the /32 and /128 routes to peers, as
|
|
|
|
// well as any other subnets that peers are advertising and
|
|
|
|
// this node has chosen to use.
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
Routes []netip.Prefix
|
2020-05-13 23:35:22 +01:00
|
|
|
|
2021-04-08 23:56:51 +01:00
|
|
|
// LocalRoutes are the routes that should not be routed through Tailscale.
|
|
|
|
// There are no priorities set in how these routes are added, normal
|
|
|
|
// routing rules apply.
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
LocalRoutes []netip.Prefix
|
2021-04-08 23:56:51 +01:00
|
|
|
|
2023-07-18 22:51:32 +01:00
|
|
|
// NewMTU is currently only used by the MacOS network extension
|
|
|
|
// app to set the MTU of the tun in the router configuration
|
|
|
|
// callback. If zero, the MTU is unchanged.
|
|
|
|
NewMTU int
|
|
|
|
|
2023-10-11 18:49:01 +01:00
|
|
|
// SubnetRoutes is the list of subnets that this node is
|
|
|
|
// advertising to other Tailscale nodes.
|
|
|
|
// As of 2023-10-11, this field is only used for network
|
|
|
|
// flow logging and is otherwise ignored.
|
|
|
|
SubnetRoutes []netip.Prefix
|
|
|
|
|
2020-05-13 23:35:22 +01:00
|
|
|
// Linux-only things below, ignored on other platforms.
|
2024-05-06 23:22:17 +01:00
|
|
|
SNATSubnetRoutes bool // SNAT traffic to local subnets
|
|
|
|
StatefulFiltering bool // Apply stateful filtering to inbound connections
|
|
|
|
NetfilterMode preftype.NetfilterMode // how much to manage netfilter rules
|
|
|
|
NetfilterKind string // what kind of netfilter to use (nftables, iptables)
|
2020-04-30 21:20:09 +01:00
|
|
|
}
|
2020-05-12 08:08:52 +01:00
|
|
|
|
2022-06-28 23:32:09 +01:00
|
|
|
func (a *Config) Equal(b *Config) bool {
|
|
|
|
if a == nil && b == nil {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
if (a == nil) != (b == nil) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return reflect.DeepEqual(a, b)
|
|
|
|
}
|
|
|
|
|
2020-05-12 08:08:52 +01:00
|
|
|
// shutdownConfig is a routing configuration that removes all router
|
|
|
|
// state from the OS. It's the config used when callers pass in a nil
|
|
|
|
// Config.
|
2020-05-13 23:35:22 +01:00
|
|
|
var shutdownConfig = Config{}
|