webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

tsconst, util/linuxfw, wgengine/router: move Linux fw consts to tsconst

Browse Source 
Now cmd/derper doesn't depend on iptables, nftables, and netlink code :)

But this is really just a cleanup step I noticed on the way to making
tsnet applications able to not link all the OS router code which they
don't use.

Updates #17313

Change-Id: Ic7b4e04e3a9639fd198e9dbeb0f7bae22a4a47a9
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2025-09-27 13:07:05 -07:00
committed by Brad Fitzpatrick
parent f19409482d
commit 475b520aa2
15 changed files with 94 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wgengine/router/router_linux.go
+7 -6
View File
@@ -26,6 +26,7 @@ import (
"tailscale.com/envknob"
"tailscale.com/health"
"tailscale.com/net/netmon"
"tailscale.com/tsconst"
"tailscale.com/types/logger"
"tailscale.com/types/opt"
"tailscale.com/types/preftype"
@@ -1238,14 +1239,14 @@ var baseIPRules = []netlink.Rule{
// main routing table.
{
Priority: 10,
Mark: linuxfw.TailscaleBypassMarkNum,
Mark: tsconst.LinuxBypassMarkNum,
Table: mainRouteTable.Num,
},
// ...and then we try the 'default' table, for correctness,
// even though it's been empty on every Linux system I've ever seen.
{
Priority: 30,
Mark: linuxfw.TailscaleBypassMarkNum,
Mark: tsconst.LinuxBypassMarkNum,
Table: defaultRouteTable.Num,
},
// If neither of those matched (no default route on this system?)
@@ -1253,7 +1254,7 @@ var baseIPRules = []netlink.Rule{
// to the tailscale routes, because that would create routing loops.
{
Priority: 50,
Mark: linuxfw.TailscaleBypassMarkNum,
Mark: tsconst.LinuxBypassMarkNum,
Type: unix.RTN_UNREACHABLE,
},
// If we get to this point, capture all packets and send them
@@ -1283,7 +1284,7 @@ var ubntIPRules = []netlink.Rule{
{
Priority: 70,
Invert: true,
Mark: linuxfw.TailscaleBypassMarkNum,
Mark: tsconst.LinuxBypassMarkNum,
Table: tailscaleRouteTable.Num,
},
}
@@ -1311,7 +1312,7 @@ func (r *linuxRouter) justAddIPRules() error {
// Note: r is a value type here; safe to mutate it.
ru.Family = family.netlinkInt()
if ru.Mark != 0 {
ru.Mask = linuxfw.TailscaleFwmarkMaskNum
ru.Mask = tsconst.LinuxFwmarkMaskNum
}
ru.Goto = -1
ru.SuppressIfgroup = -1
@@ -1344,7 +1345,7 @@ func (r *linuxRouter) addIPRulesWithIPCommand() error {
}
if rule.Mark != 0 {
if r.fwmaskWorks() {
args = append(args, "fwmark", fmt.Sprintf("0x%x/%s", rule.Mark, linuxfw.TailscaleFwmarkMask))
args = append(args, "fwmark", fmt.Sprintf("0x%x/%s", rule.Mark, tsconst.LinuxFwmarkMask))
} else {
args = append(args, "fwmark", fmt.Sprintf("0x%x", rule.Mark))
}