|
|
|
@ -1481,6 +1481,7 @@ func (ns *Impl) acceptTCP(r *tcp.ForwarderRequest) { |
|
|
|
|
|
|
|
|
|
|
|
dialIP := netaddrIPFromNetstackIP(reqDetails.LocalAddress) |
|
|
|
dialIP := netaddrIPFromNetstackIP(reqDetails.LocalAddress) |
|
|
|
isTailscaleIP := tsaddr.IsTailscaleIP(dialIP) |
|
|
|
isTailscaleIP := tsaddr.IsTailscaleIP(dialIP) |
|
|
|
|
|
|
|
isLocal := ns.isLocalIP(dialIP) // i.e. not a subnet routed or 4via6 target
|
|
|
|
|
|
|
|
|
|
|
|
dstAddrPort := netip.AddrPortFrom(dialIP, reqDetails.LocalPort) |
|
|
|
dstAddrPort := netip.AddrPortFrom(dialIP, reqDetails.LocalPort) |
|
|
|
|
|
|
|
|
|
|
|
@ -1600,7 +1601,7 @@ func (ns *Impl) acceptTCP(r *tcp.ForwarderRequest) { |
|
|
|
} |
|
|
|
} |
|
|
|
dialAddr := netip.AddrPortFrom(dialIP, uint16(reqDetails.LocalPort)) |
|
|
|
dialAddr := netip.AddrPortFrom(dialIP, uint16(reqDetails.LocalPort)) |
|
|
|
|
|
|
|
|
|
|
|
if !ns.forwardTCP(getConnOrReset, clientRemoteIP, &wq, dialAddr) { |
|
|
|
if !ns.forwardTCP(getConnOrReset, clientRemoteIP, &wq, dialAddr, isLocal) { |
|
|
|
r.Complete(true) // sends a RST
|
|
|
|
r.Complete(true) // sends a RST
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
@ -1612,7 +1613,7 @@ type tcpCloser interface { |
|
|
|
CloseWrite() error |
|
|
|
CloseWrite() error |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (ns *Impl) forwardTCP(getClient func(...tcpip.SettableSocketOption) *gonet.TCPConn, clientRemoteIP netip.Addr, wq *waiter.Queue, dialAddr netip.AddrPort) (handled bool) { |
|
|
|
func (ns *Impl) forwardTCP(getClient func(...tcpip.SettableSocketOption) *gonet.TCPConn, clientRemoteIP netip.Addr, wq *waiter.Queue, dialAddr netip.AddrPort, isLocal bool) (handled bool) { |
|
|
|
dialAddrStr := dialAddr.String() |
|
|
|
dialAddrStr := dialAddr.String() |
|
|
|
if debugNetstack() { |
|
|
|
if debugNetstack() { |
|
|
|
ns.logf("[v2] netstack: forwarding incoming connection to %s", dialAddrStr) |
|
|
|
ns.logf("[v2] netstack: forwarding incoming connection to %s", dialAddrStr) |
|
|
|
@ -1659,11 +1660,13 @@ func (ns *Impl) forwardTCP(getClient func(...tcpip.SettableSocketOption) *gonet. |
|
|
|
|
|
|
|
|
|
|
|
backendLocalAddr := backend.LocalAddr().(*net.TCPAddr) |
|
|
|
backendLocalAddr := backend.LocalAddr().(*net.TCPAddr) |
|
|
|
backendLocalIPPort := netaddr.Unmap(backendLocalAddr.AddrPort()) |
|
|
|
backendLocalIPPort := netaddr.Unmap(backendLocalAddr.AddrPort()) |
|
|
|
if err := ns.pm.RegisterIPPortIdentity("tcp", backendLocalIPPort, clientRemoteIP); err != nil { |
|
|
|
if isLocal { |
|
|
|
ns.logf("netstack: could not register TCP mapping %s: %v", backendLocalIPPort, err) |
|
|
|
if err := ns.pm.RegisterIPPortIdentity("tcp", backendLocalIPPort, clientRemoteIP); err != nil { |
|
|
|
return |
|
|
|
ns.logf("netstack: could not register TCP mapping %s: %v", backendLocalIPPort, err) |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
defer ns.pm.UnregisterIPPortIdentity("tcp", backendLocalIPPort) |
|
|
|
} |
|
|
|
} |
|
|
|
defer ns.pm.UnregisterIPPortIdentity("tcp", backendLocalIPPort) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// If we get here, either the getClient call below will succeed and
|
|
|
|
// If we get here, either the getClient call below will succeed and
|
|
|
|
// return something we can Close, or it will fail and will properly
|
|
|
|
// return something we can Close, or it will fail and will properly
|
|
|
|
|
Brad Fitzpatrick
1 month ago
committed by
Brad Fitzpatrick