webnet
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wgengine/netstack: don't register subnet/4via6 TCP flows with proxymap

Browse Source 
Fixes #18991

Change-Id: I29a609dcd401854026aef4a5ad8d5806c3249ea6
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
main
Brad Fitzpatrick 1 month ago committed by Brad Fitzpatrick
parent 4c91f90776
commit 54606a0a89
1 changed files with 9 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      wgengine/netstack/netstack.go

7
wgengine/netstack/netstack.go
Unescape View File

@ -1481,6 +1481,7 @@ func (ns *Impl) acceptTCP(r *tcp.ForwarderRequest) {
dialIP := netaddrIPFromNetstackIP(reqDetails.LocalAddress)
isTailscaleIP := tsaddr.IsTailscaleIP(dialIP)
isLocal := ns.isLocalIP(dialIP) // i.e. not a subnet routed or 4via6 target
dstAddrPort := netip.AddrPortFrom(dialIP, reqDetails.LocalPort)
@ -1600,7 +1601,7 @@ func (ns *Impl) acceptTCP(r *tcp.ForwarderRequest) {
}
dialAddr := netip.AddrPortFrom(dialIP, uint16(reqDetails.LocalPort))
if !ns.forwardTCP(getConnOrReset, clientRemoteIP, &wq, dialAddr) {
if !ns.forwardTCP(getConnOrReset, clientRemoteIP, &wq, dialAddr, isLocal) {
r.Complete(true) // sends a RST
}
}
@ -1612,7 +1613,7 @@ type tcpCloser interface {
CloseWrite() error
}
func (ns *Impl) forwardTCP(getClient func(...tcpip.SettableSocketOption) *gonet.TCPConn, clientRemoteIP netip.Addr, wq *waiter.Queue, dialAddr netip.AddrPort) (handled bool) {
func (ns *Impl) forwardTCP(getClient func(...tcpip.SettableSocketOption) *gonet.TCPConn, clientRemoteIP netip.Addr, wq *waiter.Queue, dialAddr netip.AddrPort, isLocal bool) (handled bool) {
dialAddrStr := dialAddr.String()
if debugNetstack() {
ns.logf("[v2] netstack: forwarding incoming connection to %s", dialAddrStr)
@ -1659,11 +1660,13 @@ func (ns *Impl) forwardTCP(getClient func(...tcpip.SettableSocketOption) *gonet.
backendLocalAddr := backend.LocalAddr().(*net.TCPAddr)
backendLocalIPPort := netaddr.Unmap(backendLocalAddr.AddrPort())
if isLocal {
if err := ns.pm.RegisterIPPortIdentity("tcp", backendLocalIPPort, clientRemoteIP); err != nil {
ns.logf("netstack: could not register TCP mapping %s: %v", backendLocalIPPort, err)
return
}
defer ns.pm.UnregisterIPPortIdentity("tcp", backendLocalIPPort)
}
// If we get here, either the getClient call below will succeed and
// return something we can Close, or it will fail and will properly

Write Preview
Loading…
Cancel
Save