webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

wgengine/filter: let unknown IPProto match if IP okay & match allows all ports

Browse Source 
RELNOTE=yes

Change-Id: I96eaf3cf550cee7bb6cdb4ad81fc761e280a1b2a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2021-12-04 11:52:39 -08:00
committed by Brad Fitzpatrick
parent 1813c2a162
commit 69de3bf7bf
3 changed files with 96 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wgengine/filter/filter.go
+6
View File
@@ -384,6 +384,9 @@ func (f *Filter) runIn4(q *packet.Parsed) (r Response, why string) {
case ipproto.TSMP:
return Accept, "tsmp ok"
default:
if f.matches4.matchProtoAndIPsOnlyIfAllPorts(q) {
return Accept, "otherproto ok"
}
return Drop, "Unknown proto"
}
return Drop, "no rules matched"
@@ -441,6 +444,9 @@ func (f *Filter) runIn6(q *packet.Parsed) (r Response, why string) {
case ipproto.TSMP:
return Accept, "tsmp ok"
default:
if f.matches6.matchProtoAndIPsOnlyIfAllPorts(q) {
return Accept, "otherproto ok"
}
return Drop, "Unknown proto"
}
return Drop, "no rules matched"