|
|
|
|
@ -12,6 +12,8 @@ import ( |
|
|
|
|
"io" |
|
|
|
|
"log" |
|
|
|
|
"net" |
|
|
|
|
"os/exec" |
|
|
|
|
"runtime" |
|
|
|
|
"strconv" |
|
|
|
|
"strings" |
|
|
|
|
"sync" |
|
|
|
|
@ -35,6 +37,7 @@ import ( |
|
|
|
|
"tailscale.com/net/tsaddr" |
|
|
|
|
"tailscale.com/net/tsdial" |
|
|
|
|
"tailscale.com/net/tstun" |
|
|
|
|
"tailscale.com/syncs" |
|
|
|
|
"tailscale.com/types/logger" |
|
|
|
|
"tailscale.com/types/netmap" |
|
|
|
|
"tailscale.com/wgengine" |
|
|
|
|
@ -377,11 +380,69 @@ func (ns *Impl) shouldProcessInbound(p *packet.Parsed, t *tstun.Wrapper) bool { |
|
|
|
|
return false |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
var userPingSem = syncs.NewSemaphore(20) // 20 child ping processes at once
|
|
|
|
|
|
|
|
|
|
// userPing tried to ping dstIP and if it succeeds, injects pingResPkt
|
|
|
|
|
// into the tundev.
|
|
|
|
|
//
|
|
|
|
|
// It's used in userspace/netstack mode when we don't have kernel
|
|
|
|
|
// support or raw socket access. As such, this does the dumbest thing
|
|
|
|
|
// that can work: runs the ping command. It's not super efficient, so
|
|
|
|
|
// it bounds the number of pings going on at once. The idea is that
|
|
|
|
|
// people only use ping occasionally to see if their internet's working
|
|
|
|
|
// so this doesn't need to be great.
|
|
|
|
|
//
|
|
|
|
|
// TODO(bradfitz): when we're running on Windows as the system user, use
|
|
|
|
|
// raw socket APIs instead of ping child processes.
|
|
|
|
|
func (ns *Impl) userPing(dstIP netaddr.IP, pingResPkt []byte) { |
|
|
|
|
if !userPingSem.TryAcquire() { |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
defer userPingSem.Release() |
|
|
|
|
|
|
|
|
|
t0 := time.Now() |
|
|
|
|
var err error |
|
|
|
|
switch runtime.GOOS { |
|
|
|
|
case "windows": |
|
|
|
|
err = exec.Command("ping", "-n", "1", "-w", "3000", dstIP.String()).Run() |
|
|
|
|
default: |
|
|
|
|
err = exec.Command("ping", "-c", "1", "-W", "3", dstIP.String()).Run() |
|
|
|
|
} |
|
|
|
|
d := time.Since(t0) |
|
|
|
|
if err != nil { |
|
|
|
|
ns.logf("exec ping of %v failed in %v", dstIP, d) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
if debugNetstack { |
|
|
|
|
ns.logf("exec pinged %v in %v", dstIP, time.Since(t0)) |
|
|
|
|
} |
|
|
|
|
if err := ns.tundev.InjectOutbound(pingResPkt); err != nil { |
|
|
|
|
ns.logf("InjectOutbound ping response: %v", err) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (ns *Impl) injectInbound(p *packet.Parsed, t *tstun.Wrapper) filter.Response { |
|
|
|
|
if !ns.shouldProcessInbound(p, t) { |
|
|
|
|
// Let the host network stack (if any) deal with it.
|
|
|
|
|
return filter.Accept |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
destIP := p.Dst.IP() |
|
|
|
|
if p.IsEchoRequest() && ns.ProcessSubnets && !tsaddr.IsTailscaleIP(destIP) { |
|
|
|
|
var pong []byte // the reply to the ping, if our relayed ping works
|
|
|
|
|
if destIP.Is4() { |
|
|
|
|
h := p.ICMP4Header() |
|
|
|
|
h.ToResponse() |
|
|
|
|
pong = packet.Generate(&h, p.Payload()) |
|
|
|
|
} else if destIP.Is6() { |
|
|
|
|
h := p.ICMP6Header() |
|
|
|
|
h.ToResponse() |
|
|
|
|
pong = packet.Generate(&h, p.Payload()) |
|
|
|
|
} |
|
|
|
|
go ns.userPing(destIP, pong) |
|
|
|
|
return filter.DropSilently |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
var pn tcpip.NetworkProtocolNumber |
|
|
|
|
switch p.IPVersion { |
|
|
|
|
case 4: |
|
|
|
|
|
Brad Fitzpatrick
4 years ago
committed by
Brad Fitzpatrick