mirror of
https://github.com/tailscale/tailscale.git
synced 2026-06-03 21:01:54 +08:00
2a64c03c95
Some checks failed
checklocks / checklocks (push) Has been cancelled
CodeQL / Analyze (go) (push) Has been cancelled
Dockerfile build / deploy (push) Has been cancelled
natlab-integrationtest / natlab-integrationtest (push) Has been cancelled
CI / gomod-cache (push) Has been cancelled
CI / fuzz (push) Has been cancelled
update-flake / update-flake (push) Has been cancelled
tailscale.com/cmd/vet / vet (push) Has been cancelled
CI / race-root-integration (1/4) (push) Has been cancelled
CI / race-root-integration (2/4) (push) Has been cancelled
CI / race-root-integration (3/4) (push) Has been cancelled
CI / race-root-integration (4/4) (push) Has been cancelled
CI / test (-race, amd64, 1/3) (push) Has been cancelled
CI / test (-race, amd64, 2/3) (push) Has been cancelled
CI / test (-race, amd64, 3/3) (push) Has been cancelled
CI / test (386) (push) Has been cancelled
CI / test (amd64) (push) Has been cancelled
CI / Windows (${{ matrix.name || matrix.shard}}) (win-bench, benchmarks) (push) Has been cancelled
CI / Windows (${{ matrix.name || matrix.shard}}) (win-shard-1-2, 1/2) (push) Has been cancelled
CI / Windows (${{ matrix.name || matrix.shard}}) (win-shard-2-2, 2/2) (push) Has been cancelled
CI / Windows (win-tool-go) (push) Has been cancelled
CI / macos (push) Has been cancelled
CI / privileged (push) Has been cancelled
CI / vm (push) Has been cancelled
CI / cross (386, linux) (push) Has been cancelled
CI / cross (amd64, darwin) (push) Has been cancelled
CI / cross (amd64, freebsd) (push) Has been cancelled
CI / cross (amd64, openbsd) (push) Has been cancelled
CI / cross (amd64, windows) (push) Has been cancelled
CI / cross (arm, 5, linux) (push) Has been cancelled
CI / cross (arm, 7, linux) (push) Has been cancelled
CI / cross (arm64, darwin) (push) Has been cancelled
CI / cross (arm64, linux) (push) Has been cancelled
CI / cross (arm64, windows) (push) Has been cancelled
CI / cross (loong64, linux) (push) Has been cancelled
CI / ios (push) Has been cancelled
CI / crossmin (amd64, illumos) (push) Has been cancelled
CI / crossmin (amd64, plan9) (push) Has been cancelled
CI / crossmin (amd64, solaris) (push) Has been cancelled
CI / crossmin (ppc64, aix) (push) Has been cancelled
CI / android (push) Has been cancelled
CI / wasm (push) Has been cancelled
CI / tailscale_go (push) Has been cancelled
CI / depaware (push) Has been cancelled
CI / go_generate (push) Has been cancelled
CI / make_tidy (push) Has been cancelled
CI / licenses (push) Has been cancelled
CI / staticcheck (${{ matrix.name }}) (--with-tags-all=darwin, arm64, darwin, macOS) (push) Has been cancelled
CI / staticcheck (${{ matrix.name }}) (--with-tags-all=linux, amd64, linux, Linux) (push) Has been cancelled
CI / staticcheck (${{ matrix.name }}) (--with-tags-all=windows, amd64, windows, Windows) (push) Has been cancelled
CI / staticcheck (${{ matrix.name }}) (--without-tags-any=windows,darwin,linux --shard=1/4, amd64, linux, Portable (1/4)) (push) Has been cancelled
CI / staticcheck (${{ matrix.name }}) (--without-tags-any=windows,darwin,linux --shard=2/4, amd64, linux, Portable (2/4)) (push) Has been cancelled
CI / staticcheck (${{ matrix.name }}) (--without-tags-any=windows,darwin,linux --shard=3/4, amd64, linux, Portable (3/4)) (push) Has been cancelled
CI / staticcheck (${{ matrix.name }}) (--without-tags-any=windows,darwin,linux --shard=4/4, amd64, linux, Portable (4/4)) (push) Has been cancelled
CI / notify_slack (push) Has been cancelled
CI / merge_blocker (push) Has been cancelled
CI / check_mergeability_strict (push) Has been cancelled
CI / check_mergeability (push) Has been cancelled
Updates #18682 Change-Id: I62f6aa0de2a15ef8c1435032c6aa74a181c25f8f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
74 lines
2.4 KiB
Go
74 lines
2.4 KiB
Go
// Copyright (c) Tailscale Inc & contributors
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
//go:build !ts_omit_netstack
|
|
|
|
package ipnlocal
|
|
|
|
import (
|
|
"net"
|
|
"net/netip"
|
|
"time"
|
|
|
|
"gvisor.dev/gvisor/pkg/tcpip"
|
|
)
|
|
|
|
// TCPHandlerForDst returns a TCP handler for connections to dst, or nil if
|
|
// no handler is needed. It also returns a list of TCP socket options to
|
|
// apply to the socket before calling the handler.
|
|
// TCPHandlerForDst is called both for connections to our node's local IP
|
|
// as well as to the service IP (quad 100).
|
|
func (b *LocalBackend) TCPHandlerForDst(src, dst netip.AddrPort) (handler func(c net.Conn) error, opts []tcpip.SettableSocketOption) {
|
|
// First handle internal connections to the service IP
|
|
hittingServiceIP := dst.Addr() == magicDNSIP || dst.Addr() == magicDNSIPv6
|
|
if hittingServiceIP {
|
|
switch dst.Port() {
|
|
case 80:
|
|
// TODO(mpminardi): do we want to show an error message if the web client
|
|
// has been disabled instead of the more "basic" web UI?
|
|
if b.ShouldRunWebClient() {
|
|
return b.handleWebClientConn, opts
|
|
}
|
|
return b.HandleQuad100Port80Conn, opts
|
|
case DriveLocalPort:
|
|
return b.handleDriveConn, opts
|
|
}
|
|
}
|
|
|
|
if f, ok := hookServeTCPHandlerForVIPService.GetOk(); ok {
|
|
if handler := f(b, dst, src); handler != nil {
|
|
return handler, opts
|
|
}
|
|
}
|
|
// Then handle external connections to the local IP.
|
|
if !b.isLocalIP(dst.Addr()) {
|
|
return nil, nil
|
|
}
|
|
if dst.Port() == 22 && b.ShouldRunSSH() {
|
|
// Use a higher keepalive idle time for SSH connections, as they are
|
|
// typically long lived and idle connections are more likely to be
|
|
// intentional. Ideally we would turn this off entirely, but we can't
|
|
// tell the difference between a long lived connection that is idle
|
|
// vs a connection that is dead because the peer has gone away.
|
|
// We pick 72h as that is typically sufficient for a long weekend.
|
|
opts = append(opts, new(tcpip.KeepaliveIdleOption(72*time.Hour)))
|
|
return b.handleSSHConn, opts
|
|
}
|
|
// TODO(will,sonia): allow customizing web client port ?
|
|
if dst.Port() == webClientPort && b.ShouldExposeRemoteWebClient() {
|
|
return b.handleWebClientConn, opts
|
|
}
|
|
if port, ok := b.GetPeerAPIPort(dst.Addr()); ok && dst.Port() == port {
|
|
return func(c net.Conn) error {
|
|
b.handlePeerAPIConn(src, dst, c)
|
|
return nil
|
|
}, opts
|
|
}
|
|
if f, ok := hookTCPHandlerForServe.GetOk(); ok {
|
|
if handler := f(b, dst.Port(), src, nil); handler != nil {
|
|
return handler, opts
|
|
}
|
|
}
|
|
return nil, nil
|
|
}
|