lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ipn: add AcceptRoutesFilter preference for filtering peer routes 

The preference is stored in string form as the internal representation
netipx.IPSetBuilder does not serialize. The string form is reasonably
compact and readable.

Signed-off-by: James Tucker <james@tailscale.com>
pull/5770/head
James Tucker 2022-09-27 17:46:16 -07:00
parent a5fab23e8f
commit 2d0ecbb883
No known key found for this signature in database
3 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ipn/ipn_clone.go
View File

@ -35,6 +35,7 @@ func (src *Prefs) Clone() *Prefs {
var _PrefsCloneNeedsRegeneration = Prefs(struct { var _PrefsCloneNeedsRegeneration = Prefs(struct {
ControlURL string ControlURL string
RouteAll bool RouteAll bool
AcceptRoutesFilter string
AllowSingleHosts bool AllowSingleHosts bool
ExitNodeID tailcfg.StableNodeID ExitNodeID tailcfg.StableNodeID
ExitNodeIP netip.Addr ExitNodeIP netip.Addr

13
ipn/prefs.go
View File

@ -70,6 +70,13 @@ type Prefs struct {
// controlled by ExitNodeID/IP below. // controlled by ExitNodeID/IP below.
RouteAll bool RouteAll bool
// AcceptRoutesFilter specifies an ordered list of IP ranges that are to be
// included or excluded from peer routes. The value is comma-seprated IP CIDRs
// with an optional leading `-` prefix indicating an exclusion, e.g.
// "0.0.0.0/0,-192.168.20.0/24" meaning "all routes except those intersecting
// 192.168.20.0/24".
AcceptRoutesFilter string
// AllowSingleHosts specifies whether to install routes for each // AllowSingleHosts specifies whether to install routes for each
// node IP on the tailscale network, in addition to a route for // node IP on the tailscale network, in addition to a route for
// the whole network. // the whole network.
@ -206,6 +213,7 @@ type MaskedPrefs struct {
ControlURLSet bool `json:",omitempty"` ControlURLSet bool `json:",omitempty"`
RouteAllSet bool `json:",omitempty"` RouteAllSet bool `json:",omitempty"`
AcceptRoutesFilterSet bool `json:",omitempty"`
AllowSingleHostsSet bool `json:",omitempty"` AllowSingleHostsSet bool `json:",omitempty"`
ExitNodeIDSet bool `json:",omitempty"` ExitNodeIDSet bool `json:",omitempty"`
ExitNodeIPSet bool `json:",omitempty"` ExitNodeIPSet bool `json:",omitempty"`
@ -293,6 +301,9 @@ func (p *Prefs) pretty(goos string) string {
var sb strings.Builder var sb strings.Builder
sb.WriteString("Prefs{") sb.WriteString("Prefs{")
fmt.Fprintf(&sb, "ra=%v ", p.RouteAll) fmt.Fprintf(&sb, "ra=%v ", p.RouteAll)
if p.RouteAll || p.AcceptRoutesFilter != "" {
fmt.Fprintf(&sb, "acceptfilter=%q ", p.AcceptRoutesFilter)
}
if !p.AllowSingleHosts { if !p.AllowSingleHosts {
sb.WriteString("mesh=false ") sb.WriteString("mesh=false ")
} }
@ -366,6 +377,7 @@ func (p *Prefs) Equals(p2 *Prefs) bool {
return p != nil && p2 != nil && return p != nil && p2 != nil &&
p.ControlURL == p2.ControlURL && p.ControlURL == p2.ControlURL &&
p.RouteAll == p2.RouteAll && p.RouteAll == p2.RouteAll &&
p.AcceptRoutesFilter == p2.AcceptRoutesFilter &&
p.AllowSingleHosts == p2.AllowSingleHosts && p.AllowSingleHosts == p2.AllowSingleHosts &&
p.ExitNodeID == p2.ExitNodeID && p.ExitNodeID == p2.ExitNodeID &&
p.ExitNodeIP == p2.ExitNodeIP && p.ExitNodeIP == p2.ExitNodeIP &&
@ -424,6 +436,7 @@ func NewPrefs() *Prefs {
ControlURL: "", ControlURL: "",
RouteAll: true, RouteAll: true,
AcceptRoutesFilter: "0.0.0.0/0,::/0",
AllowSingleHosts: true, AllowSingleHosts: true,
CorpDNS: true, CorpDNS: true,
WantRunning: false, WantRunning: false,

1
ipn/prefs_test.go
View File

@ -38,6 +38,7 @@ func TestPrefsEqual(t *testing.T) {
prefsHandles := []string{ prefsHandles := []string{
"ControlURL", "ControlURL",
"RouteAll", "RouteAll",
"AcceptRoutesFilter",
"AllowSingleHosts", "AllowSingleHosts",
"ExitNodeID", "ExitNodeID",
"ExitNodeIP", "ExitNodeIP",