lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

net/interfaces: remove IsTailscaleIP, make callers use tsaddr. 

Signed-off-by: David Anderson <danderson@tailscale.com>
pull/1210/head
David Anderson 2021-01-26 15:00:05 -08:00 committed by Dave Anderson
parent e970ed0995
commit 692a011b54
4 changed files with 21 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/tsshd/tsshd.go
View File

@ -32,7 +32,9 @@ import (
"github.com/gliderlabs/ssh" "github.com/gliderlabs/ssh"
"github.com/kr/pty" "github.com/kr/pty"
gossh "golang.org/x/crypto/ssh" gossh "golang.org/x/crypto/ssh"
"inet.af/netaddr"
"tailscale.com/net/interfaces" "tailscale.com/net/interfaces"
"tailscale.com/net/tsaddr"
) )
var ( var (
@ -96,7 +98,13 @@ func handleSSH(s ssh.Session) {
s.Exit(1) s.Exit(1)
return return
} }
if !interfaces.IsTailscaleIP(ta.IP) { tanetaddr, ok := netaddr.FromStdIP(ta.IP)
if !ok {
log.Printf("tsshd: rejecting unparseable addr %v", ta.IP)
s.Exit(1)
return
}
if !tsaddr.IsTailscaleIP(tanetaddr) {
log.Printf("tsshd: rejecting non-Tailscale addr %v", ta.IP) log.Printf("tsshd: rejecting non-Tailscale addr %v", ta.IP)
s.Exit(1) s.Exit(1)
return return

14
net/interfaces/interfaces.go
View File

@ -39,8 +39,11 @@ func Tailscale() (net.IP, *net.Interface, error) {
continue continue
} }
for _, a := range addrs { for _, a := range addrs {
if ipnet, ok := a.(*net.IPNet); ok && IsTailscaleIP(ipnet.IP) { if ipnet, ok := a.(*net.IPNet); ok {
return ipnet.IP, &iface, nil nip, ok := netaddr.FromStdIP(ipnet.IP)
if ok && tsaddr.IsTailscaleIP(nip) {
return ipnet.IP, &iface, nil
}
} }
} }
} }
@ -57,13 +60,6 @@ func maybeTailscaleInterfaceName(s string) bool {
strings.HasPrefix(s, "utun") strings.HasPrefix(s, "utun")
} }
// IsTailscaleIP reports whether ip is an IP in a range used by
// Tailscale virtual network interfaces.
func IsTailscaleIP(ip net.IP) bool {
nip, _ := netaddr.FromStdIP(ip) // TODO: push this up to caller, change func signature
return tsaddr.IsTailscaleIP(nip)
}
func isUp(nif *net.Interface) bool { return nif.Flags&net.FlagUp != 0 } func isUp(nif *net.Interface) bool { return nif.Flags&net.FlagUp != 0 }
func isLoopback(nif *net.Interface) bool { return nif.Flags&net.FlagLoopback != 0 } func isLoopback(nif *net.Interface) bool { return nif.Flags&net.FlagLoopback != 0 }

21
net/interfaces/interfaces_test.go
View File

@ -5,30 +5,9 @@
package interfaces package interfaces
import ( import (
"net"
"testing" "testing"
) )
func TestIsTailscaleIP(t *testing.T) {
tests := []struct {
ip string
want bool
}{
{"100.81.251.94", true},
{"8.8.8.8", false},
}
for _, tt := range tests {
ip := net.ParseIP(tt.ip)
if ip == nil {
t.Fatalf("failed to parse IP %q", tt.ip)
}
got := IsTailscaleIP(ip)
if got != tt.want {
t.Errorf("F(%q) = %v; want %v", tt.ip, got, tt.want)
}
}
}
func TestGetState(t *testing.T) { func TestGetState(t *testing.T) {
st, err := GetState() st, err := GetState()
if err != nil { if err != nil {

10
tsweb/tsweb.go
View File

@ -23,8 +23,9 @@ import (
"strings" "strings"
"time" "time"
"inet.af/netaddr"
"tailscale.com/metrics" "tailscale.com/metrics"
"tailscale.com/net/interfaces" "tailscale.com/net/tsaddr"
"tailscale.com/types/logger" "tailscale.com/types/logger"
) )
@ -81,8 +82,11 @@ func AllowDebugAccess(r *http.Request) bool {
if err != nil { if err != nil {
return false return false
} }
ip := net.ParseIP(ipStr) ip, err := netaddr.ParseIP(ipStr)
if interfaces.IsTailscaleIP(ip) || ip.IsLoopback() || ipStr == os.Getenv("TS_ALLOW_DEBUG_IP") { if err != nil {
return false
}
if tsaddr.IsTailscaleIP(ip) || ip.IsLoopback() || ipStr == os.Getenv("TS_ALLOW_DEBUG_IP") {
return true return true
} }
if r.Method == "GET" { if r.Method == "GET" {