lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cmd/tailscale/cli: [up] ignore allow-lan-access revert when no --exit-node 

When we aren't using an exit node, the `ExitNodeAllowLANAccess` value is
ignored. Make the CLI have the same behavior and not complain of
accidental reverts of --exit-node-allow-lan-access if there is no
exit-node configured.

Fixes #3752

Signed-off-by: Maisem Ali <maisem@tailscale.com>
pull/5718/head
Maisem Ali 2022-09-21 14:56:05 -07:00
parent d5781f61a9
commit b5a147fbce
2 changed files with 65 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
cmd/tailscale/cli/cli_test.go
View File

@ -424,6 +424,57 @@ func TestCheckForAccidentalSettingReverts(t *testing.T) {
},
want: accidentalUpPrefix + " --hostname=foo --exit-node-allow-lan-access --exit-node=100.2.3.4",
},
{
name: "exit_node_revert",
flags: []string{"--hostname=foo"},
curExitNodeIP: netip.MustParseAddr("100.2.3.4"),
curPrefs: &ipn.Prefs{
ControlURL: ipn.DefaultControlURL,
AllowSingleHosts: true,
CorpDNS: true,
NetfilterMode: preftype.NetfilterOn,
ExitNodeIP: netip.MustParseAddr("100.2.3.4"),
},
want: accidentalUpPrefix + " --hostname=foo --exit-node=100.2.3.4",
},
{
name: "no_revert_lan_access",
flags: []string{"--hostname=foo"},
curPrefs: &ipn.Prefs{
ControlURL: ipn.DefaultControlURL,
AllowSingleHosts: true,
CorpDNS: true,
NetfilterMode: preftype.NetfilterOn,
ExitNodeAllowLANAccess: true,
},
},
{
name: "exit_node_revert_lan_access",
flags: []string{"--hostname=foo", "--exit-node=100.2.3.4"},
curExitNodeIP: netip.MustParseAddr("100.2.3.4"),
curPrefs: &ipn.Prefs{
ControlURL: ipn.DefaultControlURL,
AllowSingleHosts: true,
CorpDNS: true,
NetfilterMode: preftype.NetfilterOn,
ExitNodeIP: netip.MustParseAddr("100.2.3.4"),
ExitNodeAllowLANAccess: true,
},
want: accidentalUpPrefix + " --exit-node=100.2.3.4 --hostname=foo --exit-node-allow-lan-access",
},
{
name: "exit_node_no_revert_lan_access",
flags: []string{"--exit-node="},
curExitNodeIP: netip.MustParseAddr("100.2.3.4"),
curPrefs: &ipn.Prefs{
ControlURL: ipn.DefaultControlURL,
AllowSingleHosts: true,
CorpDNS: true,
NetfilterMode: preftype.NetfilterOn,
ExitNodeIP: netip.MustParseAddr("100.2.3.4"),
ExitNodeAllowLANAccess: true,
},
},
{
name: "ignore_login_server_synonym",
flags: []string{"--login-server=https://controlplane.tailscale.com"},

18
cmd/tailscale/cli/up.go
View File

@ -285,10 +285,6 @@ func prefsFromUpArgs(upArgs upArgsT, warnf logger.Logf, st *ipnstate.Status, goo
return nil, err
}
if upArgs.exitNodeIP == "" && upArgs.exitNodeAllowLANAccess {
return nil, fmt.Errorf("--exit-node-allow-lan-access can only be used with --exit-node")
}
var tags []string
if upArgs.advertiseTags != "" {
tags = strings.Split(upArgs.advertiseTags, ",")
@ -377,6 +373,12 @@ func updatePrefs(prefs, curPrefs *ipn.Prefs, env upCheckEnv) (simpleUp bool, jus
return false, nil, fmt.Errorf("can't change --login-server without --force-reauth")
}
if curPrefs.ExitNodeAllowLANAccess != env.upArgs.exitNodeAllowLANAccess {
if env.upArgs.exitNodeIP == "" && env.upArgs.exitNodeAllowLANAccess {
return false, nil, fmt.Errorf("--exit-node-allow-lan-access can only be used with --exit-node")
}
}
// Do this after validations to avoid the 5s delay if we're going to error
// out anyway.
wantSSH, haveSSH := env.upArgs.runSSH, curPrefs.RunSSH
@ -824,9 +826,14 @@ func checkForAccidentalSettingReverts(newPrefs, curPrefs *ipn.Prefs, env upCheck
return nil
}
usingExitNode := false
flagIsSet := map[string]bool{}
env.flagSet.Visit(func(f *flag.Flag) {
flagIsSet[f.Name] = true
if f.Name == "exit-node" && f.Value.String() != "" {
usingExitNode = true
}
})
if len(flagIsSet) == 0 {
@ -861,6 +868,9 @@ func checkForAccidentalSettingReverts(newPrefs, curPrefs *ipn.Prefs, env upCheck
if len(missing) == 0 {
return nil
}
if len(missing) == 1 && missing[0] == "--exit-node-allow-lan-access" && !usingExitNode {
return nil
}
sort.Strings(missing)
// Compute the stringification of the explicitly provided args in flagSet