lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wgengine/filter: don't drop GCP DNS. 

Manual backport of 3c508a58cc.

Signed-off-by: David Anderson <danderson@tailscale.com>
release-branch/1.2
David Anderson 2020-11-16 14:14:00 -08:00
parent 3b75550ad0
commit b6e541e2eb
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wgengine/filter/filter.go
View File

@ -371,7 +371,7 @@ func (f *Filter) pre(q *packet.ParsedPacket, rf RunFlags, dir direction) Respons
f.logRateLimit(rf, q, dir, Drop, "multicast") f.logRateLimit(rf, q, dir, Drop, "multicast")
return Drop return Drop
} }
if q.DstIP.IsLinkLocalUnicast() { if q.DstIP.IsMostLinkLocalUnicast() {
f.logRateLimit(rf, q, dir, Drop, "link-local-unicast") f.logRateLimit(rf, q, dir, Drop, "link-local-unicast")
return Drop return Drop
} }
@ -418,7 +418,7 @@ func omitDropLogging(p *packet.ParsedPacket, dir direction) bool {
if ipProto == packet.IGMP { if ipProto == packet.IGMP {
return true return true
} }
if p.DstIP.IsMulticast() || p.DstIP.IsLinkLocalUnicast() { if p.DstIP.IsMulticast() || p.DstIP.IsMostLinkLocalUnicast() {
return true return true
} }
case 6: case 6:

4
wgengine/packet/ip.go
View File

@ -47,6 +47,10 @@ func (ip IP) IsLinkLocalUnicast() bool {
return byte(ip>>24) == 169 && byte(ip>>16) == 254 return byte(ip>>24) == 169 && byte(ip>>16) == 254
} }
func (ip IP) IsMostLinkLocalUnicast() bool {
return ip.IsLinkLocalUnicast() && ip != 0xA9FEA9FE
}
// IPProto is either a real IP protocol (ITCP, UDP, ...) or an special value like Unknown. // IPProto is either a real IP protocol (ITCP, UDP, ...) or an special value like Unknown.
// If it is a real IP protocol, its value corresponds to its IP protocol number. // If it is a real IP protocol, its value corresponds to its IP protocol number.
type IPProto uint8 type IPProto uint8