From 2118d0cf419e6c7710ccacbda47121dcbe1930b1 Mon Sep 17 00:00:00 2001 From: kari-ts Date: Thu, 12 Sep 2024 12:58:22 -0700 Subject: [PATCH 1/7] VERSION.txt: this is v1.74.0 Signed-off-by: kari-ts --- VERSION.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.txt b/VERSION.txt index 5e3a42566267c..dc87e8af82f69 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -1.73.0 +1.74.0 From 9700e610c02634fcd18761761ea9b908218ca783 Mon Sep 17 00:00:00 2001 From: Andrew Dunham Date: Mon, 16 Sep 2024 11:27:04 -0400 Subject: [PATCH 2/7] wgengine/magicsock: disable raw disco by default; add envknob to enable Updates #13140 Signed-off-by: Andrew Dunham Change-Id: Ica85b2ac8ac7eab4ec5413b212f004aecc453279 (cherry picked from commit 40833a752498206b0fe3cb076881343e4bb77dd9) --- tstest/integration/nat/nat_test.go | 14 +++++++++----- wgengine/magicsock/magicsock.go | 4 ++-- wgengine/magicsock/magicsock_default.go | 3 ++- wgengine/magicsock/magicsock_linux.go | 15 +++++++++++---- 4 files changed, 24 insertions(+), 12 deletions(-) diff --git a/tstest/integration/nat/nat_test.go b/tstest/integration/nat/nat_test.go index a8c20d6bd634f..5355155882cd7 100644 --- a/tstest/integration/nat/nat_test.go +++ b/tstest/integration/nat/nat_test.go @@ -171,11 +171,15 @@ func easyPMP(c *vnet.Config) *vnet.Node { fmt.Sprintf("192.168.%d.1/24", n), vnet.EasyNAT, vnet.NATPMP)) } -// easy + port mapping + host firewall -func easyPMPFW(c *vnet.Config) *vnet.Node { +// easy + port mapping + host firewall + BPF +func easyPMPFWPlusBPF(c *vnet.Config) *vnet.Node { n := c.NumNodes() + 1 return c.AddNode( vnet.HostFirewall, + vnet.TailscaledEnv{ + Key: "TS_ENABLE_RAW_DISCO", + Value: "true", + }, vnet.TailscaledEnv{ Key: "TS_DEBUG_RAW_DISCO", Value: "1", @@ -199,8 +203,8 @@ func easyPMPFWNoBPF(c *vnet.Config) *vnet.Node { return c.AddNode( vnet.HostFirewall, vnet.TailscaledEnv{ - Key: "TS_DEBUG_DISABLE_RAW_DISCO", - Value: "1", + Key: "TS_ENABLE_RAW_DISCO", + Value: "false", }, c.AddNetwork( fmt.Sprintf("2.%d.%d.%d", n, n, n), // public IP @@ -531,7 +535,7 @@ func TestSameLAN(t *testing.T) { // * client machine has a stateful host firewall (e.g. ufw) func TestBPFDisco(t *testing.T) { nt := newNatTest(t) - nt.runTest(easyPMPFW, hard) + nt.runTest(easyPMPFWPlusBPF, hard) nt.want(routeDirect) } diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go index de6b13fc1abec..a056cff22676b 100644 --- a/wgengine/magicsock/magicsock.go +++ b/wgengine/magicsock/magicsock.go @@ -508,13 +508,13 @@ func NewConn(opts Options) (*Conn, error) { if d4, err := c.listenRawDisco("ip4"); err == nil { c.logf("[v1] using BPF disco receiver for IPv4") c.closeDisco4 = d4 - } else { + } else if !errors.Is(err, errors.ErrUnsupported) { c.logf("[v1] couldn't create raw v4 disco listener, using regular listener instead: %v", err) } if d6, err := c.listenRawDisco("ip6"); err == nil { c.logf("[v1] using BPF disco receiver for IPv6") c.closeDisco6 = d6 - } else { + } else if !errors.Is(err, errors.ErrUnsupported) { c.logf("[v1] couldn't create raw v6 disco listener, using regular listener instead: %v", err) } diff --git a/wgengine/magicsock/magicsock_default.go b/wgengine/magicsock/magicsock_default.go index 321765b8c8141..7614c64c92559 100644 --- a/wgengine/magicsock/magicsock_default.go +++ b/wgengine/magicsock/magicsock_default.go @@ -7,6 +7,7 @@ package magicsock import ( "errors" + "fmt" "io" "tailscale.com/types/logger" @@ -14,7 +15,7 @@ import ( ) func (c *Conn) listenRawDisco(family string) (io.Closer, error) { - return nil, errors.New("raw disco listening not supported on this OS") + return nil, fmt.Errorf("raw disco listening not supported on this OS: %w", errors.ErrUnsupported) } func trySetSocketBuffer(pconn nettype.PacketConn, logf logger.Logf) { diff --git a/wgengine/magicsock/magicsock_linux.go b/wgengine/magicsock/magicsock_linux.go index f658c016b884d..c5df555cd4ecd 100644 --- a/wgengine/magicsock/magicsock_linux.go +++ b/wgengine/magicsock/magicsock_linux.go @@ -38,8 +38,11 @@ const ( discoMinHeaderSize = len(disco.Magic) + 32 /* key length */ + disco.NonceLen ) -// Enable/disable using raw sockets to receive disco traffic. -var debugDisableRawDisco = envknob.RegisterBool("TS_DEBUG_DISABLE_RAW_DISCO") +var ( + // Opt-in for using raw sockets to receive disco traffic; added for + // #13140 and replaces the older "TS_DEBUG_DISABLE_RAW_DISCO". + envknobEnableRawDisco = envknob.RegisterBool("TS_ENABLE_RAW_DISCO") +) // debugRawDiscoReads enables logging of raw disco reads. var debugRawDiscoReads = envknob.RegisterBool("TS_DEBUG_RAW_DISCO") @@ -166,8 +169,12 @@ var ( // and BPF filter. // https://github.com/tailscale/tailscale/issues/3824 func (c *Conn) listenRawDisco(family string) (io.Closer, error) { - if debugDisableRawDisco() { - return nil, errors.New("raw disco listening disabled by debug flag") + if !envknobEnableRawDisco() { + // Return an 'errors.ErrUnsupported' to prevent the callee from + // logging; when we switch this to an opt-out (vs. an opt-in), + // drop the ErrUnsupported so that the callee logs that it was + // disabled. + return nil, fmt.Errorf("raw disco not enabled: %w", errors.ErrUnsupported) } // https://github.com/tailscale/tailscale/issues/5607 From 5d8173dc58819218a8afc02fbc74b1a9af937fdf Mon Sep 17 00:00:00 2001 From: Andrea Gottardo Date: Wed, 18 Sep 2024 11:51:09 -0700 Subject: [PATCH 3/7] go/toolchain: use ed9dc37b2b000f376a3e819cbb159e2c17a2dac6 (#13507) Updates tailscale/tailscale#13452 Bump the Go toolchain to the latest to pick up changes required to not crash on Android 9/10. Signed-off-by: Andrea Gottardo (cherry picked from commit 3a467b66b6da59dda928232f4cda8acd9fc6caae) --- go.toolchain.rev | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.toolchain.rev b/go.toolchain.rev index cc32040724295..02b6e58781851 100644 --- a/go.toolchain.rev +++ b/go.toolchain.rev @@ -1 +1 @@ -0a7392ba4471f578e5160b6ea21def6ae8e4a072 +ed9dc37b2b000f376a3e819cbb159e2c17a2dac6 From 0ca17be4a2d5f5c54c9a2c74e3003de8d779c4f0 Mon Sep 17 00:00:00 2001 From: Andrea Gottardo Date: Wed, 18 Sep 2024 11:54:26 -0700 Subject: [PATCH 4/7] VERSION.txt: this is v1.74.1 Signed-off-by: Andrea Gottardo --- VERSION.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.txt b/VERSION.txt index dc87e8af82f69..80627411dcee7 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -1.74.0 +1.74.1 From c8d38a6a5df72cb676c9272f7f74028b15df562a Mon Sep 17 00:00:00 2001 From: Andrea Gottardo Date: Thu, 26 Sep 2024 10:28:10 -0700 Subject: [PATCH 5/7] net/captivedetection: exclude ipsec interfaces from captive portal detection (#13598) Updates tailscale/tailscale#1634 Logs from some iOS users indicate that we're pointlessly performing captive portal detection on certain interfaces named ipsec*. These are tunnels with the cellular carrier that do not offer Internet access, and are only used to provide internet calling functionality (VoLTE / VoWiFi). ``` attempting to do captive portal detection on interface ipsec1 attempting to do captive portal detection on interface ipsec6 ``` This PR excludes interfaces with the `ipsec` prefix from captive portal detection. Signed-off-by: Andrea Gottardo (cherry picked from commit 69be54c7b65421af5cf23ce17288e1a11d73fcf9) --- net/captivedetection/captivedetection.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/captivedetection/captivedetection.go b/net/captivedetection/captivedetection.go index e0a4b0a250768..c99fdd44fa64d 100644 --- a/net/captivedetection/captivedetection.go +++ b/net/captivedetection/captivedetection.go @@ -112,7 +112,7 @@ func (d *Detector) detectCaptivePortalWithGOOS(ctx context.Context, netMon *netm // interfaces on iOS and Android, respectively, and would be needlessly battery-draining. func interfaceNameDoesNotNeedCaptiveDetection(ifName string, goos string) bool { ifName = strings.ToLower(ifName) - excludedPrefixes := []string{"tailscale", "tun", "tap", "docker", "kube", "wg"} + excludedPrefixes := []string{"tailscale", "tun", "tap", "docker", "kube", "wg", "ipsec"} if goos == "windows" { excludedPrefixes = append(excludedPrefixes, "loopback", "tunnel", "ppp", "isatap", "teredo", "6to4") } else if goos == "darwin" || goos == "ios" { From 3332ccd0ad03a79004011c7cbdb83fca474ac861 Mon Sep 17 00:00:00 2001 From: Andrea Gottardo Date: Tue, 1 Oct 2024 11:47:38 -0700 Subject: [PATCH 6/7] VERSION.txt: this is v1.74.2 Signed-off-by: Andrea Gottardo --- VERSION.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.txt b/VERSION.txt index 80627411dcee7..a6e970de6f198 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -1.74.1 +1.74.2 From 18a87ccba06b8f2f7f6b813b76d9312e5b40d3c4 Mon Sep 17 00:00:00 2001 From: Asutorufa <16442314+Asutorufa@users.noreply.github.com> Date: Sat, 20 Jan 2024 01:22:30 +0900 Subject: [PATCH 7/7] * net/interfaces: fix android "route ip+net: netlinkrib: permission denied" Signed-off-by: Asutorufa <16442314+Asutorufa@users.noreply.github.com> --- internal/anet/LICENSE | 28 +++ internal/anet/interface.go | 26 +++ internal/anet/netlink_androida.go | 179 ++++++++++++++++++ internal/anet/netlink_androidq.go | 292 ++++++++++++++++++++++++++++++ net/netmon/state.go | 6 +- 5 files changed, 529 insertions(+), 2 deletions(-) create mode 100644 internal/anet/LICENSE create mode 100644 internal/anet/interface.go create mode 100644 internal/anet/netlink_androida.go create mode 100644 internal/anet/netlink_androidq.go diff --git a/internal/anet/LICENSE b/internal/anet/LICENSE new file mode 100644 index 0000000000000..256285ce76def --- /dev/null +++ b/internal/anet/LICENSE @@ -0,0 +1,28 @@ +BSD 3-Clause License + +Copyright (c) 2023, wlynxg + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/internal/anet/interface.go b/internal/anet/interface.go new file mode 100644 index 0000000000000..591b706691a81 --- /dev/null +++ b/internal/anet/interface.go @@ -0,0 +1,26 @@ +//go:build androidxx +// +build androidxx + +package anet + +import ( + "net" +) + +// Interfaces returns a list of the system's network interfaces. +func Interfaces() ([]net.Interface, error) { + return net.Interfaces() +} + +// InterfaceAddrs returns a list of the system's unicast interface +// addresses. +// +// The returned list does not identify the associated interface; use +// Interfaces and Interface.Addrs for more detail. +func InterfaceAddrs() ([]net.Addr, error) { + return net.InterfaceAddrs() +} + +func InterfaceAddrTable(i *net.Interface) ([]net.Addr, error) { + return i.Addrs() +} diff --git a/internal/anet/netlink_androida.go b/internal/anet/netlink_androida.go new file mode 100644 index 0000000000000..fc0d84d388daf --- /dev/null +++ b/internal/anet/netlink_androida.go @@ -0,0 +1,179 @@ +// Copyright 2011 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Netlink sockets and messages + +package anet + +import ( + "syscall" + "unsafe" +) + +// Round the length of a netlink message up to align it properly. +func nlmAlignOf(msglen int) int { + return (msglen + syscall.NLMSG_ALIGNTO - 1) & ^(syscall.NLMSG_ALIGNTO - 1) +} + +// Round the length of a netlink route attribute up to align it +// properly. +func rtaAlignOf(attrlen int) int { + return (attrlen + syscall.RTA_ALIGNTO - 1) & ^(syscall.RTA_ALIGNTO - 1) +} + +// NetlinkRouteRequest represents a request message to receive routing +// and link states from the kernel. +type NetlinkRouteRequest struct { + Header syscall.NlMsghdr + Data syscall.RtGenmsg +} + +func (rr *NetlinkRouteRequest) toWireFormat() []byte { + b := make([]byte, rr.Header.Len) + *(*uint32)(unsafe.Pointer(&b[0:4][0])) = rr.Header.Len + *(*uint16)(unsafe.Pointer(&b[4:6][0])) = rr.Header.Type + *(*uint16)(unsafe.Pointer(&b[6:8][0])) = rr.Header.Flags + *(*uint32)(unsafe.Pointer(&b[8:12][0])) = rr.Header.Seq + *(*uint32)(unsafe.Pointer(&b[12:16][0])) = rr.Header.Pid + b[16] = byte(rr.Data.Family) + return b +} + +func newNetlinkRouteRequest(proto, seq, family int) []byte { + rr := &NetlinkRouteRequest{} + rr.Header.Len = uint32(syscall.NLMSG_HDRLEN + syscall.SizeofRtGenmsg) + rr.Header.Type = uint16(proto) + rr.Header.Flags = syscall.NLM_F_DUMP | syscall.NLM_F_REQUEST + rr.Header.Seq = uint32(seq) + rr.Data.Family = uint8(family) + return rr.toWireFormat() +} + +// NetlinkRIB returns routing information base, as known as RIB, which +// consists of network facility information, states and parameters. +func NetlinkRIB(proto, family int) ([]byte, error) { + s, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW|syscall.SOCK_CLOEXEC, syscall.NETLINK_ROUTE) + if err != nil { + return nil, err + } + defer syscall.Close(s) + sa := &syscall.SockaddrNetlink{Family: syscall.AF_NETLINK} + + wb := newNetlinkRouteRequest(proto, 1, family) + if err := syscall.Sendto(s, wb, 0, sa); err != nil { + return nil, err + } + lsa, err := syscall.Getsockname(s) + if err != nil { + return nil, err + } + lsanl, ok := lsa.(*syscall.SockaddrNetlink) + if !ok { + return nil, syscall.EINVAL + } + var tab []byte + rbNew := make([]byte, syscall.Getpagesize()) +done: + for { + rb := rbNew + nr, _, err := syscall.Recvfrom(s, rb, 0) + if err != nil { + return nil, err + } + if nr < syscall.NLMSG_HDRLEN { + return nil, syscall.EINVAL + } + rb = rb[:nr] + tab = append(tab, rb...) + msgs, err := ParseNetlinkMessage(rb) + if err != nil { + return nil, err + } + for _, m := range msgs { + if m.Header.Seq != 1 || m.Header.Pid != lsanl.Pid { + return nil, syscall.EINVAL + } + if m.Header.Type == syscall.NLMSG_DONE { + break done + } + if m.Header.Type == syscall.NLMSG_ERROR { + return nil, syscall.EINVAL + } + } + } + return tab, nil +} + +// NetlinkMessage represents a netlink message. +type NetlinkMessage struct { + Header syscall.NlMsghdr + Data []byte +} + +// ParseNetlinkMessage parses b as an array of netlink messages and +// returns the slice containing the NetlinkMessage structures. +func ParseNetlinkMessage(b []byte) ([]NetlinkMessage, error) { + var msgs []NetlinkMessage + for len(b) >= syscall.NLMSG_HDRLEN { + h, dbuf, dlen, err := netlinkMessageHeaderAndData(b) + if err != nil { + return nil, err + } + m := NetlinkMessage{Header: *h, Data: dbuf[:int(h.Len)-syscall.NLMSG_HDRLEN]} + msgs = append(msgs, m) + b = b[dlen:] + } + return msgs, nil +} + +func netlinkMessageHeaderAndData(b []byte) (*syscall.NlMsghdr, []byte, int, error) { + h := (*syscall.NlMsghdr)(unsafe.Pointer(&b[0])) + l := nlmAlignOf(int(h.Len)) + if int(h.Len) < syscall.NLMSG_HDRLEN || l > len(b) { + return nil, nil, 0, syscall.EINVAL + } + return h, b[syscall.NLMSG_HDRLEN:], l, nil +} + +// NetlinkRouteAttr represents a netlink route attribute. +type NetlinkRouteAttr struct { + Attr syscall.RtAttr + Value []byte +} + +// ParseNetlinkRouteAttr parses m's payload as an array of netlink +// route attributes and returns the slice containing the +// NetlinkRouteAttr structures. +func ParseNetlinkRouteAttr(m *NetlinkMessage) ([]NetlinkRouteAttr, error) { + var b []byte + switch m.Header.Type { + case syscall.RTM_NEWLINK, syscall.RTM_DELLINK: + b = m.Data[syscall.SizeofIfInfomsg:] + case syscall.RTM_NEWADDR, syscall.RTM_DELADDR: + b = m.Data[syscall.SizeofIfAddrmsg:] + case syscall.RTM_NEWROUTE, syscall.RTM_DELROUTE: + b = m.Data[syscall.SizeofRtMsg:] + default: + return nil, syscall.EINVAL + } + var attrs []NetlinkRouteAttr + for len(b) >= syscall.SizeofRtAttr { + a, vbuf, alen, err := netlinkRouteAttrAndValue(b) + if err != nil { + return nil, err + } + ra := NetlinkRouteAttr{Attr: *a, Value: vbuf[:int(a.Len)-syscall.SizeofRtAttr]} + attrs = append(attrs, ra) + b = b[alen:] + } + return attrs, nil +} + +func netlinkRouteAttrAndValue(b []byte) (*syscall.RtAttr, []byte, int, error) { + a := (*syscall.RtAttr)(unsafe.Pointer(&b[0])) + if int(a.Len) < syscall.SizeofRtAttr || int(a.Len) > len(b) { + return nil, nil, 0, syscall.EINVAL + } + return a, b[syscall.SizeofRtAttr:], rtaAlignOf(int(a.Len)), nil +} diff --git a/internal/anet/netlink_androidq.go b/internal/anet/netlink_androidq.go new file mode 100644 index 0000000000000..aaeaf6fd70797 --- /dev/null +++ b/internal/anet/netlink_androidq.go @@ -0,0 +1,292 @@ +package anet + +import ( + "bytes" + "errors" + "net" + "os" + "syscall" + "unsafe" +) + +var ( + errNoSuchInterface = errors.New("no such network interface") +) + +type ifReq [40]byte + +// Interfaces returns a list of the system's network interfaces. +func Interfaces() ([]net.Interface, error) { + ift, err := interfaceTable(0) + if err != nil { + return nil, &net.OpError{Op: "route", Net: "ip+net", Source: nil, Addr: nil, Err: err} + } + // TODO: zoneCache implementation + return ift, nil +} + +// InterfaceAddrs returns a list of the system's unicast interface +// addresses. +// +// The returned list does not identify the associated interface; use +// Interfaces and Interface.Addrs for more detail. +func InterfaceAddrs() ([]net.Addr, error) { + ifat, err := InterfaceAddrTable(nil) + if err != nil { + err = &net.OpError{Op: "route", Net: "ip+net", Source: nil, Addr: nil, Err: err} + } + return ifat, err +} + +// If the ifindex is zero, interfaceTable returns mappings of all +// network interfaces. Otherwise it returns a mapping of a specific +// interface. +func interfaceTable(ifindex int) ([]net.Interface, error) { + tab, err := NetlinkRIB(syscall.RTM_GETADDR, syscall.AF_UNSPEC) + if err != nil { + return nil, os.NewSyscallError("netlinkrib", err) + } + msgs, err := syscall.ParseNetlinkMessage(tab) + if err != nil { + return nil, os.NewSyscallError("parsenetlinkmessage", err) + } + + var ift []net.Interface + im := make(map[uint32]struct{}) +loop: + for _, m := range msgs { + switch m.Header.Type { + case syscall.NLMSG_DONE: + break loop + case syscall.RTM_NEWADDR: + ifam := (*syscall.IfAddrmsg)(unsafe.Pointer(&m.Data[0])) + if _, ok := im[ifam.Index]; ok { + continue + } else { + im[ifam.Index] = struct{}{} + } + + if ifindex == 0 || ifindex == int(ifam.Index) { + ifi := newLink(ifam) + if ifi != nil { + ift = append(ift, *ifi) + } + if ifindex == int(ifam.Index) { + break loop + } + } + } + } + + return ift, nil +} + +func newLink(ifam *syscall.IfAddrmsg) *net.Interface { + ift := &net.Interface{Index: int(ifam.Index)} + + name, err := indexToName(ifam.Index) + if err != nil { + return nil + } + ift.Name = name + + mtu, err := nameToMTU(name) + if err != nil { + return nil + } + ift.MTU = mtu + + flags, err := nameToFlags(name) + if err != nil { + return nil + } + ift.Flags = flags + return ift +} + +func linkFlags(rawFlags uint32) net.Flags { + var f net.Flags + if rawFlags&syscall.IFF_UP != 0 { + f |= net.FlagUp + } + if rawFlags&syscall.IFF_RUNNING != 0 { + f |= net.FlagRunning + } + if rawFlags&syscall.IFF_BROADCAST != 0 { + f |= net.FlagBroadcast + } + if rawFlags&syscall.IFF_LOOPBACK != 0 { + f |= net.FlagLoopback + } + if rawFlags&syscall.IFF_POINTOPOINT != 0 { + f |= net.FlagPointToPoint + } + if rawFlags&syscall.IFF_MULTICAST != 0 { + f |= net.FlagMulticast + } + return f +} + +// If the ifi is nil, InterfaceAddrTable returns addresses for all +// network interfaces. Otherwise it returns addresses for a specific +// interface. +func InterfaceAddrTable(ifi *net.Interface) ([]net.Addr, error) { + tab, err := NetlinkRIB(syscall.RTM_GETADDR, syscall.AF_UNSPEC) + if err != nil { + return nil, os.NewSyscallError("netlinkrib", err) + } + msgs, err := syscall.ParseNetlinkMessage(tab) + if err != nil { + return nil, os.NewSyscallError("parsenetlinkmessage", err) + } + + var ift []net.Interface + if ifi == nil { + var err error + ift, err = interfaceTable(0) + if err != nil { + return nil, err + } + } + ifat, err := addrTable(ift, ifi, msgs) + if err != nil { + return nil, err + } + return ifat, nil +} + +func addrTable(ift []net.Interface, ifi *net.Interface, msgs []syscall.NetlinkMessage) ([]net.Addr, error) { + var ifat []net.Addr +loop: + for _, m := range msgs { + switch m.Header.Type { + case syscall.NLMSG_DONE: + break loop + case syscall.RTM_NEWADDR: + ifam := (*syscall.IfAddrmsg)(unsafe.Pointer(&m.Data[0])) + if len(ift) != 0 || ifi.Index == int(ifam.Index) { + if len(ift) != 0 { + var err error + ifi, err = interfaceByIndex(ift, int(ifam.Index)) + if err != nil { + return nil, err + } + } + attrs, err := syscall.ParseNetlinkRouteAttr(&m) + if err != nil { + return nil, os.NewSyscallError("parsenetlinkrouteattr", err) + } + ifa := newAddr(ifam, attrs) + if ifa != nil { + ifat = append(ifat, ifa) + } + } + } + } + return ifat, nil +} + +func newAddr(ifam *syscall.IfAddrmsg, attrs []syscall.NetlinkRouteAttr) net.Addr { + var ipPointToPoint bool + // Seems like we need to make sure whether the IP interface + // stack consists of IP point-to-point numbered or unnumbered + // addressing. + for _, a := range attrs { + if a.Attr.Type == syscall.IFA_LOCAL { + ipPointToPoint = true + break + } + } + for _, a := range attrs { + if ipPointToPoint && a.Attr.Type == syscall.IFA_ADDRESS { + continue + } + switch ifam.Family { + case syscall.AF_INET: + return &net.IPNet{IP: net.IPv4(a.Value[0], a.Value[1], a.Value[2], a.Value[3]), Mask: net.CIDRMask(int(ifam.Prefixlen), 8*net.IPv4len)} + case syscall.AF_INET6: + ifa := &net.IPNet{IP: make(net.IP, net.IPv6len), Mask: net.CIDRMask(int(ifam.Prefixlen), 8*net.IPv6len)} + copy(ifa.IP, a.Value[:]) + return ifa + } + } + return nil +} + +func interfaceByIndex(ift []net.Interface, index int) (*net.Interface, error) { + for _, ifi := range ift { + if index == ifi.Index { + return &ifi, nil + } + } + return nil, errNoSuchInterface +} + +func ioctl(fd int, req uint, arg unsafe.Pointer) error { + _, _, e1 := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + return e1 + } + return nil +} + +func indexToName(index uint32) (string, error) { + fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_DGRAM|syscall.SOCK_CLOEXEC, 0) + if err != nil { + return "", err + } + defer syscall.Close(fd) + + var ifr ifReq + *(*uint32)(unsafe.Pointer(&ifr[syscall.IFNAMSIZ])) = index + err = ioctl(fd, syscall.SIOCGIFNAME, unsafe.Pointer(&ifr[0])) + if err != nil { + return "", err + } + + return string(bytes.Trim(ifr[:syscall.IFNAMSIZ], "\x00")), nil +} + +func nameToMTU(name string) (int, error) { + // Leave room for terminating NULL byte. + if len(name) >= syscall.IFNAMSIZ { + return -1, syscall.EINVAL + } + + fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_DGRAM|syscall.SOCK_CLOEXEC, 0) + if err != nil { + return -1, err + } + defer syscall.Close(fd) + + var ifr ifReq + copy(ifr[:], name) + err = ioctl(fd, syscall.SIOCGIFMTU, unsafe.Pointer(&ifr[0])) + if err != nil { + return -1, err + } + + return int(*(*int32)(unsafe.Pointer(&ifr[syscall.IFNAMSIZ]))), nil +} + +func nameToFlags(name string) (net.Flags, error) { + // Leave room for terminating NULL byte. + if len(name) >= syscall.IFNAMSIZ { + return 0, syscall.EINVAL + } + + fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_DGRAM|syscall.SOCK_CLOEXEC, 0) + if err != nil { + return 0, err + } + defer syscall.Close(fd) + + var ifr ifReq + copy(ifr[:], name) + err = ioctl(fd, syscall.SIOCGIFFLAGS, unsafe.Pointer(&ifr[0])) + if err != nil { + return 0, err + } + + return linkFlags(*(*uint32)(unsafe.Pointer(&ifr[syscall.IFNAMSIZ]))), nil +} diff --git a/net/netmon/state.go b/net/netmon/state.go index d9b360f5eee45..44eb23111e1b8 100644 --- a/net/netmon/state.go +++ b/net/netmon/state.go @@ -16,6 +16,7 @@ import ( "tailscale.com/envknob" "tailscale.com/hostinfo" + "tailscale.com/internal/anet" "tailscale.com/net/netaddr" "tailscale.com/net/tsaddr" "tailscale.com/net/tshttpproxy" @@ -139,7 +140,8 @@ func (i Interface) Addrs() ([]net.Addr, error) { if i.AltAddrs != nil { return i.AltAddrs, nil } - return i.Interface.Addrs() + + return anet.InterfaceAddrTable(i.Interface) } // ForeachInterfaceAddress is a wrapper for GetList, then @@ -693,7 +695,7 @@ func netInterfaces() ([]Interface, error) { if altNetInterfaces != nil { return altNetInterfaces() } - ifs, err := net.Interfaces() + ifs, err := anet.Interfaces() if err != nil { return nil, err }