cmd/tailscale: Allow advertising subnet routes on *BSD.

Use sysctl to check IP forwarding state for better OS compatiblity.

Signed-off-by: Brian Chu <cynix@cynix.org>
reviewable/pr511/r1
Brian Chu 5 years ago committed by Dave Anderson
parent a8635784bc
commit 2a8e064705

@ -11,10 +11,10 @@ import (
"context" "context"
"flag" "flag"
"fmt" "fmt"
"io/ioutil"
"log" "log"
"net" "net"
"os" "os"
"os/exec"
"os/signal" "os/signal"
"runtime" "runtime"
"strconv" "strconv"
@ -58,8 +58,10 @@ func main() {
upf.StringVar(&upArgs.advertiseTags, "advertise-tags", "", "ACL tags to request (comma-separated, e.g. eng,montreal,ssh)") upf.StringVar(&upArgs.advertiseTags, "advertise-tags", "", "ACL tags to request (comma-separated, e.g. eng,montreal,ssh)")
upf.StringVar(&upArgs.authKey, "authkey", "", "node authorization key") upf.StringVar(&upArgs.authKey, "authkey", "", "node authorization key")
upf.BoolVar(&upArgs.enableDERP, "enable-derp", true, "enable the use of DERP servers") upf.BoolVar(&upArgs.enableDERP, "enable-derp", true, "enable the use of DERP servers")
if runtime.GOOS == "linux" { if runtime.GOOS == "linux" || isBSD(runtime.GOOS) {
upf.StringVar(&upArgs.advertiseRoutes, "advertise-routes", "", "routes to advertise to other nodes (comma-separated, e.g. 10.0.0.0/8,192.168.0.0/24)") upf.StringVar(&upArgs.advertiseRoutes, "advertise-routes", "", "routes to advertise to other nodes (comma-separated, e.g. 10.0.0.0/8,192.168.0.0/24)")
}
if runtime.GOOS == "linux" {
upf.BoolVar(&upArgs.snat, "snat-subnet-routes", true, "source NAT traffic to local routes advertised with -advertise-routes") upf.BoolVar(&upArgs.snat, "snat-subnet-routes", true, "source NAT traffic to local routes advertised with -advertise-routes")
upf.StringVar(&upArgs.netfilterMode, "netfilter-mode", "on", "netfilter mode (one of on, nodivert, off)") upf.StringVar(&upArgs.netfilterMode, "netfilter-mode", "on", "netfilter mode (one of on, nodivert, off)")
} }
@ -140,6 +142,10 @@ func parseIPOrCIDR(s string) (wgcfg.CIDR, bool) {
} }
} }
func isBSD(s string) bool {
return s == "dragonfly" || s == "freebsd" || s == "netbsd" || s == "openbsd"
}
func warning(format string, args ...interface{}) { func warning(format string, args ...interface{}) {
fmt.Printf("Warning: "+format+"\n", args...) fmt.Printf("Warning: "+format+"\n", args...)
} }
@ -147,21 +153,28 @@ func warning(format string, args ...interface{}) {
// checkIPForwarding prints warnings on linux if IP forwarding is not // checkIPForwarding prints warnings on linux if IP forwarding is not
// enabled, or if we were unable to verify the state of IP forwarding. // enabled, or if we were unable to verify the state of IP forwarding.
func checkIPForwarding() { func checkIPForwarding() {
if runtime.GOOS != "linux" { var key string
if runtime.GOOS == "linux" {
key = "net.ipv4.ip_forward"
} else if isBSD(runtime.GOOS) {
key = "net.inet.ip.forwarding"
} else {
return return
} }
bs, err := ioutil.ReadFile("/proc/sys/net/ipv4/ip_forward")
bs, err := exec.Command("sysctl", "-n", key).Output()
if err != nil { if err != nil {
warning("couldn't check /proc/sys/net/ipv4/ip_forward (%v).\nSubnet routes won't work without IP forwarding.", err) warning("couldn't check %s (%v).\nSubnet routes won't work without IP forwarding.", key, err)
return return
} }
on, err := strconv.ParseBool(string(bytes.TrimSpace(bs))) on, err := strconv.ParseBool(string(bytes.TrimSpace(bs)))
if err != nil { if err != nil {
warning("couldn't parse /proc/sys/net/ipv4/ip_forward (%v).\nSubnet routes won't work without IP forwarding.", err) warning("couldn't parse %s (%v).\nSubnet routes won't work without IP forwarding.", key, err)
return return
} }
if !on { if !on {
warning("/proc/sys/net/ipv4/ip_forward is disabled. Subnet routes won't work.") warning("%s is disabled. Subnet routes won't work.", key)
} }
} }

Loading…
Cancel
Save