|
|
|
@ -1031,10 +1031,6 @@ func mustRouteTable(num int) RouteTable {
|
|
|
|
var (
|
|
|
|
var (
|
|
|
|
mainRouteTable = newRouteTable("main", 254)
|
|
|
|
mainRouteTable = newRouteTable("main", 254)
|
|
|
|
defaultRouteTable = newRouteTable("default", 253)
|
|
|
|
defaultRouteTable = newRouteTable("default", 253)
|
|
|
|
// Port 9 - WAN
|
|
|
|
|
|
|
|
udmProRouteTable1 = newRouteTable("201", 201)
|
|
|
|
|
|
|
|
// Port 10 - SFP+ WAN 2
|
|
|
|
|
|
|
|
udmProRouteTable2 = newRouteTable("202", 202)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// tailscaleRouteTable is the routing table number for Tailscale
|
|
|
|
// tailscaleRouteTable is the routing table number for Tailscale
|
|
|
|
// network routes. See addIPRules for the detailed policy routing
|
|
|
|
// network routes. See addIPRules for the detailed policy routing
|
|
|
|
@ -1055,7 +1051,9 @@ var (
|
|
|
|
tailscaleRouteTable = newRouteTable("tailscale", 52)
|
|
|
|
tailscaleRouteTable = newRouteTable("tailscale", 52)
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// _ipRules are the policy routing rules that Tailscale uses.
|
|
|
|
// baseIPRules are the policy routing rules that Tailscale uses, when not
|
|
|
|
|
|
|
|
// running on a UDM-Pro.
|
|
|
|
|
|
|
|
//
|
|
|
|
// The priority is the value represented here added to r.ipPolicyPrefBase,
|
|
|
|
// The priority is the value represented here added to r.ipPolicyPrefBase,
|
|
|
|
// which is usually 5200.
|
|
|
|
// which is usually 5200.
|
|
|
|
//
|
|
|
|
//
|
|
|
|
@ -1070,7 +1068,7 @@ var (
|
|
|
|
// and 'ip rule' implementations (including busybox), don't support
|
|
|
|
// and 'ip rule' implementations (including busybox), don't support
|
|
|
|
// checking for the lack of a fwmark, only the presence. The technique
|
|
|
|
// checking for the lack of a fwmark, only the presence. The technique
|
|
|
|
// below works even on very old kernels.
|
|
|
|
// below works even on very old kernels.
|
|
|
|
var _ipRules = []netlink.Rule{
|
|
|
|
var baseIPRules = []netlink.Rule{
|
|
|
|
// Packets from us, tagged with our fwmark, first try the kernel's
|
|
|
|
// Packets from us, tagged with our fwmark, first try the kernel's
|
|
|
|
// main routing table.
|
|
|
|
// main routing table.
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@ -1106,15 +1104,32 @@ var _ipRules = []netlink.Rule{
|
|
|
|
// usual rules (pref 32766 and 32767, ie. main and default).
|
|
|
|
// usual rules (pref 32766 and 32767, ie. main and default).
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var addedUDMProIPRules = false
|
|
|
|
// udmProIPRules are the policy routing rules that Tailscale uses, when running
|
|
|
|
|
|
|
|
// on a UDM-Pro.
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// The priority is the value represented here added to
|
|
|
|
|
|
|
|
// r.ipPolicyPrefBase, which is usually 5200.
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// This represents an experiment that will be used to gather more information.
|
|
|
|
|
|
|
|
// If this goes well, Tailscale may opt to use this for all of Linux.
|
|
|
|
|
|
|
|
var udmProIPRules = []netlink.Rule{
|
|
|
|
|
|
|
|
// non-fwmark packets fall through to the usual rules (pref 32766 and 32767,
|
|
|
|
|
|
|
|
// ie. main and default).
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
Priority: 70,
|
|
|
|
|
|
|
|
Invert: true,
|
|
|
|
|
|
|
|
Mark: linuxfw.TailscaleBypassMarkNum,
|
|
|
|
|
|
|
|
Table: tailscaleRouteTable.Num,
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// ipRules returns the appropriate list of ip rules to be used by Tailscale. See
|
|
|
|
|
|
|
|
// comments on baseIPRules and udmProIPRules for more details.
|
|
|
|
func ipRules() []netlink.Rule {
|
|
|
|
func ipRules() []netlink.Rule {
|
|
|
|
// lazy add UDM Pro rules
|
|
|
|
|
|
|
|
if distro.Get() == distro.UDMPro {
|
|
|
|
if distro.Get() == distro.UDMPro {
|
|
|
|
addUDMProIpRules()
|
|
|
|
return udmProIPRules
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return baseIPRules
|
|
|
|
return _ipRules
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// justAddIPRules adds policy routing rule without deleting any first.
|
|
|
|
// justAddIPRules adds policy routing rule without deleting any first.
|
|
|
|
@ -1410,22 +1425,3 @@ func nlAddrOfPrefix(p netip.Prefix) *netlink.Addr {
|
|
|
|
IPNet: netipx.PrefixIPNet(p),
|
|
|
|
IPNet: netipx.PrefixIPNet(p),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Adds necessary ip rules for UDM-Pro. See issue 4038.
|
|
|
|
|
|
|
|
func addUDMProIpRules() {
|
|
|
|
|
|
|
|
if addedUDMProIPRules {
|
|
|
|
|
|
|
|
return
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_ipRules = append(_ipRules, netlink.Rule{
|
|
|
|
|
|
|
|
Priority: 21,
|
|
|
|
|
|
|
|
Mark: linuxfw.TailscaleBypassMarkNum,
|
|
|
|
|
|
|
|
Table: udmProRouteTable1.Num,
|
|
|
|
|
|
|
|
}, netlink.Rule{
|
|
|
|
|
|
|
|
Priority: 22,
|
|
|
|
|
|
|
|
Mark: linuxfw.TailscaleBypassMarkNum,
|
|
|
|
|
|
|
|
Table: udmProRouteTable2.Num,
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
addedUDMProIPRules = true
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
Jason Barnett
10 months ago