ipn/ipnlocal: restrict local lan access to linux machines.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
pull/1747/head
Maisem Ali 4 years ago committed by Maisem Ali
parent 8570f82c8b
commit 36fa29feec

@ -1861,16 +1861,19 @@ func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs) *router
if !default6 { if !default6 {
rs.Routes = append(rs.Routes, ipv6Default) rs.Routes = append(rs.Routes, ipv6Default)
} }
ips, _, err := interfaceRoutes() if runtime.GOOS == "linux" {
if err != nil { // Only allow local lan access on linux machines for now.
b.logf("failed to discover interface ips: %v", err) ips, _, err := interfaceRoutes()
} if err != nil {
if prefs.ExitNodeAllowLANAccess { b.logf("failed to discover interface ips: %v", err)
rs.LocalRoutes = ips.Prefixes() }
} else { if prefs.ExitNodeAllowLANAccess {
// Explicitly add routes to the local network so that we do not rs.LocalRoutes = ips.Prefixes()
// leak any traffic. } else {
rs.Routes = append(rs.Routes, ips.Prefixes()...) // Explicitly add routes to the local network so that we do not
// leak any traffic.
rs.Routes = append(rs.Routes, ips.Prefixes()...)
}
} }
} }

Loading…
Cancel
Save