From 692a011b54ec183129650a6e5d9167b128a8c847 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Tue, 26 Jan 2021 15:00:05 -0800 Subject: [PATCH] net/interfaces: remove IsTailscaleIP, make callers use tsaddr. Signed-off-by: David Anderson --- cmd/tsshd/tsshd.go | 10 +++++++++- net/interfaces/interfaces.go | 14 +++++--------- net/interfaces/interfaces_test.go | 21 --------------------- tsweb/tsweb.go | 10 +++++++--- 4 files changed, 21 insertions(+), 34 deletions(-) diff --git a/cmd/tsshd/tsshd.go b/cmd/tsshd/tsshd.go index a247fb55b..c8bc644d5 100644 --- a/cmd/tsshd/tsshd.go +++ b/cmd/tsshd/tsshd.go @@ -32,7 +32,9 @@ import ( "github.com/gliderlabs/ssh" "github.com/kr/pty" gossh "golang.org/x/crypto/ssh" + "inet.af/netaddr" "tailscale.com/net/interfaces" + "tailscale.com/net/tsaddr" ) var ( @@ -96,7 +98,13 @@ func handleSSH(s ssh.Session) { s.Exit(1) return } - if !interfaces.IsTailscaleIP(ta.IP) { + tanetaddr, ok := netaddr.FromStdIP(ta.IP) + if !ok { + log.Printf("tsshd: rejecting unparseable addr %v", ta.IP) + s.Exit(1) + return + } + if !tsaddr.IsTailscaleIP(tanetaddr) { log.Printf("tsshd: rejecting non-Tailscale addr %v", ta.IP) s.Exit(1) return diff --git a/net/interfaces/interfaces.go b/net/interfaces/interfaces.go index 609cec1fc..bf81d2a82 100644 --- a/net/interfaces/interfaces.go +++ b/net/interfaces/interfaces.go @@ -39,8 +39,11 @@ func Tailscale() (net.IP, *net.Interface, error) { continue } for _, a := range addrs { - if ipnet, ok := a.(*net.IPNet); ok && IsTailscaleIP(ipnet.IP) { - return ipnet.IP, &iface, nil + if ipnet, ok := a.(*net.IPNet); ok { + nip, ok := netaddr.FromStdIP(ipnet.IP) + if ok && tsaddr.IsTailscaleIP(nip) { + return ipnet.IP, &iface, nil + } } } } @@ -57,13 +60,6 @@ func maybeTailscaleInterfaceName(s string) bool { strings.HasPrefix(s, "utun") } -// IsTailscaleIP reports whether ip is an IP in a range used by -// Tailscale virtual network interfaces. -func IsTailscaleIP(ip net.IP) bool { - nip, _ := netaddr.FromStdIP(ip) // TODO: push this up to caller, change func signature - return tsaddr.IsTailscaleIP(nip) -} - func isUp(nif *net.Interface) bool { return nif.Flags&net.FlagUp != 0 } func isLoopback(nif *net.Interface) bool { return nif.Flags&net.FlagLoopback != 0 } diff --git a/net/interfaces/interfaces_test.go b/net/interfaces/interfaces_test.go index 6d8e04de1..88948b579 100644 --- a/net/interfaces/interfaces_test.go +++ b/net/interfaces/interfaces_test.go @@ -5,30 +5,9 @@ package interfaces import ( - "net" "testing" ) -func TestIsTailscaleIP(t *testing.T) { - tests := []struct { - ip string - want bool - }{ - {"100.81.251.94", true}, - {"8.8.8.8", false}, - } - for _, tt := range tests { - ip := net.ParseIP(tt.ip) - if ip == nil { - t.Fatalf("failed to parse IP %q", tt.ip) - } - got := IsTailscaleIP(ip) - if got != tt.want { - t.Errorf("F(%q) = %v; want %v", tt.ip, got, tt.want) - } - } -} - func TestGetState(t *testing.T) { st, err := GetState() if err != nil { diff --git a/tsweb/tsweb.go b/tsweb/tsweb.go index 0cbe2fb82..a7cb50725 100644 --- a/tsweb/tsweb.go +++ b/tsweb/tsweb.go @@ -23,8 +23,9 @@ import ( "strings" "time" + "inet.af/netaddr" "tailscale.com/metrics" - "tailscale.com/net/interfaces" + "tailscale.com/net/tsaddr" "tailscale.com/types/logger" ) @@ -81,8 +82,11 @@ func AllowDebugAccess(r *http.Request) bool { if err != nil { return false } - ip := net.ParseIP(ipStr) - if interfaces.IsTailscaleIP(ip) || ip.IsLoopback() || ipStr == os.Getenv("TS_ALLOW_DEBUG_IP") { + ip, err := netaddr.ParseIP(ipStr) + if err != nil { + return false + } + if tsaddr.IsTailscaleIP(ip) || ip.IsLoopback() || ipStr == os.Getenv("TS_ALLOW_DEBUG_IP") { return true } if r.Method == "GET" {