diff --git a/control/controlclient/filter.go b/control/controlclient/filter.go index 9d2752a74..708d39ba0 100644 --- a/control/controlclient/filter.go +++ b/control/controlclient/filter.go @@ -9,9 +9,9 @@ import ( "tailscale.com/wgengine/filter" ) -// Parse a backward-compatible FilterRule used by control's wire format, -// producing the most current filter.Matches format. -func (c *Direct) parsePacketFilter(pf []tailcfg.FilterRule) filter.Matches { +// Parse a backward-compatible FilterRule used by control's wire +// format, producing the most current filter format. +func (c *Direct) parsePacketFilter(pf []tailcfg.FilterRule) []filter.Match { mm, err := filter.MatchesFromFilterRules(pf) if err != nil { c.logf("parsePacketFilter: %s\n", err) diff --git a/control/controlclient/netmap.go b/control/controlclient/netmap.go index dd381a9df..06aadc30f 100644 --- a/control/controlclient/netmap.go +++ b/control/controlclient/netmap.go @@ -34,7 +34,7 @@ type NetworkMap struct { Peers []*tailcfg.Node // sorted by Node.ID DNS tailcfg.DNSConfig Hostinfo tailcfg.Hostinfo - PacketFilter filter.Matches + PacketFilter []filter.Match // DERPMap is the last DERP server map received. It's reused // between updates and should not be modified. diff --git a/ipn/local.go b/ipn/local.go index e09315378..a6e1ad0f6 100644 --- a/ipn/local.go +++ b/ipn/local.go @@ -523,7 +523,7 @@ func (b *LocalBackend) updateFilter(netMap *controlclient.NetworkMap, prefs *Pre var ( haveNetmap = netMap != nil addrs []wgcfg.CIDR - packetFilter filter.Matches + packetFilter []filter.Match advRoutes []wgcfg.CIDR shieldsUp = prefs == nil || prefs.ShieldsUp // Be conservative when not ready ) @@ -551,7 +551,7 @@ func (b *LocalBackend) updateFilter(netMap *controlclient.NetworkMap, prefs *Pre if shieldsUp { b.logf("netmap packet filter: (shields up)") var prevFilter *filter.Filter // don't reuse old filter state - b.e.SetFilter(filter.New(filter.Matches{}, localNets, prevFilter, b.logf)) + b.e.SetFilter(filter.New(nil, localNets, prevFilter, b.logf)) } else { b.logf("netmap packet filter: %v", packetFilter) b.e.SetFilter(filter.New(packetFilter, localNets, b.e.GetFilter(), b.logf)) diff --git a/wgengine/filter/filter.go b/wgengine/filter/filter.go index 3aee79b8b..a7a1a525e 100644 --- a/wgengine/filter/filter.go +++ b/wgengine/filter/filter.go @@ -92,7 +92,7 @@ const ( // NewAllowAll returns a packet filter that accepts everything to and // from localNets. func NewAllowAll(localNets []netaddr.IPPrefix, logf logger.Logf) *Filter { - return New(Matches{Match{NetPortRangeAny, NetAny}}, localNets, nil, logf) + return New([]Match{Match{NetPortRangeAny, NetAny}}, localNets, nil, logf) } // NewAllowNone returns a packet filter that rejects everything. @@ -105,7 +105,7 @@ func NewAllowNone(logf logger.Logf) *Filter { // by matches. If shareStateWith is non-nil, the returned filter // shares state with the previous one, to enable changing rules at // runtime without breaking existing stateful flows. -func New(matches Matches, localNets []netaddr.IPPrefix, shareStateWith *Filter, logf logger.Logf) *Filter { +func New(matches []Match, localNets []netaddr.IPPrefix, shareStateWith *Filter, logf logger.Logf) *Filter { var state *filterState if shareStateWith != nil { state = shareStateWith.state diff --git a/wgengine/filter/filter_test.go b/wgengine/filter/filter_test.go index 2b98eb836..a22fc6746 100644 --- a/wgengine/filter/filter_test.go +++ b/wgengine/filter/filter_test.go @@ -97,7 +97,7 @@ func netports(netPorts ...string) (ret []NetPortRange) { return ret } -var matches = Matches{ +var matches = []Match{ {Srcs: nets("8.1.1.1", "8.2.2.2"), Dsts: netports("1.2.3.4:22", "5.6.7.8:23-24")}, {Srcs: nets("8.1.1.1", "8.2.2.2"), Dsts: netports("5.6.7.8:27-28")}, {Srcs: nets("2.2.2.2"), Dsts: netports("8.1.1.1:22")}, @@ -115,13 +115,13 @@ func newFilter(logf logger.Logf) *Filter { } func TestMarshal(t *testing.T) { - for _, ent := range []Matches{Matches{matches[0]}, matches} { + for _, ent := range [][]Match{[]Match{matches[0]}, matches} { b, err := json.Marshal(ent) if err != nil { t.Fatalf("marshal: %v", err) } - mm2 := Matches{} + mm2 := []Match{} if err := json.Unmarshal(b, &mm2); err != nil { t.Fatalf("unmarshal: %v (%v)", err, string(b)) } diff --git a/wgengine/filter/match.go b/wgengine/filter/match.go index 198533df3..68cbee010 100644 --- a/wgengine/filter/match.go +++ b/wgengine/filter/match.go @@ -81,6 +81,3 @@ func (m Match) String() string { } return fmt.Sprintf("%v=>%v", ss, ds) } - -// Matches is a list of packet matchers. -type Matches []Match diff --git a/wgengine/filter/match4.go b/wgengine/filter/match4.go index d9329fcd4..7d724b28d 100644 --- a/wgengine/filter/match4.go +++ b/wgengine/filter/match4.go @@ -80,7 +80,7 @@ func (ms matches4) String() string { return b.String() } -func newMatches4(ms Matches) (ret matches4) { +func newMatches4(ms []Match) (ret matches4) { for _, m := range ms { var m4 match4 for _, src := range m.Srcs { diff --git a/wgengine/filter/tailcfg.go b/wgengine/filter/tailcfg.go index f6a4ef0f3..02261cd8a 100644 --- a/wgengine/filter/tailcfg.go +++ b/wgengine/filter/tailcfg.go @@ -14,7 +14,7 @@ import ( // MatchesFromFilterRules converts tailcfg FilterRules into Matches. // If an error is returned, the Matches result is still valid, // containing the rules that were successfully converted. -func MatchesFromFilterRules(pf []tailcfg.FilterRule) (Matches, error) { +func MatchesFromFilterRules(pf []tailcfg.FilterRule) ([]Match, error) { mm := make([]Match, 0, len(pf)) var erracc error diff --git a/wgengine/tstun/tun_test.go b/wgengine/tstun/tun_test.go index ee7a11711..cccf1c89a 100644 --- a/wgengine/tstun/tun_test.go +++ b/wgengine/tstun/tun_test.go @@ -98,7 +98,7 @@ func netports(netPorts ...string) (ret []filter.NetPortRange) { } func setfilter(logf logger.Logf, tun *TUN) { - matches := filter.Matches{ + matches := []filter.Match{ {Srcs: nets("5.6.7.8"), Dsts: netports("1.2.3.4:89-90")}, {Srcs: nets("1.2.3.4"), Dsts: netports("5.6.7.8:98")}, }