cmd/tailscaled: add ip-rule-pref-base argument that can override the priority of ip rule

The current IP rule priority setting method is suitable for routing from mwan3 to tailscale, but conversely, it is not suitable for routing tailscale traffic using mwan3. For these cases, we make it possible for users to manually change IP rule priority. Signed-off-by: Joseph Lee <joseph@jc-lab.net>
6 months ago · 8088334714
parent 949b15d858
commit 8088334714
4 changed files with 17 additions and 9 deletions
--- a/cmd/tailscaled/tailscaled.go
+++ b/cmd/tailscaled/tailscaled.go
@ -129,6 +129,7 @@ var args struct {
 	socksAddr      string // listen address for SOCKS5 server
 	httpProxyAddr  string // listen address for HTTP proxy server
 	disableLogs    bool
 	ipRulePrefBase int
 }
 var (
@ -170,6 +171,7 @@ func main() {
 	flag.BoolVar(&printVersion, "version", false, "print version information and exit")
 	flag.BoolVar(&args.disableLogs, "no-logs-no-support", false, "disable log uploads; this also disables any technical support")
 	flag.StringVar(&args.confFile, "config", "", "path to config file, or 'vm:user-data' to use the VM's user-data (EC2)")
 	flag.IntVar(&args.ipRulePrefBase, "ip-rule-pref-base", 0, "override ip rule priority base number")
 	if len(os.Args) > 0 && filepath.Base(os.Args[0]) == "tailscale" && beCLI != nil {
 		beCLI()
@ -720,7 +722,7 @@ func tryEngine(logf logger.Logf, sys *tsd.System, name string) (onlyNetstack boo
 			return false, err
 		}
-		r, err := router.New(logf, dev, sys.NetMon.Get(), sys.HealthTracker())
+		r, err := router.New(logf, dev, sys.NetMon.Get(), args.ipRulePrefBase, sys.HealthTracker())
 		if err != nil {
 			dev.Close()
 			return false, fmt.Errorf("creating router: %w", err)
--- a/wgengine/router/router.go
+++ b/wgengine/router/router.go
@ -45,9 +45,9 @@ type Router interface {
 //
 // If netMon is nil, it's not used. It's currently (2021-07-20) only
 // used on Linux in some situations.
-func New(logf logger.Logf, tundev tun.Device, netMon *netmon.Monitor, health *health.Tracker) (Router, error) {
+func New(logf logger.Logf, tundev tun.Device, netMon *netmon.Monitor, ipPolicyPrefBase int, health *health.Tracker) (Router, error) {
 	logf = logger.WithPrefix(logf, "router: ")
-	return newUserspaceRouter(logf, tundev, netMon, health)
+	return newUserspaceRouter(logf, tundev, netMon, ipPolicyPrefBase, health)
 }
 // CleanUp restores the system network configuration to its original state
--- a/wgengine/router/router_linux.go
+++ b/wgengine/router/router_linux.go
@ -73,7 +73,7 @@ type linuxRouter struct {
 	magicsockPortV6 uint16
 }
-func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Monitor, health *health.Tracker) (Router, error) {
+func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Monitor, ipPolicyPrefBase int, health *health.Tracker) (Router, error) {
 	tunname, err := tunDev.Name()
 	if err != nil {
 		return nil, err
@ -83,10 +83,10 @@ func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Moni
 		ambientCapNetAdmin: useAmbientCaps(),
 	}
-	return newUserspaceRouterAdvanced(logf, tunname, netMon, cmd, health)
+	return newUserspaceRouterAdvanced(logf, tunname, netMon, cmd, ipPolicyPrefBase, health)
 }
-func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netMon *netmon.Monitor, cmd commandRunner, health *health.Tracker) (Router, error) {
+func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netMon *netmon.Monitor, cmd commandRunner, ipPolicyPrefBase int, health *health.Tracker) (Router, error) {
 	r := &linuxRouter{
 		logf:          logf,
 		tunname:       tunname,
@ -99,6 +99,12 @@ func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netMon *netmon
 		ipRuleFixLimiter: rate.NewLimiter(rate.Every(5*time.Second), 10),
 		ipPolicyPrefBase: 5200,
 	}
 	if ipPolicyPrefBase > 0 {
 		r.logf("ip-rule-pref-base manually set, switching policy base priority to %d", ipPolicyPrefBase)
 		r.ipPolicyPrefBase = ipPolicyPrefBase
 	}
 	if r.useIPCommand() {
 		r.ipRuleAvailable = (cmd.run("ip", "rule") == nil)
 	} else {
@ -129,7 +135,7 @@ func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netMon *netmon
 	isMWAN3, err := checkOpenWRTUsingMWAN3()
 	if err != nil {
 		r.logf("error checking mwan3 installation: %v", err)
-	} else if isMWAN3 {
+	} else if isMWAN3 && ipPolicyPrefBase <= 0 {
 		r.ipPolicyPrefBase = 1300
 		r.logf("mwan3 on openWRT detected, switching policy base priority to 1300")
 	}
--- a/wgengine/router/router_linux_test.go
+++ b/wgengine/router/router_linux_test.go
@ -371,7 +371,7 @@ ip route add throw 192.168.0.0/24 table 52` + basic,
 	fake := NewFakeOS(t)
 	ht := new(health.Tracker)
-	router, err := newUserspaceRouterAdvanced(t.Logf, "tailscale0", mon, fake, ht)
+	router, err := newUserspaceRouterAdvanced(t.Logf, "tailscale0", mon, fake, 0, ht)
 	router.(*linuxRouter).nfr = fake.nfr
 	if err != nil {
 		t.Fatalf("failed to create router: %v", err)
@ -969,7 +969,7 @@ func newLinuxRootTest(t *testing.T) *linuxTest {
 	mon.Start()
 	lt.mon = mon
-	r, err := newUserspaceRouter(logf, lt.tun, mon, nil)
+	r, err := newUserspaceRouter(logf, lt.tun, mon, 0, nil)
 	if err != nil {
 		lt.Close()
 		t.Fatal(err)