From a084c44afca32eb3e05c3c5823509d07b2c78713 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Thu, 10 Sep 2020 19:55:09 -0700 Subject: [PATCH] wgengine, wgengine/router, cmd/tailscale: force netfilter mode off on Synology For now. Get it working again so it's not stuck on 0.98. Subnet relay can come later. Updates #451 Signed-off-by: Brad Fitzpatrick --- cmd/tailscale/cli/up.go | 26 +++++++++++++++++++-- cmd/tailscale/depaware.txt | 1 + cmd/tailscaled/depaware.txt | 1 + version/distro/distro.go | 40 +++++++++++++++++++++++++++++++++ wgengine/router/router_linux.go | 4 ++++ wgengine/userspace.go | 18 ++++----------- 6 files changed, 74 insertions(+), 16 deletions(-) create mode 100644 version/distro/distro.go diff --git a/cmd/tailscale/cli/up.go b/cmd/tailscale/cli/up.go index 78708fa16..9b57a573a 100644 --- a/cmd/tailscale/cli/up.go +++ b/cmd/tailscale/cli/up.go @@ -7,6 +7,7 @@ package cli import ( "bytes" "context" + "errors" "flag" "fmt" "log" @@ -23,6 +24,7 @@ import ( "tailscale.com/ipn" "tailscale.com/tailcfg" "tailscale.com/version" + "tailscale.com/version/distro" "tailscale.com/wgengine/router" ) @@ -63,14 +65,21 @@ specify any flags, options are reset to their default. upf.StringVar(&upArgs.advertiseRoutes, "advertise-routes", "", "routes to advertise to other nodes (comma-separated, e.g. 10.0.0.0/8,192.168.0.0/24)") } if runtime.GOOS == "linux" { - upf.BoolVar(&upArgs.snat, "snat-subnet-routes", true, "source NAT traffic to local routes advertised with -advertise-routes") - upf.StringVar(&upArgs.netfilterMode, "netfilter-mode", "on", "netfilter mode (one of on, nodivert, off)") + upf.BoolVar(&upArgs.snat, "snat-subnet-routes", true, "source NAT traffic to local routes advertised with --advertise-routes") + upf.StringVar(&upArgs.netfilterMode, "netfilter-mode", defaultNetfilterMode(), "netfilter mode (one of on, nodivert, off)") } return upf })(), Exec: runUp, } +func defaultNetfilterMode() string { + if distro.Get() == distro.Synology { + return "off" + } + return "on" +} + var upArgs struct { server string acceptRoutes bool @@ -151,6 +160,19 @@ func runUp(ctx context.Context, args []string) error { log.Fatalf("too many non-flag arguments: %q", args) } + if distro.Get() == distro.Synology { + notSupported := "not yet supported on Synology; see https://github.com/tailscale/tailscale/issues/451" + if upArgs.advertiseRoutes != "" { + return errors.New("--advertise-routes is " + notSupported) + } + if upArgs.acceptRoutes { + return errors.New("--accept-routes is " + notSupported) + } + if upArgs.netfilterMode != "off" { + return errors.New("--netfilter-mode values besides \"off\" " + notSupported) + } + } + var routes []wgcfg.CIDR if upArgs.advertiseRoutes != "" { advroutes := strings.Split(upArgs.advertiseRoutes, ",") diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt index 0b8757602..7eecaafd2 100644 --- a/cmd/tailscale/depaware.txt +++ b/cmd/tailscale/depaware.txt @@ -75,6 +75,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep tailscale.com/types/structs from tailscale.com/control/controlclient+ tailscale.com/util/lineread from tailscale.com/control/controlclient+ tailscale.com/version from tailscale.com/cmd/tailscale/cli+ + tailscale.com/version/distro from tailscale.com/cmd/tailscale/cli+ tailscale.com/wgengine from tailscale.com/ipn tailscale.com/wgengine/filter from tailscale.com/control/controlclient+ tailscale.com/wgengine/magicsock from tailscale.com/wgengine diff --git a/cmd/tailscaled/depaware.txt b/cmd/tailscaled/depaware.txt index cca39fe9d..b2bef78c8 100644 --- a/cmd/tailscaled/depaware.txt +++ b/cmd/tailscaled/depaware.txt @@ -81,6 +81,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/types/structs from tailscale.com/control/controlclient+ tailscale.com/util/lineread from tailscale.com/control/controlclient+ tailscale.com/version from tailscale.com/control/controlclient+ + tailscale.com/version/distro from tailscale.com/wgengine+ tailscale.com/wgengine from tailscale.com/cmd/tailscaled+ tailscale.com/wgengine/filter from tailscale.com/control/controlclient+ tailscale.com/wgengine/magicsock from tailscale.com/cmd/tailscaled+ diff --git a/version/distro/distro.go b/version/distro/distro.go new file mode 100644 index 000000000..814a234eb --- /dev/null +++ b/version/distro/distro.go @@ -0,0 +1,40 @@ +// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package distro reports which distro we're running on. +package distro + +import ( + "os" + "runtime" +) + +type Distro string + +const ( + Debian = Distro("debian") + Arch = Distro("arch") + Synology = Distro("synology") +) + +// Get returns the current distro, or the empty string if unknown. +func Get() Distro { + if runtime.GOOS == "linux" { + return linuxDistro() + } + return "" +} + +func linuxDistro() Distro { + if fi, err := os.Stat("/usr/syno"); err == nil && fi.IsDir() { + return Synology + } + if _, err := os.Stat("/etc/debian_version"); err == nil { + return Debian + } + if _, err := os.Stat("/etc/arch-release"); err == nil { + return Arch + } + return "" +} diff --git a/wgengine/router/router_linux.go b/wgengine/router/router_linux.go index ea28c3450..6e8d8576e 100644 --- a/wgengine/router/router_linux.go +++ b/wgengine/router/router_linux.go @@ -15,6 +15,7 @@ import ( "inet.af/netaddr" "tailscale.com/net/tsaddr" "tailscale.com/types/logger" + "tailscale.com/version/distro" "tailscale.com/wgengine/router/dns" ) @@ -210,6 +211,9 @@ func (r *linuxRouter) Set(cfg *Config) error { // reflect the new mode, and r.snatSubnetRoutes is updated to reflect // the current state of subnet SNATing. func (r *linuxRouter) setNetfilterMode(mode NetfilterMode) error { + if distro.Get() == distro.Synology { + mode = NetfilterOff + } if r.netfilterMode == mode { return nil } diff --git a/wgengine/userspace.go b/wgengine/userspace.go index c3276631d..52844300e 100644 --- a/wgengine/userspace.go +++ b/wgengine/userspace.go @@ -37,6 +37,7 @@ import ( "tailscale.com/types/key" "tailscale.com/types/logger" "tailscale.com/version" + "tailscale.com/version/distro" "tailscale.com/wgengine/filter" "tailscale.com/wgengine/magicsock" "tailscale.com/wgengine/monitor" @@ -1244,9 +1245,8 @@ func diagnoseLinuxTUNFailure(logf logger.Logf) { } logf("is CONFIG_TUN enabled in your kernel? `modprobe tun` failed with: %s", modprobeOut) - distro := linuxDistro() - switch distro { - case "debian": + switch distro.Get() { + case distro.Debian: dpkgOut, err := exec.Command("dpkg", "-S", "kernel/drivers/net/tun.ko").CombinedOutput() if len(bytes.TrimSpace(dpkgOut)) == 0 || err != nil { logf("tun module not loaded nor found on disk") @@ -1255,7 +1255,7 @@ func diagnoseLinuxTUNFailure(logf logger.Logf) { if !bytes.Contains(dpkgOut, kernel) { logf("kernel/drivers/net/tun.ko found on disk, but not for current kernel; are you in middle of a system update and haven't rebooted? found: %s", dpkgOut) } - case "arch": + case distro.Arch: findOut, err := exec.Command("find", "/lib/modules/", "-path", "*/net/tun.ko*").CombinedOutput() if len(bytes.TrimSpace(findOut)) == 0 || err != nil { logf("tun module not loaded nor found on disk") @@ -1266,13 +1266,3 @@ func diagnoseLinuxTUNFailure(logf logger.Logf) { } } } - -func linuxDistro() string { - if _, err := os.Stat("/etc/debian_version"); err == nil { - return "debian" - } - if _, err := os.Stat("/etc/arch-release"); err == nil { - return "arch" - } - return "" -}