From adc97e9c4d1ba73c07124038f391bc3553ed6e31 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Sat, 11 Dec 2021 15:05:28 -0800 Subject: [PATCH] cmd/tailscale: make --accept-routes default true on Windows, macOS GUI One of the most annoying parts of using the Tailscale CLI on Windows and the macOS GUI is that Tailscale's GUIs default to running with "Route All" (accept all non-exitnode subnet routes) but the CLI--being originally for Linux--uses the Linux default, which is to not accept subnets. Which means if a Windows user does, e.g.: tailscale up --advertise-exit-node Or: tailscale up --shields-up ... then it'd warn about reverting the --accept-routes option, which the user never explicitly used. Instead, make the CLI's default match the platform/GUI's default. Change-Id: I15c804b3d9b0266e9ca8651e0c09da0f96c9ef8d Signed-off-by: Brad Fitzpatrick --- cmd/tailscale/cli/cli_test.go | 4 +++- cmd/tailscale/cli/up.go | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/cmd/tailscale/cli/cli_test.go b/cmd/tailscale/cli/cli_test.go index df228b48d..fd1bd4891 100644 --- a/cmd/tailscale/cli/cli_test.go +++ b/cmd/tailscale/cli/cli_test.go @@ -316,6 +316,7 @@ func TestCheckForAccidentalSettingReverts(t *testing.T) { ControlURL: ipn.DefaultControlURL, AllowSingleHosts: true, CorpDNS: true, + RouteAll: true, // And assume this no-op accidental pre-1.8 value: NoSNAT: true, @@ -332,7 +333,7 @@ func TestCheckForAccidentalSettingReverts(t *testing.T) { NetfilterMode: preftype.NetfilterNoDivert, // we never had this bug, but pretend it got set non-zero on Windows somehow }, - goos: "windows", + goos: "openbsd", want: "", // not an error }, { @@ -546,6 +547,7 @@ func TestPrefsFromUpArgs(t *testing.T) { WantRunning: true, CorpDNS: true, AllowSingleHosts: true, + RouteAll: true, NetfilterMode: preftype.NetfilterOn, }, }, diff --git a/cmd/tailscale/cli/up.go b/cmd/tailscale/cli/up.go index 8a6a6da9a..d82fe68e3 100644 --- a/cmd/tailscale/cli/up.go +++ b/cmd/tailscale/cli/up.go @@ -31,6 +31,7 @@ import ( "tailscale.com/types/logger" "tailscale.com/types/preftype" "tailscale.com/util/dnsname" + "tailscale.com/version" "tailscale.com/version/distro" ) @@ -65,6 +66,19 @@ func effectiveGOOS() string { return runtime.GOOS } +// acceptRouteDefault returns the CLI's default value of --accept-routes as +// a function of the platform it's running on. +func acceptRouteDefault(goos string) bool { + switch goos { + case "windows": + return true + case "darwin": + return version.IsSandboxedMacOS() + default: + return false + } +} + var upFlagSet = newUpFlagSet(effectiveGOOS(), &upArgs) func newUpFlagSet(goos string, upArgs *upArgsT) *flag.FlagSet { @@ -76,7 +90,7 @@ func newUpFlagSet(goos string, upArgs *upArgsT) *flag.FlagSet { upf.BoolVar(&upArgs.reset, "reset", false, "reset unspecified settings to their default values") upf.StringVar(&upArgs.server, "login-server", ipn.DefaultControlURL, "base URL of control server") - upf.BoolVar(&upArgs.acceptRoutes, "accept-routes", false, "accept routes advertised by other Tailscale nodes") + upf.BoolVar(&upArgs.acceptRoutes, "accept-routes", acceptRouteDefault(goos), "accept routes advertised by other Tailscale nodes") upf.BoolVar(&upArgs.acceptDNS, "accept-dns", true, "accept DNS configuration from the admin panel") upf.BoolVar(&upArgs.singleRoutes, "host-routes", true, "install host routes to other Tailscale nodes") upf.StringVar(&upArgs.exitNodeIP, "exit-node", "", "Tailscale exit node (IP or base name) for internet traffic, or empty string to not use an exit node")