Documentation
¶
Overview ¶
Package netstack wires up gVisor's netstack into Tailscale.
Index ¶
- type Impl
- func (ns *Impl) Close() error
- func (ns *Impl) DialContextTCP(ctx context.Context, ipp netip.AddrPort) (*gonet.TCPConn, error)
- func (ns *Impl) DialContextTCPWithBind(ctx context.Context, localAddr netip.Addr, remoteAddr netip.AddrPort) (*gonet.TCPConn, error)
- func (ns *Impl) DialContextUDP(ctx context.Context, ipp netip.AddrPort) (*gonet.UDPConn, error)
- func (ns *Impl) DialContextUDPWithBind(ctx context.Context, localAddr netip.Addr, remoteAddr netip.AddrPort) (*gonet.UDPConn, error)
- func (ns *Impl) ExpVar() expvar.Var
- func (ns *Impl) ListenPacket(network, address string) (net.PacketConn, error)
- func (ns *Impl) ListenTCP(network, address string) (*gonet.TCPListener, error)
- func (ns *Impl) SetTransportProtocolOption(transport tcpip.TransportProtocolNumber, ...) tcpip.Error
- func (ns *Impl) Start(b LocalBackend) error
- func (ns *Impl) UpdateActiveVIPServices(activeServices views.Slice[string])
- func (ns *Impl) UpdateIPServiceMappings(mappings netmap.IPServiceMappings)
- func (ns *Impl) UpdateNetstackIPs(nm *netmap.NetworkMap)
- type LocalBackend
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Impl ¶
type Impl struct {
// GetTCPHandlerForFlow conditionally handles an incoming TCP flow for the
// provided (src/port, dst/port) 4-tuple.
//
// A nil value is equivalent to a func returning (nil, false).
//
// If func returns intercept=false, the default forwarding behavior (if
// ProcessLocalIPs and/or ProcesssSubnetIPs) takes place.
//
// When intercept=true, the behavior depends on whether the returned handler
// is non-nil: if nil, the connection is rejected. If non-nil, handler takes
// over the TCP conn.
GetTCPHandlerForFlow func(src, dst netip.AddrPort) (handler func(net.Conn), intercept bool)
// GetUDPHandlerForFlow conditionally handles an incoming UDP flow for the
// provided (src/port, dst/port) 4-tuple.
//
// A nil value is equivalent to a func returning (nil, false).
//
// If func returns intercept=false, the default forwarding behavior (if
// ProcessLocalIPs and/or ProcesssSubnetIPs) takes place.
//
// When intercept=true, the behavior depends on whether the returned handler
// is non-nil: if nil, the connection is rejected. If non-nil, handler takes
// over the UDP flow.
GetUDPHandlerForFlow func(src, dst netip.AddrPort) (handler func(nettype.ConnPacketConn), intercept bool)
// CheckLocalTransportEndpoints, if true, causes netstack to check if gVisor
// has a registered endpoint for incoming packets to local IPs. This is used
// by tsnet to intercept packets for registered listeners and outbound
// connections when ProcessLocalIPs is false (i.e., when using a TUN).
// It can only be set before calling Start.
// TODO(raggi): refactor the way we handle both CheckLocalTransportEndpoints
// and the earlier netstack registrations for serve, funnel, peerAPI and so
// on. Currently this optimizes away cost for tailscaled in TUN mode, while
// enabling extension support when using tsnet in TUN mode. See #18423.
CheckLocalTransportEndpoints bool
// ProcessLocalIPs is whether netstack should handle incoming
// traffic directed at the Node.Addresses (local IPs).
// It can only be set before calling Start.
ProcessLocalIPs bool
// ProcessSubnets is whether netstack should handle incoming
// traffic destined to non-local IPs (i.e. whether it should
// be a subnet router).
// It can only be set before calling Start.
ProcessSubnets bool
// contains filtered or unexported fields
}
Impl contains the state for the netstack implementation, and implements wgengine.FakeImpl to act as a userspace network stack when Tailscale is running in fake mode.
func Create ¶
func Create(logf logger.Logf, tundev *tstun.Wrapper, e wgengine.Engine, mc *magicsock.Conn, dialer *tsdial.Dialer, dns *dns.Manager, pm *proxymap.Mapper) (*Impl, error)
Create creates and populates a new Impl.
func (*Impl) DialContextTCP ¶
func (*Impl) DialContextTCPWithBind ¶
func (ns *Impl) DialContextTCPWithBind(ctx context.Context, localAddr netip.Addr, remoteAddr netip.AddrPort) (*gonet.TCPConn, error)
DialContextTCPWithBind creates a new gonet.TCPConn connected to the specified remoteAddress with its local address bound to localAddr on an available port.
func (*Impl) DialContextUDP ¶
func (*Impl) DialContextUDPWithBind ¶
func (ns *Impl) DialContextUDPWithBind(ctx context.Context, localAddr netip.Addr, remoteAddr netip.AddrPort) (*gonet.UDPConn, error)
DialContextUDPWithBind creates a new gonet.UDPConn. Connected to remoteAddr. With its local address bound to localAddr on an available port.
func (*Impl) ExpVar ¶
ExpVar returns an expvar variable suitable for registering with expvar.Publish.
func (*Impl) ListenPacket ¶
func (ns *Impl) ListenPacket(network, address string) (net.PacketConn, error)
ListenPacket listens for incoming packets for the given network and address. Address must be of the form "ip:port" or "[ip]:port".
As of 2024-05-18, only udp4 and udp6 are supported.
func (*Impl) ListenTCP ¶
func (ns *Impl) ListenTCP(network, address string) (*gonet.TCPListener, error)
ListenTCP listens for TCP connections on the given address.
func (*Impl) SetTransportProtocolOption ¶
func (ns *Impl) SetTransportProtocolOption(transport tcpip.TransportProtocolNumber, option tcpip.SettableTransportProtocolOption) tcpip.Error
SetTransportProtocolOption forwards to the underlying stack.Stack.SetTransportProtocolOption. Callers are responsible for ensuring that the options are valid, compatible and appropriate for their use case. Compatibility may change at any version.
func (*Impl) Start ¶
func (ns *Impl) Start(b LocalBackend) error
Start sets up all the handlers so netstack can start working. Implements wgengine.FakeImpl.
func (*Impl) UpdateActiveVIPServices ¶
UpdateActiveVIPServices updates the set of active VIP services names.
func (*Impl) UpdateIPServiceMappings ¶
func (ns *Impl) UpdateIPServiceMappings(mappings netmap.IPServiceMappings)
UpdateIPServiceMappings updates the IPServiceMappings when there is a change in this value in localbackend. This is usually triggered from a netmap update.
func (*Impl) UpdateNetstackIPs ¶
func (ns *Impl) UpdateNetstackIPs(nm *netmap.NetworkMap)
UpdateNetstackIPs updates the set of local IPs that netstack should handle from nm.
TODO(bradfitz): don't pass the whole netmap here; just pass the two address slice views.
type LocalBackend ¶
type LocalBackend = any
LocalBackend is a fake name for *ipnlocal.LocalBackend to avoid an import cycle.
Source Files
Directories