diff options
| author | Christine Dodrill <xe@tailscale.com> | 2021-03-12 15:42:34 -0500 |
|---|---|---|
| committer | Christine Dodrill <xe@tailscale.com> | 2021-03-15 13:31:17 -0400 |
| commit | e5beb077f55f3746f99ae09b4ef850c05bef6661 (patch) | |
| tree | 622ef3030a49b4d0c3c8d4ab7f625da15cf19322 | |
| parent | 0a84359d2ddd705e56d57651e3b2c43fcadfa2e2 (diff) | |
| download | tailscale-Xe/disallow-local-ip-for-exit-node.tar.xz tailscale-Xe/disallow-local-ip-for-exit-node.zip | |
cmd/tailscale/cli: don't permit setting self IP as exit nodeXe/disallow-local-ip-for-exit-node
This change makes it impossible to set your own IP address as the exit
node for this system.
Fixes #1489
Signed-off-by: Christine Dodrill <xe@tailscale.com>
| -rw-r--r-- | cmd/tailscale/cli/status.go | 18 | ||||
| -rw-r--r-- | cmd/tailscale/cli/up.go | 12 |
2 files changed, 23 insertions, 7 deletions
diff --git a/cmd/tailscale/cli/status.go b/cmd/tailscale/cli/status.go index 8997a187a..851b0c2bd 100644 --- a/cmd/tailscale/cli/status.go +++ b/cmd/tailscale/cli/status.go @@ -53,12 +53,7 @@ var statusArgs struct { peers bool // in CLI mode, show status of peer machines } -func runStatus(ctx context.Context, args []string) error { - c, bc, ctx, cancel := connect(ctx) - defer cancel() - - bc.AllowVersionSkew = true - +func getStatusFromServer(ctx context.Context, c net.Conn, bc *ipn.BackendClient) func() (*ipnstate.Status, error) { ch := make(chan *ipnstate.Status, 1) bc.SetNotifyCallback(func(n ipn.Notify) { if n.ErrMessage != nil { @@ -80,7 +75,7 @@ func runStatus(ctx context.Context, args []string) error { }) go pump(ctx, bc, c) - getStatus := func() (*ipnstate.Status, error) { + return func() (*ipnstate.Status, error) { bc.RequestStatus() select { case st := <-ch: @@ -89,6 +84,15 @@ func runStatus(ctx context.Context, args []string) error { return nil, ctx.Err() } } +} + +func runStatus(ctx context.Context, args []string) error { + c, bc, ctx, cancel := connect(ctx) + defer cancel() + + bc.AllowVersionSkew = true + + getStatus := getStatusFromServer(ctx, c, bc) st, err := getStatus() if err != nil { return err diff --git a/cmd/tailscale/cli/up.go b/cmd/tailscale/cli/up.go index 3f0081425..5994434ed 100644 --- a/cmd/tailscale/cli/up.go +++ b/cmd/tailscale/cli/up.go @@ -249,6 +249,18 @@ func runUp(ctx context.Context, args []string) error { c, bc, ctx, cancel := connect(ctx) defer cancel() + if !prefs.ExitNodeIP.IsZero() { + st, err := getStatusFromServer(ctx, c, bc)() + if err != nil { + fatalf("can't fetch status from tailscaled: %v", err) + } + for _, ip := range st.TailscaleIPs { + if prefs.ExitNodeIP == ip { + fatalf("cannot use %s as the exit node as it is a local IP address to this machine, did you mean --advertise-exit-node?", ip) + } + } + } + var printed bool var loginOnce sync.Once startLoginInteractive := func() { loginOnce.Do(func() { bc.StartLoginInteractive() }) } |