diff options
| author | Naman Sood <mail@nsood.in> | 2023-12-04 12:08:56 -0500 |
|---|---|---|
| committer | Naman Sood <mail@nsood.in> | 2023-12-05 14:22:02 -0500 |
| commit | 0a59754eda9f26ce3aa01be6a610a5a92e968ee1 (patch) | |
| tree | 18ad7626c637e827a479ba9c4c438f81ef0f4a84 /control/controlknobs/controlknobs.go | |
| parent | 215f657a5ea9036aa989d4d454679eb86885c7ef (diff) | |
| download | tailscale-0a59754eda9f26ce3aa01be6a610a5a92e968ee1.tar.xz tailscale-0a59754eda9f26ce3aa01be6a610a5a92e968ee1.zip | |
linuxfw,wgengine/route,ipn: add c2n and nodeattrs to control linux netfilter
Updates tailscale/corp#14029.
Signed-off-by: Naman Sood <mail@nsood.in>
Diffstat (limited to 'control/controlknobs/controlknobs.go')
| -rw-r--r-- | control/controlknobs/controlknobs.go | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/control/controlknobs/controlknobs.go b/control/controlknobs/controlknobs.go index c0ee040b7..fddffde3e 100644 --- a/control/controlknobs/controlknobs.go +++ b/control/controlknobs/controlknobs.go @@ -56,6 +56,14 @@ type Knobs struct { // SilentDisco is whether the node should suppress disco heartbeats to its // peers. SilentDisco atomic.Bool + + // LinuxForceIPTables is whether the node should use iptables for Linux + // netfiltering, unless overridden by the user. + LinuxForceIPTables atomic.Bool + + // LinuxForceNfTables is whether the node should use nftables for Linux + // netfiltering, unless overridden by the user. + LinuxForceNfTables atomic.Bool } // UpdateFromNodeAttributes updates k (if non-nil) based on the provided self @@ -79,6 +87,8 @@ func (k *Knobs) UpdateFromNodeAttributes(selfNodeAttrs []tailcfg.NodeCapability, peerMTUEnable = has(tailcfg.NodeAttrPeerMTUEnable) dnsForwarderDisableTCPRetries = has(tailcfg.NodeAttrDNSForwarderDisableTCPRetries) silentDisco = has(tailcfg.NodeAttrSilentDisco) + forceIPTables = has(tailcfg.NodeAttrLinuxMustUseIPTables) + forceNfTables = has(tailcfg.NodeAttrLinuxMustUseNfTables) ) if has(tailcfg.NodeAttrOneCGNATEnable) { @@ -97,6 +107,8 @@ func (k *Knobs) UpdateFromNodeAttributes(selfNodeAttrs []tailcfg.NodeCapability, k.PeerMTUEnable.Store(peerMTUEnable) k.DisableDNSForwarderTCPRetries.Store(dnsForwarderDisableTCPRetries) k.SilentDisco.Store(silentDisco) + k.LinuxForceIPTables.Store(forceIPTables) + k.LinuxForceNfTables.Store(forceNfTables) } // AsDebugJSON returns k as something that can be marshalled with json.Marshal @@ -116,5 +128,7 @@ func (k *Knobs) AsDebugJSON() map[string]any { "PeerMTUEnable": k.PeerMTUEnable.Load(), "DisableDNSForwarderTCPRetries": k.DisableDNSForwarderTCPRetries.Load(), "SilentDisco": k.SilentDisco.Load(), + "LinuxForceIPTables": k.LinuxForceIPTables.Load(), + "LinuxForceNfTables": k.LinuxForceNfTables.Load(), } } |