diff options
| author | Brad Fitzpatrick <bradfitz@tailscale.com> | 2022-11-07 15:32:53 -0800 |
|---|---|---|
| committer | Brad Fitzpatrick <brad@danga.com> | 2022-11-08 19:39:07 -0800 |
| commit | 2daf0f146c5f644e6345f79fe9c538ae730485c2 (patch) | |
| tree | 829cb1b006d06b75f175aaf5ae1167a2f341e9eb /wgengine | |
| parent | acf5839dd23dd661edfed1d159ac963251e2380d (diff) | |
| download | tailscale-bradfitz/port_intercept.tar.xz tailscale-bradfitz/port_intercept.zip | |
ipn/ipnlocal, wgengine/netstack: start handling ports for future servingbradfitz/port_intercept
Updates tailscale/corp#7515
Change-Id: I966e936e72a2ee99be8d0f5f16872b48cc150258
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Diffstat (limited to 'wgengine')
| -rw-r--r-- | wgengine/netstack/netstack.go | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/wgengine/netstack/netstack.go b/wgengine/netstack/netstack.go index aa79a275c..4adb14894 100644 --- a/wgengine/netstack/netstack.go +++ b/wgengine/netstack/netstack.go @@ -554,9 +554,8 @@ func (ns *Impl) shouldProcessInbound(p *packet.Parsed, t *tstun.Wrapper) bool { if dport == peerAPIPort { return true } - - // Also handle SSH connections, if enabled. - if dport == 22 && ns.lb.ShouldRunSSH() { + // Also handle SSH connections, webserver, etc, if enabled: + if ns.lb.ShouldInterceptTCPPort(dport) { return true } } @@ -894,6 +893,14 @@ func (ns *Impl) acceptTCP(r *tcp.ForwarderRequest) { ns.lb.HandleQuad100Port80Conn(c) return } + if ns.lb.ShouldInterceptTCPPort(reqDetails.LocalPort) && ns.isLocalIP(dialIP) { + c := createConn() + if c == nil { + return + } + ns.lb.HandleInterceptedTCPConn(c) + return + } } if ns.ForwardTCPIn != nil { |