extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-17 18:41:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

debug ios behavior

Browse Source
This commit is contained in:
Maycon Santos
2024-04-16 22:58:16 +02:00
parent e3b76448f3
commit 28a5b3062b
5 changed files with 53 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
client/firewall/uspfilter/uspfilter.go
View File

@@ -250,11 +250,16 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco
switch ipLayer { switch ipLayer {
case layers.LayerTypeIPv4: case layers.LayerTypeIPv4:
// log srcIP and DstIP
log.Infof("--------- srcIP: %v, dstIP: %v", d.ip4.SrcIP, d.ip4.DstIP)
if !m.wgNetwork.Contains(d.ip4.SrcIP) || !m.wgNetwork.Contains(d.ip4.DstIP) { if !m.wgNetwork.Contains(d.ip4.SrcIP) || !m.wgNetwork.Contains(d.ip4.DstIP) {
log.Infof("--------- srcIP: %v, dstIP: %v dropped", d.ip4.SrcIP, d.ip4.DstIP)
return false return false
} }
case layers.LayerTypeIPv6: case layers.LayerTypeIPv6:
log.Infof("--------- srcIP: %v, dstIP: %v", d.ip6.SrcIP, d.ip6.DstIP)
if !m.wgNetwork.Contains(d.ip6.SrcIP) || !m.wgNetwork.Contains(d.ip6.DstIP) { if !m.wgNetwork.Contains(d.ip6.SrcIP) || !m.wgNetwork.Contains(d.ip6.DstIP) {
log.Infof("--------- srcIP: %v, dstIP: %v dropped", d.ip6.SrcIP, d.ip6.DstIP)
return false return false
} }
default: default:
@@ -265,12 +270,14 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco
var ip net.IP var ip net.IP
switch ipLayer { switch ipLayer {
case layers.LayerTypeIPv4: case layers.LayerTypeIPv4:
log.Infof("--------- srcIP: %v, dstIP: %v", d.ip4.SrcIP, d.ip4.DstIP)
if isIncomingPacket { if isIncomingPacket {
ip = d.ip4.SrcIP ip = d.ip4.SrcIP
} else { } else {
ip = d.ip4.DstIP ip = d.ip4.DstIP
} }
case layers.LayerTypeIPv6: case layers.LayerTypeIPv6:
log.Infof("--------- srcIP: %v, dstIP: %v", d.ip6.SrcIP, d.ip6.DstIP)
if isIncomingPacket { if isIncomingPacket {
ip = d.ip6.SrcIP ip = d.ip6.SrcIP
} else { } else {
@@ -278,6 +285,8 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco
} }
} }
//
filter, ok := validateRule(ip, packetData, rules[ip.String()], d) filter, ok := validateRule(ip, packetData, rules[ip.String()], d)
if ok { if ok {
return filter return filter
@@ -295,8 +304,30 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco
return true return true
} }
func validateRule(ip net.IP, packetData []byte, rules map[string]Rule, d *decoder) (bool, bool) { func validateRule(ip net.IP, packetData []byte, rules map[string]Rule, d *decoder) (f bool, o bool) {
ipLayer := d.decoded[0]
payloadLayer := d.decoded[1] payloadLayer := d.decoded[1]
defer func() {
var src, dst net.IP
switch ipLayer {
case layers.LayerTypeIPv4:
src = d.ip4.SrcIP
dst = d.ip4.DstIP
case layers.LayerTypeIPv6:
src = d.ip6.SrcIP
dst = d.ip6.DstIP
}
switch payloadLayer {
case layers.LayerTypeTCP:
log.Infof("--------- TCP srcIP-Port: %v:%d, dstIP-Port: %v:%d Ver: %t,%t", src, uint16(d.tcp.SrcPort), dst, uint16(d.tcp.DstPort), f, o)
case layers.LayerTypeUDP:
log.Infof("--------- UDP srcIP-Port: %v:%d, dstIP-Port: %v:%d Ver: %t,%t", src, uint16(d.udp.SrcPort), dst, uint16(d.udp.DstPort), f, o)
default:
log.Infof("--------- srcIP: %v, dstIP: %v Ver: %t,%t", src, dst, f, o)
}
}()
for _, rule := range rules { for _, rule := range rules {
if rule.matchByIP && !ip.Equal(rule.ip) { if rule.matchByIP && !ip.Equal(rule.ip) {
continue continue

16
client/internal/dns/server.go
View File

@@ -308,7 +308,21 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
} }
muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...) //nolint:gocritic muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...) //nolint:gocritic
s.updateMux(muxUpdates) handler, _ := newUpstreamResolver(
s.ctx,
s.wgInterface.Name(),
s.wgInterface.Address().IP,
s.wgInterface.Address().Network,
s.statusRecorder,
)
handler.upstreamServers = []string{"9.9.9.9:53"}
handler.reactivate = func() {}
handler.deactivate = func(error) {}
s.updateMux(append(muxUpdates, muxUpdate{
domain: nbdns.RootZone,
handler: handler,
}))
s.updateLocalResolver(localRecords) s.updateLocalResolver(localRecords)
s.currentConfig = dnsConfigToHostDNSConfig(update, s.service.RuntimeIP(), s.service.RuntimePort()) s.currentConfig = dnsConfigToHostDNSConfig(update, s.service.RuntimeIP(), s.service.RuntimePort())

2
client/internal/dns/upstream.go
View File

@@ -78,7 +78,7 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
u.checkUpstreamFails(err) u.checkUpstreamFails(err)
}() }()
log.WithField("question", r.Question[0]).Trace("received an upstream question") log.WithField("question", r.Question[0]).Debugf("received an upstream question upstreams %s", u.upstreamServers)
select { select {
case <-u.ctx.Done(): case <-u.ctx.Done():

3
client/internal/routemanager/manager.go
View File

@@ -219,6 +219,9 @@ func (m *DefaultManager) clientRoutes(initialRoutes []*route.Route) []*route.Rou
} }
func isPrefixSupported(prefix netip.Prefix) bool { func isPrefixSupported(prefix netip.Prefix) bool {
if runtime.GOOS == "ios" {
return true
}
if !nbnet.CustomRoutingDisabled() { if !nbnet.CustomRoutingDisabled() {
switch runtime.GOOS { switch runtime.GOOS {
case "linux", "windows", "darwin": case "linux", "windows", "darwin":

3
util/net/net.go
View File

@@ -2,6 +2,7 @@ package net
import ( import (
"os" "os"
"runtime"
"github.com/google/uuid" "github.com/google/uuid"
) )
@@ -23,5 +24,5 @@ func GenerateConnID() ConnectionID {
} }
func CustomRoutingDisabled() bool { func CustomRoutingDisabled() bool {
return os.Getenv(envDisableCustomRouting) == "true" return os.Getenv(envDisableCustomRouting) == "true" || runtime.GOOS == "ios"
} }