Affected by GO-2022-1119 and 1 other vulnerabilities

GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

filter

package

v0.98.0 Latest Latest Go to latest Published: Apr 21, 2020 License: BSD-3-Clause Imports: 8 Imported by: 26

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/tailscale/tailscale

Links

Open Source Insights

Documentation ¶

Overview ¶

Package filter contains a stateful packet filter.

Index ¶

Constants
Variables
type Filter
- func (f *Filter) RunIn(b []byte, q *packet.QDecode, rf RunFlags) Response
- func (f *Filter) RunOut(b []byte, q *packet.QDecode, rf RunFlags) Response
type IP
type IPPortRange
- func (ipr IPPortRange) String() string
type Match
- func (m Match) Clone() (res Match)
- func (m Match) String() string
type Matches
- func (m Matches) Clone() (res Matches)
type PortRange
- func (pr PortRange) String() string
type Response
- func (r Response) String() string
type RunFlags

Constants ¶

View Source

const IPAny = IP(0)

Variables ¶

View Source

var IPPortRangeAny = IPPortRange{IPAny, PortRangeAny}

View Source

var MatchAllowAll = Matches{
	Match{[]IPPortRange{IPPortRangeAny}, []IP{IPAny}},
}

MatchAllowAll matches all packets.

View Source

var NewIP = packet.NewIP

View Source

var PortRangeAny = PortRange{0, 65535}

Functions ¶

This section is empty.

Types ¶

type Filter ¶

type Filter struct {
	// contains filtered or unexported fields
}

Filter is a stateful packet filter.

func New ¶

func New(matches Matches, shareStateWith *Filter) *Filter

New creates a new packet Filter with the given Matches rules. If shareStateWith is non-nil, the returned filter shares state with the previous one, to enable rules to be changed at runtime without breaking existing flows.

func NewAllowAll ¶

func NewAllowAll() *Filter

NewAllowAll returns a packet filter that accepts everything.

func NewAllowNone ¶

func NewAllowNone() *Filter

NewAllowNone returns a packet filter that rejects everything.

func (*Filter) RunIn ¶

func (f *Filter) RunIn(b []byte, q *packet.QDecode, rf RunFlags) Response

func (*Filter) RunOut ¶

func (f *Filter) RunOut(b []byte, q *packet.QDecode, rf RunFlags) Response

type IP ¶

type IP = packet.IP

type IPPortRange ¶

type IPPortRange struct {
	IP    IP
	Ports PortRange
}

func (IPPortRange) String ¶

func (ipr IPPortRange) String() string

type Match ¶

type Match struct {
	DstPorts []IPPortRange
	SrcIPs   []IP
}

func (Match) Clone ¶

func (m Match) Clone() (res Match)

func (Match) String ¶

func (m Match) String() string

type Matches ¶

type Matches []Match

func (Matches) Clone ¶

func (m Matches) Clone() (res Matches)

type PortRange ¶

type PortRange struct {
	First, Last uint16
}

func (PortRange) String ¶

func (pr PortRange) String() string

type Response ¶

type Response int

Response is a verdict: either a Drop, Accept, or noVerdict skip to continue processing.

const (
	Drop Response = iota
	Accept
)

func (Response) String ¶

func (r Response) String() string

type RunFlags ¶

type RunFlags int

RunFlags controls the filter's debug log verbosity at runtime.

const (
	LogDrops RunFlags = 1 << iota
	LogAccepts
	HexdumpDrops
	HexdumpAccepts
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL