From 1f519aa15538d393ff49090f1bdb5d6f67d42494 Mon Sep 17 00:00:00 2001 From: Laszlo Magyar Date: Mon, 23 Oct 2023 18:09:45 +0200 Subject: [PATCH] Revert "Protect local subnets only if non-userspace networking is used AND accepting routes are enabled" This reverts commit d2fabc1219690174ef1101d93d93368882c96511. # Conflicts: # tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run --- .../rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run | 7 ++----- .../rootfs/etc/s6-overlay/scripts/stage2_hook.sh | 11 +++-------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run b/tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run index 11e5df47..090bd967 100755 --- a/tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run +++ b/tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run @@ -98,11 +98,8 @@ if keyexpiry=$(/opt/tailscale status --self=true --peers=false --json | jq -rce bashio::log.warning "Please check your configuration based on the add-on's documentation under \"Configuration\"" fi -# Warn about colliding subnet routes if non-userspace networking and accepting routes are enabled -if bashio::config.false "userspace_networking" && \ - (! bashio::config.has_value "accept_routes" || \ - bashio::config.true "accept_routes"); -then +# Notify about colliding subnet routes if non-userspace-networking is enabled +if bashio::config.false "userspace_networking"; then readarray -t colliding_routes < <( \ comm -1 -2 \ <(subnet-routes local) \ diff --git a/tailscale/rootfs/etc/s6-overlay/scripts/stage2_hook.sh b/tailscale/rootfs/etc/s6-overlay/scripts/stage2_hook.sh index 9b97b5ed..0a52f068 100755 --- a/tailscale/rootfs/etc/s6-overlay/scripts/stage2_hook.sh +++ b/tailscale/rootfs/etc/s6-overlay/scripts/stage2_hook.sh @@ -5,19 +5,14 @@ # S6 Overlay stage2 hook to customize services # ============================================================================== -# Disable protect-subnets service when userspace-networking is enabled or accepting routes is disabled +# Disable protect-subnets service when userspace-networking is enabled +# Disable mss-clamping service when userspace-networking is enabled if ! bashio::config.has_value "userspace_networking" || \ - bashio::config.true "userspace_networking" || \ - bashio::config.false "accept_routes"; + bashio::config.true "userspace_networking"; then rm /etc/s6-overlay/s6-rc.d/user/contents.d/protect-subnets rm /etc/s6-overlay/s6-rc.d/post-tailscaled/dependencies.d/protect-subnets -fi -# Disable mss-clamping service when userspace-networking is enabled -if ! bashio::config.has_value "userspace_networking" || \ - bashio::config.true "userspace_networking"; -then rm /etc/s6-overlay/s6-rc.d/user/contents.d/mss-clamping fi