TUN-6741: ICMP proxy tries to listen on specific IPv4 & IPv6 when possible

If it cannot determine the correct interface IP, it will fallback to all interfaces. This commit also introduces the icmpv4-src and icmpv6-src flags
2025-07-27 21:09:58 +00:00 · 2022-09-20 11:39:51 +01:00
parent 3449ea35f2
commit be0305ec58
22 changed files with 262 additions and 109 deletions
--- a/supervisor/supervisor.go
+++ b/supervisor/supervisor.go
@@ -16,7 +16,6 @@ import (
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/edgediscovery/allregions"
 	"github.com/cloudflare/cloudflared/h2mux"
-	"github.com/cloudflare/cloudflared/ingress"
 	"github.com/cloudflare/cloudflared/orchestration"
 	"github.com/cloudflare/cloudflared/retry"
 	"github.com/cloudflare/cloudflared/signal"
@@ -117,13 +116,6 @@ func NewSupervisor(config *TunnelConfig, orchestrator *orchestration.Orchestrato
 		connAwareLogger:   log,
 	}

-	icmpRouter, err := ingress.NewICMPRouter(config.Log)
-	if err != nil {
-		log.Logger().Warn().Err(err).Msg("Failed to create icmp router, ICMP proxy feature is disabled")
-	} else {
-		edgeTunnelServer.icmpRouter = icmpRouter
-	}
-
 	useReconnectToken := false
 	if config.ClassicTunnel != nil {
 		useReconnectToken = config.ClassicTunnel.UseReconnectToken
@@ -151,9 +143,9 @@ func (s *Supervisor) Run(
 	ctx context.Context,
 	connectedSignal *signal.Signal,
 ) error {
-	if s.edgeTunnelServer.icmpRouter != nil {
+	if s.config.PacketConfig != nil {
 		go func() {
-			if err := s.edgeTunnelServer.icmpRouter.Serve(ctx); err != nil {
+			if err := s.config.PacketConfig.ICMPRouter.Serve(ctx); err != nil {
 				if errors.Is(err, net.ErrClosed) {
 					s.log.Logger().Info().Err(err).Msg("icmp router terminated")
 				} else {
--- a/supervisor/tunnel.go
+++ b/supervisor/tunnel.go
@@ -70,6 +70,7 @@ type TunnelConfig struct {
 	MuxerConfig      *connection.MuxerConfig
 	ProtocolSelector connection.ProtocolSelector
 	EdgeTLSConfigs   map[connection.Protocol]*tls.Config
+	PacketConfig     *packet.GlobalRouterConfig
 }

 func (c *TunnelConfig) registrationOptions(connectionID uint8, OriginLocalIP string, uuid uuid.UUID) *tunnelpogs.RegistrationOptions {
@@ -200,7 +201,6 @@ type EdgeTunnelServer struct {
 	reconnectCh       chan ReconnectSignal
 	gracefulShutdownC <-chan struct{}
 	tracker           *tunnelstate.ConnTracker
-	icmpRouter        packet.ICMPRouter

 	connAwareLogger *ConnAwareLogger
 }
@@ -661,7 +661,7 @@ func (e *EdgeTunnelServer) serveQUIC(
 		connOptions,
 		controlStreamHandler,
 		connLogger.Logger(),
-		e.icmpRouter)
+		e.config.PacketConfig)
 	if err != nil {
 		if e.config.NeedPQ {
 			handlePQTunnelError(err, e.config)