2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2021-01-29 20:16:36 +00:00
|
|
|
|
|
|
|
// Package wgcfg has types and a parser for representing WireGuard config.
|
|
|
|
package wgcfg
|
|
|
|
|
|
|
|
import (
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 04:14:09 +00:00
|
|
|
"net/netip"
|
|
|
|
|
2022-10-28 17:09:30 +00:00
|
|
|
"tailscale.com/tailcfg"
|
2021-10-28 00:42:33 +00:00
|
|
|
"tailscale.com/types/key"
|
2023-03-01 03:00:00 +00:00
|
|
|
"tailscale.com/types/logid"
|
2021-01-29 20:16:36 +00:00
|
|
|
)
|
|
|
|
|
2022-05-01 23:15:14 +00:00
|
|
|
//go:generate go run tailscale.com/cmd/cloner -type=Config,Peer
|
2021-02-05 20:44:43 +00:00
|
|
|
|
2021-01-29 20:16:36 +00:00
|
|
|
// Config is a WireGuard configuration.
|
|
|
|
// It only supports the set of things Tailscale uses.
|
|
|
|
type Config struct {
|
|
|
|
Name string
|
2022-10-28 17:09:30 +00:00
|
|
|
NodeID tailcfg.StableNodeID
|
2021-10-28 00:42:33 +00:00
|
|
|
PrivateKey key.NodePrivate
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 04:14:09 +00:00
|
|
|
Addresses []netip.Prefix
|
2021-01-29 20:16:36 +00:00
|
|
|
MTU uint16
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 04:14:09 +00:00
|
|
|
DNS []netip.Addr
|
2021-01-29 20:16:36 +00:00
|
|
|
Peers []Peer
|
2022-10-06 23:19:38 +00:00
|
|
|
|
|
|
|
// NetworkLogging enables network logging.
|
|
|
|
// It is disabled if either ID is the zero value.
|
2024-05-02 17:55:05 +00:00
|
|
|
// LogExitFlowEnabled indicates whether or not exit flows should be logged.
|
2022-10-06 23:19:38 +00:00
|
|
|
NetworkLogging struct {
|
2024-05-02 17:55:05 +00:00
|
|
|
NodeID logid.PrivateID
|
|
|
|
DomainID logid.PrivateID
|
|
|
|
LogExitFlowEnabled bool
|
2022-10-06 23:19:38 +00:00
|
|
|
}
|
2021-01-29 20:16:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type Peer struct {
|
2021-10-28 00:42:33 +00:00
|
|
|
PublicKey key.NodePublic
|
2021-10-29 21:27:29 +00:00
|
|
|
DiscoKey key.DiscoPublic // present only so we can handle restarts within wgengine, not passed to WireGuard
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 04:14:09 +00:00
|
|
|
AllowedIPs []netip.Prefix
|
2023-04-13 17:12:31 +00:00
|
|
|
V4MasqAddr *netip.Addr // if non-nil, masquerade IPv4 traffic to this peer using this address
|
2023-09-19 00:03:53 +00:00
|
|
|
V6MasqAddr *netip.Addr // if non-nil, masquerade IPv6 traffic to this peer using this address
|
2024-02-24 22:12:03 +00:00
|
|
|
PersistentKeepalive uint16 // in seconds between keep-alives; 0 to disable
|
2021-11-11 02:42:16 +00:00
|
|
|
// wireguard-go's endpoint for this peer. It should always equal Peer.PublicKey.
|
|
|
|
// We represent it explicitly so that we can detect if they diverge and recover.
|
|
|
|
// There is no need to set WGEndpoint explicitly when constructing a Peer by hand.
|
|
|
|
// It is only populated when reading Peers from wireguard-go.
|
|
|
|
WGEndpoint key.NodePublic
|
2021-01-29 20:16:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// PeerWithKey returns the Peer with key k and reports whether it was found.
|
2021-10-28 00:42:33 +00:00
|
|
|
func (config Config) PeerWithKey(k key.NodePublic) (Peer, bool) {
|
2021-01-29 20:16:36 +00:00
|
|
|
for _, p := range config.Peers {
|
|
|
|
if p.PublicKey == k {
|
|
|
|
return p, true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return Peer{}, false
|
|
|
|
}
|