net/netaddr: start migrating to net/netip via new netaddr adapter package

Updates #5162 Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2022-07-24 20:08:42 -07:00
parent 7b1a91dfd3
commit 7eaf5e509f
191 changed files with 1009 additions and 888 deletions
--- a/wgengine/router/ifconfig_windows.go
+++ b/wgengine/router/ifconfig_windows.go
@@ -11,17 +11,19 @@ import (
 	"fmt"
 	"log"
 	"net"
+	"net/netip"
 	"runtime"
 	"sort"
 	"time"

 	ole "github.com/go-ole/go-ole"
+	"go4.org/netipx"
 	"golang.org/x/sys/windows"
 	"golang.zx2c4.com/wireguard/tun"
 	"golang.zx2c4.com/wireguard/windows/tunnel/winipcfg"
-	"inet.af/netaddr"
 	"tailscale.com/health"
 	"tailscale.com/net/interfaces"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/util/multierr"
 	"tailscale.com/wgengine/winnet"
@@ -326,16 +328,16 @@ func configureInterface(cfg *Config, tun *tun.NativeTun) (retErr error) {
 	var firstGateway6 *net.IP
 	addresses := make([]*net.IPNet, 0, len(cfg.LocalAddrs))
 	for _, addr := range cfg.LocalAddrs {
-		if (addr.IP().Is4() && ipif4 == nil) || (addr.IP().Is6() && ipif6 == nil) {
+		if (addr.Addr().Is4() && ipif4 == nil) || (addr.Addr().Is6() && ipif6 == nil) {
 			// Can't program addresses for disabled protocol.
 			continue
 		}
-		ipnet := addr.IPNet()
+		ipnet := netipx.PrefixIPNet(addr)
 		addresses = append(addresses, ipnet)
 		gateway := ipnet.IP
-		if addr.IP().Is4() && firstGateway4 == nil {
+		if addr.Addr().Is4() && firstGateway4 == nil {
 			firstGateway4 = &gateway
-		} else if addr.IP().Is6() && firstGateway6 == nil {
+		} else if addr.Addr().Is6() && firstGateway6 == nil {
 			firstGateway6 = &gateway
 		}
 	}
@@ -344,31 +346,31 @@ func configureInterface(cfg *Config, tun *tun.NativeTun) (retErr error) {
 	foundDefault4 := false
 	foundDefault6 := false
 	for _, route := range cfg.Routes {
-		if (route.IP().Is4() && ipif4 == nil) || (route.IP().Is6() && ipif6 == nil) {
+		if (route.Addr().Is4() && ipif4 == nil) || (route.Addr().Is6() && ipif6 == nil) {
 			// Can't program routes for disabled protocol.
 			continue
 		}

-		if route.IP().Is6() && firstGateway6 == nil {
+		if route.Addr().Is6() && firstGateway6 == nil {
 			// Windows won't let us set IPv6 routes without having an
 			// IPv6 local address set. However, when we've configured
 			// a default route, we want to forcibly grab IPv6 traffic
 			// even if the v6 overlay network isn't configured. To do
 			// that, we add a dummy local IPv6 address to serve as a
 			// route source.
-			ipnet := &net.IPNet{tsaddr.Tailscale4To6Placeholder().IPAddr().IP, net.CIDRMask(128, 128)}
+			ipnet := &net.IPNet{tsaddr.Tailscale4To6Placeholder().AsSlice(), net.CIDRMask(128, 128)}
 			addresses = append(addresses, ipnet)
 			firstGateway6 = &ipnet.IP
-		} else if route.IP().Is4() && firstGateway4 == nil {
+		} else if route.Addr().Is4() && firstGateway4 == nil {
 			// TODO: do same dummy behavior as v6?
 			return errors.New("due to a Windows limitation, one cannot have interface routes without an interface address")
 		}

-		ipn := route.IPNet()
+		ipn := netipx.PrefixIPNet(route)
 		var gateway net.IP
-		if route.IP().Is4() {
+		if route.Addr().Is4() {
 			gateway = *firstGateway4
-		} else if route.IP().Is6() {
+		} else if route.Addr().Is6() {
 			gateway = *firstGateway6
 		}
 		r := winipcfg.RouteData{
@@ -387,12 +389,12 @@ func configureInterface(cfg *Config, tun *tun.NativeTun) (retErr error) {
 			// then the interface's IP won't be pingable.
 			continue
 		}
-		if route.IP().Is4() {
+		if route.Addr().Is4() {
 			if route.Bits() == 0 {
 				foundDefault4 = true
 			}
 			r.NextHop = *firstGateway4
-		} else if route.IP().Is6() {
+		} else if route.Addr().Is6() {
 			if route.Bits() == 0 {
 				foundDefault6 = true
 			}
@@ -782,8 +784,8 @@ func filterRoutes(routes []*winipcfg.RouteData, dontDelete []netaddr.IPPrefix) [
 		if nr.IsSingleIP() {
 			continue
 		}
-		lastIP := nr.Range().To()
-		ddm[netaddr.IPPrefixFrom(lastIP, lastIP.BitLen())] = true
+		lastIP := netipx.RangeOfPrefix(nr).To()
+		ddm[netip.PrefixFrom(lastIP, lastIP.BitLen())] = true
 	}
 	filtered := make([]*winipcfg.RouteData, 0, len(routes))
 	for _, r := range routes {
--- a/wgengine/router/ifconfig_windows_test.go
+++ b/wgengine/router/ifconfig_windows_test.go
@@ -11,8 +11,9 @@ import (
 	"strings"
 	"testing"

+	"go4.org/netipx"
 	"golang.zx2c4.com/wireguard/windows/tunnel/winipcfg"
-	"inet.af/netaddr"
+	"tailscale.com/net/netaddr"
 )

 func randIP() net.IP {
@@ -38,7 +39,7 @@ func TestRouteLess(t *testing.T) {
 		if err != nil {
 			t.Fatalf("error parsing test data %q: %v", s, err)
 		}
-		return *ipp.IPNet()
+		return *netipx.PrefixIPNet(ipp)
 	}

 	tests := []struct {
--- a/wgengine/router/router.go
+++ b/wgengine/router/router.go
@@ -10,7 +10,7 @@ import (
 	"reflect"

 	"golang.zx2c4.com/wireguard/tun"
-	"inet.af/netaddr"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/types/logger"
 	"tailscale.com/types/preftype"
 	"tailscale.com/wgengine/monitor"
--- a/wgengine/router/router_linux.go
+++ b/wgengine/router/router_linux.go
@@ -18,11 +18,12 @@ import (

 	"github.com/coreos/go-iptables/iptables"
 	"github.com/tailscale/netlink"
+	"go4.org/netipx"
 	"golang.org/x/sys/unix"
 	"golang.org/x/time/rate"
 	"golang.zx2c4.com/wireguard/tun"
-	"inet.af/netaddr"
 	"tailscale.com/envknob"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/syncs"
 	"tailscale.com/types/logger"
@@ -439,7 +440,7 @@ func (r *linuxRouter) setNetfilterMode(mode preftype.NetfilterMode) error {
 	}

 	for cidr := range r.addrs {
-		if err := r.addLoopbackRule(cidr.IP()); err != nil {
+		if err := r.addLoopbackRule(cidr.Addr()); err != nil {
 			return err
 		}
 	}
@@ -451,7 +452,7 @@ func (r *linuxRouter) setNetfilterMode(mode preftype.NetfilterMode) error {
 // address is already assigned to the interface, or if the addition
 // fails.
 func (r *linuxRouter) addAddress(addr netaddr.IPPrefix) error {
-	if !r.v6Available && addr.IP().Is6() {
+	if !r.v6Available && addr.Addr().Is6() {
 		return nil
 	}
 	if r.useIPCommand() {
@@ -467,7 +468,7 @@ func (r *linuxRouter) addAddress(addr netaddr.IPPrefix) error {
 			return fmt.Errorf("adding address %v from tunnel interface: %w", addr, err)
 		}
 	}
-	if err := r.addLoopbackRule(addr.IP()); err != nil {
+	if err := r.addLoopbackRule(addr.Addr()); err != nil {
 		return err
 	}
 	return nil
@@ -477,10 +478,10 @@ func (r *linuxRouter) addAddress(addr netaddr.IPPrefix) error {
 // the address is not assigned to the interface, or if the removal
 // fails.
 func (r *linuxRouter) delAddress(addr netaddr.IPPrefix) error {
-	if !r.v6Available && addr.IP().Is6() {
+	if !r.v6Available && addr.Addr().Is6() {
 		return nil
 	}
-	if err := r.delLoopbackRule(addr.IP()); err != nil {
+	if err := r.delLoopbackRule(addr.Addr()); err != nil {
 		return err
 	}
 	if r.useIPCommand() {
@@ -547,7 +548,7 @@ func (r *linuxRouter) delLoopbackRule(addr netaddr.IP) error {
 // interface. Fails if the route already exists, or if adding the
 // route fails.
 func (r *linuxRouter) addRoute(cidr netaddr.IPPrefix) error {
-	if !r.v6Available && cidr.IP().Is6() {
+	if !r.v6Available && cidr.Addr().Is6() {
 		return nil
 	}
 	if r.useIPCommand() {
@@ -559,7 +560,7 @@ func (r *linuxRouter) addRoute(cidr netaddr.IPPrefix) error {
 	}
 	return netlink.RouteReplace(&netlink.Route{
 		LinkIndex: linkIndex,
-		Dst:       cidr.Masked().IPNet(),
+		Dst:       netipx.PrefixIPNet(cidr.Masked()),
 		Table:     r.routeTable(),
 	})
 }
@@ -572,14 +573,14 @@ func (r *linuxRouter) addThrowRoute(cidr netaddr.IPPrefix) error {
 	if !r.ipRuleAvailable {
 		return nil
 	}
-	if !r.v6Available && cidr.IP().Is6() {
+	if !r.v6Available && cidr.Addr().Is6() {
 		return nil
 	}
 	if r.useIPCommand() {
 		return r.addRouteDef([]string{"throw", normalizeCIDR(cidr)}, cidr)
 	}
 	err := netlink.RouteReplace(&netlink.Route{
-		Dst:   cidr.Masked().IPNet(),
+		Dst:   netipx.PrefixIPNet(cidr.Masked()),
 		Table: tailscaleRouteTable.num,
 		Type:  unix.RTN_THROW,
 	})
@@ -590,7 +591,7 @@ func (r *linuxRouter) addThrowRoute(cidr netaddr.IPPrefix) error {
 }

 func (r *linuxRouter) addRouteDef(routeDef []string, cidr netaddr.IPPrefix) error {
-	if !r.v6Available && cidr.IP().Is6() {
+	if !r.v6Available && cidr.Addr().Is6() {
 		return nil
 	}
 	args := append([]string{"ip", "route", "add"}, routeDef...)
@@ -624,7 +625,7 @@ var (
 // interface. Fails if the route doesn't exist, or if removing the
 // route fails.
 func (r *linuxRouter) delRoute(cidr netaddr.IPPrefix) error {
-	if !r.v6Available && cidr.IP().Is6() {
+	if !r.v6Available && cidr.Addr().Is6() {
 		return nil
 	}
 	if r.useIPCommand() {
@@ -636,7 +637,7 @@ func (r *linuxRouter) delRoute(cidr netaddr.IPPrefix) error {
 	}
 	err = netlink.RouteDel(&netlink.Route{
 		LinkIndex: linkIndex,
-		Dst:       cidr.Masked().IPNet(),
+		Dst:       netipx.PrefixIPNet(cidr.Masked()),
 		Table:     r.routeTable(),
 	})
 	if errors.Is(err, errESRCH) {
@@ -652,14 +653,14 @@ func (r *linuxRouter) delThrowRoute(cidr netaddr.IPPrefix) error {
 	if !r.ipRuleAvailable {
 		return nil
 	}
-	if !r.v6Available && cidr.IP().Is6() {
+	if !r.v6Available && cidr.Addr().Is6() {
 		return nil
 	}
 	if r.useIPCommand() {
 		return r.delRouteDef([]string{"throw", normalizeCIDR(cidr)}, cidr)
 	}
 	err := netlink.RouteDel(&netlink.Route{
-		Dst:   cidr.Masked().IPNet(),
+		Dst:   netipx.PrefixIPNet(cidr.Masked()),
 		Table: r.routeTable(),
 		Type:  unix.RTN_THROW,
 	})
@@ -671,7 +672,7 @@ func (r *linuxRouter) delThrowRoute(cidr netaddr.IPPrefix) error {
 }

 func (r *linuxRouter) delRouteDef(routeDef []string, cidr netaddr.IPPrefix) error {
-	if !r.v6Available && cidr.IP().Is6() {
+	if !r.v6Available && cidr.Addr().Is6() {
 		return nil
 	}
 	args := append([]string{"ip", "route", "del"}, routeDef...)
@@ -701,7 +702,7 @@ func dashFam(ip netaddr.IP) string {
 }

 func (r *linuxRouter) hasRoute(routeDef []string, cidr netaddr.IPPrefix) (bool, error) {
-	args := append([]string{"ip", dashFam(cidr.IP()), "route", "show"}, routeDef...)
+	args := append([]string{"ip", dashFam(cidr.Addr()), "route", "show"}, routeDef...)
 	if r.ipRuleAvailable {
 		args = append(args, "table", tailscaleRouteTable.ipCmdArg())
 	}
@@ -1549,6 +1550,6 @@ func checkIPRuleSupportsV6(logf logger.Logf) error {

 func nlAddrOfPrefix(p netaddr.IPPrefix) *netlink.Addr {
 	return &netlink.Addr{
-		IPNet: p.IPNet(),
+		IPNet: netipx.PrefixIPNet(p),
 	}
 }
--- a/wgengine/router/router_linux_test.go
+++ b/wgengine/router/router_linux_test.go
@@ -17,7 +17,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/vishvananda/netlink"
 	"golang.zx2c4.com/wireguard/tun"
-	"inet.af/netaddr"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/tstest"
 	"tailscale.com/types/logger"
 	"tailscale.com/wgengine/monitor"
--- a/wgengine/router/router_openbsd.go
+++ b/wgengine/router/router_openbsd.go
@@ -10,8 +10,9 @@ import (
 	"log"
 	"os/exec"

+	"go4.org/netipx"
 	"golang.zx2c4.com/wireguard/tun"
-	"inet.af/netaddr"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/types/logger"
 	"tailscale.com/wgengine/monitor"
 )
@@ -59,7 +60,7 @@ func (r *openbsdRouter) Up() error {
 }

 func inet(p netaddr.IPPrefix) string {
-	if p.IP().Is6() {
+	if p.Addr().Is6() {
 		return "inet6"
 	}
 	return "inet"
@@ -79,11 +80,11 @@ func (r *openbsdRouter) Set(cfg *Config) error {
 	localAddr4 := netaddr.IPPrefix{}
 	localAddr6 := netaddr.IPPrefix{}
 	for _, addr := range cfg.LocalAddrs {
-		if addr.IP().Is4() {
+		if addr.Addr().Is4() {
 			numIPv4++
 			localAddr4 = addr
 		}
-		if addr.IP().Is6() {
+		if addr.Addr().Is6() {
 			numIPv6++
 			localAddr6 = addr
 		}
@@ -95,7 +96,7 @@ func (r *openbsdRouter) Set(cfg *Config) error {
 	var errq error

 	if localAddr4 != r.local4 {
-		if !r.local4.IsZero() {
+		if r.local4.IsValid() {
 			addrdel := []string{"ifconfig", r.tunname,
 				"inet", r.local4.String(), "-alias"}
 			out, err := cmd(addrdel...).CombinedOutput()
@@ -108,7 +109,7 @@ func (r *openbsdRouter) Set(cfg *Config) error {

 			routedel := []string{"route", "-q", "-n",
 				"del", "-inet", r.local4.String(),
-				"-iface", r.local4.IP().String()}
+				"-iface", r.local4.Addr().String()}
 			if out, err := cmd(routedel...).CombinedOutput(); err != nil {
 				r.logf("route del failed: %v: %v\n%s", routedel, err, out)
 				if errq == nil {
@@ -117,7 +118,7 @@ func (r *openbsdRouter) Set(cfg *Config) error {
 			}
 		}

-		if !localAddr4.IsZero() {
+		if localAddr4.IsValid() {
 			addradd := []string{"ifconfig", r.tunname,
 				"inet", localAddr4.String(), "alias"}
 			out, err := cmd(addradd...).CombinedOutput()
@@ -130,7 +131,7 @@ func (r *openbsdRouter) Set(cfg *Config) error {

 			routeadd := []string{"route", "-q", "-n",
 				"add", "-inet", localAddr4.String(),
-				"-iface", localAddr4.IP().String()}
+				"-iface", localAddr4.Addr().String()}
 			if out, err := cmd(routeadd...).CombinedOutput(); err != nil {
 				r.logf("route add failed: %v: %v\n%s", routeadd, err, out)
 				if errq == nil {
@@ -140,15 +141,15 @@ func (r *openbsdRouter) Set(cfg *Config) error {
 		}
 	}

-	if !localAddr6.IsZero() {
+	if localAddr6.IsValid() {
 		// in https://github.com/tailscale/tailscale/issues/1307 we made
 		// FreeBSD use a /48 for IPv6 addresses, which is nice because we
 		// don't need to additionally add routing entries. Do that here too.
-		localAddr6 = netaddr.IPPrefixFrom(localAddr6.IP(), 48)
+		localAddr6 = netaddr.IPPrefixFrom(localAddr6.Addr(), 48)
 	}

 	if localAddr6 != r.local6 {
-		if !r.local6.IsZero() {
+		if r.local6.IsValid() {
 			addrdel := []string{"ifconfig", r.tunname,
 				"inet6", r.local6.String(), "delete"}
 			out, err := cmd(addrdel...).CombinedOutput()
@@ -160,7 +161,7 @@ func (r *openbsdRouter) Set(cfg *Config) error {
 			}
 		}

-		if !localAddr6.IsZero() {
+		if localAddr6.IsValid() {
 			addradd := []string{"ifconfig", r.tunname,
 				"inet6", localAddr6.String()}
 			out, err := cmd(addradd...).CombinedOutput()
@@ -179,12 +180,12 @@ func (r *openbsdRouter) Set(cfg *Config) error {
 	}
 	for route := range r.routes {
 		if _, keep := newRoutes[route]; !keep {
-			net := route.IPNet()
+			net := netipx.PrefixIPNet(route)
 			nip := net.IP.Mask(net.Mask)
 			nstr := fmt.Sprintf("%v/%d", nip, route.Bits())
-			dst := localAddr4.IP().String()
-			if route.IP().Is6() {
-				dst = localAddr6.IP().String()
+			dst := localAddr4.Addr().String()
+			if route.Addr().Is6() {
+				dst = localAddr6.Addr().String()
 			}
 			routedel := []string{"route", "-q", "-n",
 				"del", "-" + inet(route), nstr,
@@ -200,12 +201,12 @@ func (r *openbsdRouter) Set(cfg *Config) error {
 	}
 	for route := range newRoutes {
 		if _, exists := r.routes[route]; !exists {
-			net := route.IPNet()
+			net := netipx.PrefixIPNet(route)
 			nip := net.IP.Mask(net.Mask)
 			nstr := fmt.Sprintf("%v/%d", nip, route.Bits())
-			dst := localAddr4.IP().String()
-			if route.IP().Is6() {
-				dst = localAddr6.IP().String()
+			dst := localAddr4.Addr().String()
+			if route.Addr().Is6() {
+				dst = localAddr6.Addr().String()
 			}
 			routeadd := []string{"route", "-q", "-n",
 				"add", "-" + inet(route), nstr,
--- a/wgengine/router/router_test.go
+++ b/wgengine/router/router_test.go
@@ -8,7 +8,7 @@ import (
 	"reflect"
 	"testing"

-	"inet.af/netaddr"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/types/preftype"
 )

--- a/wgengine/router/router_userspace_bsd.go
+++ b/wgengine/router/router_userspace_bsd.go
@@ -13,8 +13,9 @@ import (
 	"os/exec"
 	"runtime"

+	"go4.org/netipx"
 	"golang.zx2c4.com/wireguard/tun"
-	"inet.af/netaddr"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/types/logger"
 	"tailscale.com/version"
@@ -91,7 +92,7 @@ func (r *userspaceBSDRouter) Up() error {
 }

 func inet(p netaddr.IPPrefix) string {
-	if p.IP().Is6() {
+	if p.Addr().Is6() {
 		return "inet6"
 	}
 	return "inet"
@@ -120,15 +121,15 @@ func (r *userspaceBSDRouter) Set(cfg *Config) (reterr error) {
 	}
 	for _, addr := range r.addrsToAdd(cfg.LocalAddrs) {
 		var arg []string
-		if runtime.GOOS == "freebsd" && addr.IP().Is6() && addr.Bits() == 128 {
+		if runtime.GOOS == "freebsd" && addr.Addr().Is6() && addr.Bits() == 128 {
 			// FreeBSD rejects tun addresses of the form fc00::1/128 -> fc00::1,
 			// https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218508
 			// Instead add our whole /48, which works because we use a /48 route.
 			// Full history: https://github.com/tailscale/tailscale/issues/1307
-			tmp := netaddr.IPPrefixFrom(addr.IP(), 48)
+			tmp := netaddr.IPPrefixFrom(addr.Addr(), 48)
 			arg = []string{"ifconfig", r.tunname, inet(tmp), tmp.String()}
 		} else {
-			arg = []string{"ifconfig", r.tunname, inet(addr), addr.String(), addr.IP().String()}
+			arg = []string{"ifconfig", r.tunname, inet(addr), addr.String(), addr.Addr().String()}
 		}
 		out, err := cmd(arg...).CombinedOutput()
 		if err != nil {
@@ -150,7 +151,7 @@ func (r *userspaceBSDRouter) Set(cfg *Config) (reterr error) {
 	// Delete any pre-existing routes.
 	for route := range r.routes {
 		if _, keep := newRoutes[route]; !keep {
-			net := route.IPNet()
+			net := netipx.PrefixIPNet(route)
 			nip := net.IP.Mask(net.Mask)
 			nstr := fmt.Sprintf("%v/%d", nip, route.Bits())
 			del := "del"
@@ -170,7 +171,7 @@ func (r *userspaceBSDRouter) Set(cfg *Config) (reterr error) {
 	// Add the routes.
 	for route := range newRoutes {
 		if _, exists := r.routes[route]; !exists {
-			net := route.IPNet()
+			net := netipx.PrefixIPNet(route)
 			nip := net.IP.Mask(net.Mask)
 			nstr := fmt.Sprintf("%v/%d", nip, route.Bits())
 			routeadd := []string{"route", "-q", "-n",
--- a/wgengine/router/router_windows.go
+++ b/wgengine/router/router_windows.go
@@ -20,9 +20,9 @@ import (
 	"golang.org/x/sys/windows"
 	"golang.zx2c4.com/wireguard/tun"
 	"golang.zx2c4.com/wireguard/windows/tunnel/winipcfg"
-	"inet.af/netaddr"
 	"tailscale.com/logtail/backoff"
 	"tailscale.com/net/dns"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/types/logger"
 	"tailscale.com/wgengine/monitor"
 )