wgengine/router: rewrite netfilter and routing logic.

New logic installs precise filters for subnet routes, plays nice with other users of netfilter, and lays the groundwork for fixing routing loops via policy routing. Signed-off-by: David Anderson <danderson@tailscale.com>
2025-12-03 02:21:58 +00:00 · 2020-05-01 18:55:38 -07:00
parent 7618d7e677
commit 89198b1691
3 changed files with 388 additions and 88 deletions
--- a/wgengine/userspace.go
+++ b/wgengine/userspace.go
@@ -385,6 +385,8 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string) error
 		Cfg:        cfg,
 		DNS:        cfg.DNS,
 		DNSDomains: dnsDomains,
+		// HACK HACK HACK DO NOT SUBMIT just testing before further plumbing
+		SubnetRoutes: []wgcfg.CIDR{{IP: wgcfg.IPv4(192, 168, 17, 0), Mask: 24}},
 	}

 	// TODO(apenwarr): all the parts of RouteSettings should be "relevant."