wgengine: plumb locally advertised subnet routes.

With this change, advertising subnet routes configures the firewall correctly. Signed-off-by: David Anderson <danderson@tailscale.com>
2025-12-02 18:11:59 +00:00 · 2020-05-07 17:48:11 +00:00
parent 89198b1691
commit 89af51b84d
4 changed files with 19 additions and 13 deletions
--- a/ipn/local.go
+++ b/ipn/local.go
@@ -658,6 +658,8 @@ func (b *LocalBackend) blockEngineUpdates(block bool) {
 	b.mu.Unlock()
 }

+// authReconfig pushes a new configuration into wgengine, based on the
+// cached netmap and user prefs.
 func (b *LocalBackend) authReconfig() {
 	b.mu.Lock()
 	blocked := b.blocked
@@ -705,7 +707,7 @@ func (b *LocalBackend) authReconfig() {
 		log.Fatalf("WGCfg: %v", err)
 	}

-	err = b.e.Reconfig(cfg, dom)
+	err = b.e.Reconfig(cfg, dom, uc.AdvertiseRoutes)
 	if err == wgengine.ErrNoChanges {
 		return
 	}
@@ -734,7 +736,7 @@ func (b *LocalBackend) enterState(newState State) {
 		b.blockEngineUpdates(true)
 		fallthrough
 	case Stopped:
-		err := b.e.Reconfig(&wgcfg.Config{}, nil)
+		err := b.e.Reconfig(&wgcfg.Config{}, nil, nil)
 		if err != nil {
 			b.logf("Reconfig(down): %v", err)
 		}
@@ -810,7 +812,7 @@ func (b *LocalBackend) stateMachine() {

 func (b *LocalBackend) stopEngineAndWait() {
 	b.logf("stopEngineAndWait...")
-	b.e.Reconfig(&wgcfg.Config{}, nil)
+	b.e.Reconfig(&wgcfg.Config{}, nil, nil)
 	b.requestEngineStatusAndWait()
 	b.logf("stopEngineAndWait: done.")
 }