mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-08 09:07:44 +00:00
wgengine: plumb locally advertised subnet routes.
With this change, advertising subnet routes configures the firewall correctly. Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
parent
89198b1691
commit
89af51b84d
@ -658,6 +658,8 @@ func (b *LocalBackend) blockEngineUpdates(block bool) {
|
|||||||
b.mu.Unlock()
|
b.mu.Unlock()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// authReconfig pushes a new configuration into wgengine, based on the
|
||||||
|
// cached netmap and user prefs.
|
||||||
func (b *LocalBackend) authReconfig() {
|
func (b *LocalBackend) authReconfig() {
|
||||||
b.mu.Lock()
|
b.mu.Lock()
|
||||||
blocked := b.blocked
|
blocked := b.blocked
|
||||||
@ -705,7 +707,7 @@ func (b *LocalBackend) authReconfig() {
|
|||||||
log.Fatalf("WGCfg: %v", err)
|
log.Fatalf("WGCfg: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = b.e.Reconfig(cfg, dom)
|
err = b.e.Reconfig(cfg, dom, uc.AdvertiseRoutes)
|
||||||
if err == wgengine.ErrNoChanges {
|
if err == wgengine.ErrNoChanges {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -734,7 +736,7 @@ func (b *LocalBackend) enterState(newState State) {
|
|||||||
b.blockEngineUpdates(true)
|
b.blockEngineUpdates(true)
|
||||||
fallthrough
|
fallthrough
|
||||||
case Stopped:
|
case Stopped:
|
||||||
err := b.e.Reconfig(&wgcfg.Config{}, nil)
|
err := b.e.Reconfig(&wgcfg.Config{}, nil, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
b.logf("Reconfig(down): %v", err)
|
b.logf("Reconfig(down): %v", err)
|
||||||
}
|
}
|
||||||
@ -810,7 +812,7 @@ func (b *LocalBackend) stateMachine() {
|
|||||||
|
|
||||||
func (b *LocalBackend) stopEngineAndWait() {
|
func (b *LocalBackend) stopEngineAndWait() {
|
||||||
b.logf("stopEngineAndWait...")
|
b.logf("stopEngineAndWait...")
|
||||||
b.e.Reconfig(&wgcfg.Config{}, nil)
|
b.e.Reconfig(&wgcfg.Config{}, nil, nil)
|
||||||
b.requestEngineStatusAndWait()
|
b.requestEngineStatusAndWait()
|
||||||
b.logf("stopEngineAndWait: done.")
|
b.logf("stopEngineAndWait: done.")
|
||||||
}
|
}
|
||||||
|
@ -328,7 +328,12 @@ func (e *userspaceEngine) pinger(peerKey wgcfg.Key, ips []wgcfg.IP) {
|
|||||||
// However, we don't actually ever provide it to wireguard and it's not in
|
// However, we don't actually ever provide it to wireguard and it's not in
|
||||||
// the traditional wireguard config format. On the other hand, wireguard
|
// the traditional wireguard config format. On the other hand, wireguard
|
||||||
// itself doesn't use the traditional 'dns =' setting either.
|
// itself doesn't use the traditional 'dns =' setting either.
|
||||||
func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string) error {
|
//
|
||||||
|
// TODO(danderson): this function signature is starting to get out of
|
||||||
|
// hand. Feels like we either need a wgengine.Config type, or make
|
||||||
|
// router and wgengine siblings of each other that interact via glue
|
||||||
|
// in ipn.
|
||||||
|
func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string, localRoutes []wgcfg.CIDR) error {
|
||||||
e.wgLock.Lock()
|
e.wgLock.Lock()
|
||||||
defer e.wgLock.Unlock()
|
defer e.wgLock.Unlock()
|
||||||
|
|
||||||
@ -385,8 +390,7 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string) error
|
|||||||
Cfg: cfg,
|
Cfg: cfg,
|
||||||
DNS: cfg.DNS,
|
DNS: cfg.DNS,
|
||||||
DNSDomains: dnsDomains,
|
DNSDomains: dnsDomains,
|
||||||
// HACK HACK HACK DO NOT SUBMIT just testing before further plumbing
|
SubnetRoutes: localRoutes,
|
||||||
SubnetRoutes: []wgcfg.CIDR{{IP: wgcfg.IPv4(192, 168, 17, 0), Mask: 24}},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(apenwarr): all the parts of RouteSettings should be "relevant."
|
// TODO(apenwarr): all the parts of RouteSettings should be "relevant."
|
||||||
|
@ -61,8 +61,8 @@ func (e *watchdogEngine) watchdog(name string, fn func()) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *watchdogEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string) error {
|
func (e *watchdogEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string, localRoutes []wgcfg.CIDR) error {
|
||||||
return e.watchdogErr("Reconfig", func() error { return e.wrap.Reconfig(cfg, dnsDomains) })
|
return e.watchdogErr("Reconfig", func() error { return e.wrap.Reconfig(cfg, dnsDomains, localRoutes) })
|
||||||
}
|
}
|
||||||
func (e *watchdogEngine) GetFilter() *filter.Filter {
|
func (e *watchdogEngine) GetFilter() *filter.Filter {
|
||||||
var x *filter.Filter
|
var x *filter.Filter
|
||||||
|
@ -59,7 +59,7 @@ type Engine interface {
|
|||||||
// sends an updated network map.
|
// sends an updated network map.
|
||||||
//
|
//
|
||||||
// The returned error is ErrNoChanges if no changes were made.
|
// The returned error is ErrNoChanges if no changes were made.
|
||||||
Reconfig(cfg *wgcfg.Config, dnsDomains []string) error
|
Reconfig(cfg *wgcfg.Config, dnsDomains []string, localSubnets []wgcfg.CIDR) error
|
||||||
|
|
||||||
// GetFilter returns the current packet filter, if any.
|
// GetFilter returns the current packet filter, if any.
|
||||||
GetFilter() *filter.Filter
|
GetFilter() *filter.Filter
|
||||||
|
Loading…
x
Reference in New Issue
Block a user