wgengine/router: use inet.af/netaddr, not wgcfg.CIDR.

Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson 2020-05-08 05:17:30 +00:00 committed by Dave Anderson
parent b8f01eed34
commit b01db109f5
8 changed files with 70 additions and 45 deletions

2
go.mod
View File

@ -28,6 +28,6 @@ require (
golang.org/x/sys v0.0.0-20200501052902-10377860bb8e golang.org/x/sys v0.0.0-20200501052902-10377860bb8e
golang.org/x/time v0.0.0-20191024005414-555d28b269f0 golang.org/x/time v0.0.0-20191024005414-555d28b269f0
gortc.io/stun v1.22.1 gortc.io/stun v1.22.1
inet.af/netaddr v0.0.0-20200417213433-f9e5bcc2d6ea inet.af/netaddr v0.0.0-20200430175045-5aaf2097c7fc
rsc.io/goversion v1.2.0 rsc.io/goversion v1.2.0
) )

2
go.sum
View File

@ -146,5 +146,7 @@ gortc.io/stun v1.22.1 h1:96mOdDATYRqhYB+TZdenWBg4CzL2Ye5kPyBXQ8KAB+8=
gortc.io/stun v1.22.1/go.mod h1:XD5lpONVyjvV3BgOyJFNo0iv6R2oZB4L+weMqxts+zg= gortc.io/stun v1.22.1/go.mod h1:XD5lpONVyjvV3BgOyJFNo0iv6R2oZB4L+weMqxts+zg=
inet.af/netaddr v0.0.0-20200417213433-f9e5bcc2d6ea h1:DpXewrGVf9+vvYQFrNGj9v34bXMuTVQv+2wuULTNV8I= inet.af/netaddr v0.0.0-20200417213433-f9e5bcc2d6ea h1:DpXewrGVf9+vvYQFrNGj9v34bXMuTVQv+2wuULTNV8I=
inet.af/netaddr v0.0.0-20200417213433-f9e5bcc2d6ea/go.mod h1:qqYzz/2whtrbWJvt+DNWQyvekNN4ePQZcg2xc2/Yjww= inet.af/netaddr v0.0.0-20200417213433-f9e5bcc2d6ea/go.mod h1:qqYzz/2whtrbWJvt+DNWQyvekNN4ePQZcg2xc2/Yjww=
inet.af/netaddr v0.0.0-20200430175045-5aaf2097c7fc h1:We3b/z+7i9LV4Ls0yWve5vYIlnAPSPeqxKVgZseRDBs=
inet.af/netaddr v0.0.0-20200430175045-5aaf2097c7fc/go.mod h1:qqYzz/2whtrbWJvt+DNWQyvekNN4ePQZcg2xc2/Yjww=
rsc.io/goversion v1.2.0 h1:SPn+NLTiAG7w30IRK/DKp1BjvpWabYgxlLp/+kx5J8w= rsc.io/goversion v1.2.0 h1:SPn+NLTiAG7w30IRK/DKp1BjvpWabYgxlLp/+kx5J8w=
rsc.io/goversion v1.2.0/go.mod h1:Eih9y/uIBS3ulggl7KNJ09xGSLcuNaLgmvvqa07sgfo= rsc.io/goversion v1.2.0/go.mod h1:Eih9y/uIBS3ulggl7KNJ09xGSLcuNaLgmvvqa07sgfo=

View File

@ -310,12 +310,12 @@ func configureInterface(rs Settings, tun *tun.NativeTun) error {
continue continue
} }
if route.IP.Is4() { if route.IP.Is4() {
if route.Mask == 0 { if route.Bits == 0 {
foundDefault4 = true foundDefault4 = true
} }
r.NextHop = *firstGateway4 r.NextHop = *firstGateway4
} else if route.IP.Is6() { } else if route.IP.Is6() {
if route.Mask == 0 { if route.Bits == 0 {
foundDefault6 = true foundDefault6 = true
} }
r.NextHop = *firstGateway6 r.NextHop = *firstGateway6
@ -360,7 +360,7 @@ func configureInterface(rs Settings, tun *tun.NativeTun) error {
var dnsIPs []net.IP var dnsIPs []net.IP
for _, ip := range rs.DNS { for _, ip := range rs.DNS {
dnsIPs = append(dnsIPs, ip.IP()) dnsIPs = append(dnsIPs, ip.IPAddr().IP)
} }
err = iface.SetDNS(dnsIPs) err = iface.SetDNS(dnsIPs)
if err != nil && errAcc == nil { if err != nil && errAcc == nil {

View File

@ -9,7 +9,7 @@
import ( import (
"github.com/tailscale/wireguard-go/device" "github.com/tailscale/wireguard-go/device"
"github.com/tailscale/wireguard-go/tun" "github.com/tailscale/wireguard-go/tun"
"github.com/tailscale/wireguard-go/wgcfg" "inet.af/netaddr"
"tailscale.com/types/logger" "tailscale.com/types/logger"
) )
@ -38,9 +38,9 @@ func New(logf logger.Logf, wgdev *device.Device, tundev tun.Device) (Router, err
// Settings is the subset of Tailscale configuration that is relevant // Settings is the subset of Tailscale configuration that is relevant
// to the OS's network stack. // to the OS's network stack.
type Settings struct { type Settings struct {
LocalAddrs []wgcfg.CIDR LocalAddrs []netaddr.IPPrefix
DNS []wgcfg.IP DNS []netaddr.IP
DNSDomains []string DNSDomains []string
Routes []wgcfg.CIDR // routes to point into the Tailscale interface Routes []netaddr.IPPrefix // routes to point into the Tailscale interface
SubnetRoutes []wgcfg.CIDR // subnets being advertised to other Tailscale nodes SubnetRoutes []netaddr.IPPrefix // subnets being advertised to other Tailscale nodes
} }

View File

@ -12,7 +12,7 @@
"github.com/tailscale/wireguard-go/device" "github.com/tailscale/wireguard-go/device"
"github.com/tailscale/wireguard-go/tun" "github.com/tailscale/wireguard-go/tun"
"github.com/tailscale/wireguard-go/wgcfg" "inet.af/netaddr"
"tailscale.com/types/logger" "tailscale.com/types/logger"
) )
@ -24,8 +24,8 @@
type freebsdRouter struct { type freebsdRouter struct {
logf logger.Logf logf logger.Logf
tunname string tunname string
local wgcfg.CIDR local netaddr.IPPrefix
routes map[wgcfg.CIDR]struct{} routes map[netaddr.IPPrefix]struct{}
} }
func newUserspaceRouter(logf logger.Logf, _ *device.Device, tundev tun.Device) (Router, error) { func newUserspaceRouter(logf logger.Logf, _ *device.Device, tundev tun.Device) (Router, error) {
@ -70,7 +70,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
// Update the address. // Update the address.
if localAddr != r.local { if localAddr != r.local {
// If the interface is already set, remove it. // If the interface is already set, remove it.
if r.local != (wgcfg.CIDR{}) { if r.local != (netaddr.IPPrefix{}) {
addrdel := []string{"ifconfig", r.tunname, addrdel := []string{"ifconfig", r.tunname,
"inet", r.local.String(), "-alias"} "inet", r.local.String(), "-alias"}
out, err := cmd(addrdel...).CombinedOutput() out, err := cmd(addrdel...).CombinedOutput()
@ -94,7 +94,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
} }
} }
newRoutes := make(map[wgcfg.CIDR]struct{}) newRoutes := make(map[netaddr.IPPrefix]struct{})
for _, route := range rs.Routes { for _, route := range rs.Routes {
newRoutes[route] = struct{}{} newRoutes[route] = struct{}{}
} }
@ -103,7 +103,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
if _, keep := newRoutes[route]; !keep { if _, keep := newRoutes[route]; !keep {
net := route.IPNet() net := route.IPNet()
nip := net.IP.Mask(net.Mask) nip := net.IP.Mask(net.Mask)
nstr := fmt.Sprintf("%v/%d", nip, route.Mask) nstr := fmt.Sprintf("%v/%d", nip, route.Bits)
routedel := []string{"route", "-q", "-n", routedel := []string{"route", "-q", "-n",
"del", "-inet", nstr, "del", "-inet", nstr,
"-iface", r.tunname} "-iface", r.tunname}
@ -121,7 +121,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
if _, exists := r.routes[route]; !exists { if _, exists := r.routes[route]; !exists {
net := route.IPNet() net := route.IPNet()
nip := net.IP.Mask(net.Mask) nip := net.IP.Mask(net.Mask)
nstr := fmt.Sprintf("%v/%d", nip, route.Mask) nstr := fmt.Sprintf("%v/%d", nip, route.Bits)
routeadd := []string{"route", "-q", "-n", routeadd := []string{"route", "-q", "-n",
"add", "-inet", nstr, "add", "-inet", nstr,
"-iface", r.tunname} "-iface", r.tunname}
@ -152,5 +152,5 @@ func (r *freebsdRouter) Close() error {
// TODO(mbaillie): these are no-ops for now. They could re-use the Linux funcs // TODO(mbaillie): these are no-ops for now. They could re-use the Linux funcs
// (sans systemd parts), but I note Linux DNS is disabled(?) so leaving for now. // (sans systemd parts), but I note Linux DNS is disabled(?) so leaving for now.
func (r *freebsdRouter) replaceResolvConf(_ []wgcfg.IP, _ []string) error { return nil } func (r *freebsdRouter) replaceResolvConf(_ []netaddr.IP, _ []string) error { return nil }
func (r *freebsdRouter) restoreResolvConf() error { return nil } func (r *freebsdRouter) restoreResolvConf() error { return nil }

View File

@ -17,7 +17,7 @@
"github.com/coreos/go-iptables/iptables" "github.com/coreos/go-iptables/iptables"
"github.com/tailscale/wireguard-go/device" "github.com/tailscale/wireguard-go/device"
"github.com/tailscale/wireguard-go/tun" "github.com/tailscale/wireguard-go/tun"
"github.com/tailscale/wireguard-go/wgcfg" "inet.af/netaddr"
"tailscale.com/atomicfile" "tailscale.com/atomicfile"
"tailscale.com/types/logger" "tailscale.com/types/logger"
) )
@ -51,9 +51,9 @@
type linuxRouter struct { type linuxRouter struct {
logf func(fmt string, args ...interface{}) logf func(fmt string, args ...interface{})
tunname string tunname string
addrs map[wgcfg.CIDR]bool addrs map[netaddr.IPPrefix]bool
routes map[wgcfg.CIDR]bool routes map[netaddr.IPPrefix]bool
subnetRoutes map[wgcfg.CIDR]bool subnetRoutes map[netaddr.IPPrefix]bool
ipt4 *iptables.IPTables ipt4 *iptables.IPTables
} }
@ -143,9 +143,9 @@ func (r *linuxRouter) Set(rs Settings) error {
// cidrDiff calls add and del as needed to make the set of prefixes in // cidrDiff calls add and del as needed to make the set of prefixes in
// old and new match. Returns a map version of new, and the first // old and new match. Returns a map version of new, and the first
// error encountered while reconfiguring, if any. // error encountered while reconfiguring, if any.
cidrDiff := func(kind string, old map[wgcfg.CIDR]bool, new []wgcfg.CIDR, add, del func(wgcfg.CIDR) error) (map[wgcfg.CIDR]bool, error) { cidrDiff := func(kind string, old map[netaddr.IPPrefix]bool, new []netaddr.IPPrefix, add, del func(netaddr.IPPrefix) error) (map[netaddr.IPPrefix]bool, error) {
var ( var (
ret = make(map[wgcfg.CIDR]bool, len(new)) ret = make(map[netaddr.IPPrefix]bool, len(new))
errq error errq error
) )
@ -212,7 +212,7 @@ func (r *linuxRouter) Set(rs Settings) error {
resolvConf = "/etc/resolv.conf" resolvConf = "/etc/resolv.conf"
) )
func (r *linuxRouter) replaceResolvConf(servers []wgcfg.IP, domains []string) error { func (r *linuxRouter) replaceResolvConf(servers []netaddr.IP, domains []string) error {
if len(servers) == 0 { if len(servers) == 0 {
return r.restoreResolvConf() return r.restoreResolvConf()
} }
@ -305,43 +305,43 @@ func (r *linuxRouter) restoreResolvConf() error {
// addAddress adds an IP/mask to the tunnel interface. Fails if the // addAddress adds an IP/mask to the tunnel interface. Fails if the
// address is already assigned to the interface, or if the addition // address is already assigned to the interface, or if the addition
// fails. // fails.
func (r *linuxRouter) addAddress(addr wgcfg.CIDR) error { func (r *linuxRouter) addAddress(addr netaddr.IPPrefix) error {
return cmd("ip", "addr", "add", addr.String(), "dev", r.tunname) return cmd("ip", "addr", "add", addr.String(), "dev", r.tunname)
} }
// delAddress removes an IP/mask from the tunnel interface. Fails if // delAddress removes an IP/mask from the tunnel interface. Fails if
// the address is not assigned to the interface, or if the removal // the address is not assigned to the interface, or if the removal
// fails. // fails.
func (r *linuxRouter) delAddress(addr wgcfg.CIDR) error { func (r *linuxRouter) delAddress(addr netaddr.IPPrefix) error {
return cmd("ip", "addr", "del", addr.String(), "dev", r.tunname) return cmd("ip", "addr", "del", addr.String(), "dev", r.tunname)
} }
// normalizeCIDR returns cidr as an ip/mask string, with the host bits // normalizeCIDR returns cidr as an ip/mask string, with the host bits
// of the IP address zeroed out. // of the IP address zeroed out.
func normalizeCIDR(cidr wgcfg.CIDR) string { func normalizeCIDR(cidr netaddr.IPPrefix) string {
ncidr := cidr.IPNet() ncidr := cidr.IPNet()
nip := ncidr.IP.Mask(ncidr.Mask) nip := ncidr.IP.Mask(ncidr.Mask)
return fmt.Sprintf("%s/%d", nip, cidr.Mask) return fmt.Sprintf("%s/%d", nip, cidr.Bits)
} }
// addRoute adds a route for cidr, pointing to the tunnel // addRoute adds a route for cidr, pointing to the tunnel
// interface. Fails if the route already exists, or if adding the // interface. Fails if the route already exists, or if adding the
// route fails. // route fails.
func (r *linuxRouter) addRoute(cidr wgcfg.CIDR) error { func (r *linuxRouter) addRoute(cidr netaddr.IPPrefix) error {
return cmd("ip", "route", "add", normalizeCIDR(cidr), "dev", r.tunname, "scope", "global") return cmd("ip", "route", "add", normalizeCIDR(cidr), "dev", r.tunname, "scope", "global")
} }
// delRoute removes the route for cidr pointing to the tunnel // delRoute removes the route for cidr pointing to the tunnel
// interface. Fails if the route doesn't exist, or if removing the // interface. Fails if the route doesn't exist, or if removing the
// route fails. // route fails.
func (r *linuxRouter) delRoute(cidr wgcfg.CIDR) error { func (r *linuxRouter) delRoute(cidr netaddr.IPPrefix) error {
return cmd("ip", "route", "del", normalizeCIDR(cidr), "dev", r.tunname, "scope", "global") return cmd("ip", "route", "del", normalizeCIDR(cidr), "dev", r.tunname, "scope", "global")
} }
// addSubnetRule adds a netfilter rule that allows traffic to flow // addSubnetRule adds a netfilter rule that allows traffic to flow
// from Tailscale to cidr. Fails if the rule already exists, or if // from Tailscale to cidr. Fails if the rule already exists, or if
// adding the route fails. // adding the route fails.
func (r *linuxRouter) addSubnetRule(cidr wgcfg.CIDR) error { func (r *linuxRouter) addSubnetRule(cidr netaddr.IPPrefix) error {
if err := r.ipt4.Insert("filter", "ts-forward", 1, "-i", r.tunname, "-d", normalizeCIDR(cidr), "-j", "MARK", "--set-mark", tailscaleSubnetRouteMark); err != nil { if err := r.ipt4.Insert("filter", "ts-forward", 1, "-i", r.tunname, "-d", normalizeCIDR(cidr), "-j", "MARK", "--set-mark", tailscaleSubnetRouteMark); err != nil {
return err return err
} }
@ -354,7 +354,7 @@ func (r *linuxRouter) addSubnetRule(cidr wgcfg.CIDR) error {
// delSubnetRule deletes the netfilter subnet forwarding rule for // delSubnetRule deletes the netfilter subnet forwarding rule for
// cidr. Fails if the rule doesn't exist, or if removing the rule // cidr. Fails if the rule doesn't exist, or if removing the rule
// fails. // fails.
func (r *linuxRouter) delSubnetRule(cidr wgcfg.CIDR) error { func (r *linuxRouter) delSubnetRule(cidr netaddr.IPPrefix) error {
if err := r.ipt4.Delete("filter", "ts-forward", "-i", r.tunname, "-d", normalizeCIDR(cidr), "-j", "MARK", "--set-mark", tailscaleSubnetRouteMark); err != nil { if err := r.ipt4.Delete("filter", "ts-forward", "-i", r.tunname, "-d", normalizeCIDR(cidr), "-j", "MARK", "--set-mark", tailscaleSubnetRouteMark); err != nil {
return err return err
} }

View File

@ -17,7 +17,7 @@
"github.com/tailscale/wireguard-go/device" "github.com/tailscale/wireguard-go/device"
"github.com/tailscale/wireguard-go/tun" "github.com/tailscale/wireguard-go/tun"
"github.com/tailscale/wireguard-go/wgcfg" "inet.af/netaddr"
"tailscale.com/atomicfile" "tailscale.com/atomicfile"
"tailscale.com/types/logger" "tailscale.com/types/logger"
) )
@ -29,8 +29,8 @@
type openbsdRouter struct { type openbsdRouter struct {
logf logger.Logf logf logger.Logf
tunname string tunname string
local wgcfg.CIDR local netaddr.IPPrefix
routes map[wgcfg.CIDR]struct{} routes map[netaddr.IPPrefix]struct{}
} }
func newUserspaceRouter(logf logger.Logf, _ *device.Device, tundev tun.Device) (Router, error) { func newUserspaceRouter(logf logger.Logf, _ *device.Device, tundev tun.Device) (Router, error) {
@ -70,7 +70,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
var errq error var errq error
if localAddr != r.local { if localAddr != r.local {
if r.local != (wgcfg.CIDR{}) { if r.local != (netaddr.IPPrefix{}) {
addrdel := []string{"ifconfig", r.tunname, addrdel := []string{"ifconfig", r.tunname,
"inet", r.local.String(), "-alias"} "inet", r.local.String(), "-alias"}
out, err := cmd(addrdel...).CombinedOutput() out, err := cmd(addrdel...).CombinedOutput()
@ -113,7 +113,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
} }
} }
newRoutes := make(map[wgcfg.CIDR]struct{}) newRoutes := make(map[netaddr.IPPrefix]struct{})
for _, route := range rs.Routes { for _, route := range rs.Routes {
newRoutes[route] = struct{}{} newRoutes[route] = struct{}{}
} }
@ -121,7 +121,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
if _, keep := newRoutes[route]; !keep { if _, keep := newRoutes[route]; !keep {
net := route.IPNet() net := route.IPNet()
nip := net.IP.Mask(net.Mask) nip := net.IP.Mask(net.Mask)
nstr := fmt.Sprintf("%v/%d", nip, route.Mask) nstr := fmt.Sprintf("%v/%d", nip, route.Bits)
routedel := []string{"route", "-q", "-n", routedel := []string{"route", "-q", "-n",
"del", "-inet", nstr, "del", "-inet", nstr,
"-iface", localAddr.IP.String()} "-iface", localAddr.IP.String()}
@ -138,7 +138,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
if _, exists := r.routes[route]; !exists { if _, exists := r.routes[route]; !exists {
net := route.IPNet() net := route.IPNet()
nip := net.IP.Mask(net.Mask) nip := net.IP.Mask(net.Mask)
nstr := fmt.Sprintf("%v/%d", nip, route.Mask) nstr := fmt.Sprintf("%v/%d", nip, route.Bits)
routeadd := []string{"route", "-q", "-n", routeadd := []string{"route", "-q", "-n",
"add", "-inet", nstr, "add", "-inet", nstr,
"-iface", localAddr.IP.String()} "-iface", localAddr.IP.String()}
@ -181,7 +181,7 @@ func (r *openbsdRouter) Close() error {
resolvConf = "/etc/resolv.conf" resolvConf = "/etc/resolv.conf"
) )
func (r *openbsdRouter) replaceResolvConf(servers []wgcfg.IP, domains []string) error { func (r *openbsdRouter) replaceResolvConf(servers []netaddr.IP, domains []string) error {
if len(servers) == 0 { if len(servers) == 0 {
return r.restoreResolvConf() return r.restoreResolvConf()
} }

View File

@ -23,6 +23,7 @@
"github.com/tailscale/wireguard-go/tun" "github.com/tailscale/wireguard-go/tun"
"github.com/tailscale/wireguard-go/wgcfg" "github.com/tailscale/wireguard-go/wgcfg"
"go4.org/mem" "go4.org/mem"
"inet.af/netaddr"
"tailscale.com/ipn/ipnstate" "tailscale.com/ipn/ipnstate"
"tailscale.com/net/interfaces" "tailscale.com/net/interfaces"
"tailscale.com/tailcfg" "tailscale.com/tailcfg"
@ -397,13 +398,13 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string, local
} }
rs := router.Settings{ rs := router.Settings{
LocalAddrs: addrs, LocalAddrs: wgCIDRToNetaddr(addrs),
DNS: cfg.DNS, DNS: wgIPToNetaddr(cfg.DNS),
DNSDomains: dnsDomains, DNSDomains: dnsDomains,
SubnetRoutes: localRoutes, SubnetRoutes: wgCIDRToNetaddr(localRoutes),
} }
for _, peer := range cfg.Peers { for _, peer := range cfg.Peers {
rs.Routes = append(rs.Routes, peer.AllowedIPs...) rs.Routes = append(rs.Routes, wgCIDRToNetaddr(peer.AllowedIPs)...)
} }
if err := e.router.Set(rs); err != nil { if err := e.router.Set(rs); err != nil {
@ -414,6 +415,28 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string, local
return nil return nil
} }
func wgIPToNetaddr(ips []wgcfg.IP) (ret []netaddr.IP) {
for _, ip := range ips {
nip, ok := netaddr.FromStdIP(ip.IP())
if !ok {
panic(fmt.Sprintf("conversion of %s from wgcfg to netaddr IP failed", ip))
}
ret = append(ret, nip)
}
return ret
}
func wgCIDRToNetaddr(cidrs []wgcfg.CIDR) (ret []netaddr.IPPrefix) {
for _, cidr := range cidrs {
ncidr, ok := netaddr.FromStdIPNet(cidr.IPNet())
if !ok {
panic(fmt.Sprintf("conversion of %s from wgcfg to netaddr IPNet failed", cidr))
}
ret = append(ret, ncidr)
}
return ret
}
func (e *userspaceEngine) GetFilter() *filter.Filter { func (e *userspaceEngine) GetFilter() *filter.Filter {
e.mu.Lock() e.mu.Lock()
defer e.mu.Unlock() defer e.mu.Unlock()