mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-25 19:15:34 +00:00
wgengine/router: use inet.af/netaddr, not wgcfg.CIDR.
Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
parent
b8f01eed34
commit
b01db109f5
2
go.mod
2
go.mod
@ -28,6 +28,6 @@ require (
|
||||
golang.org/x/sys v0.0.0-20200501052902-10377860bb8e
|
||||
golang.org/x/time v0.0.0-20191024005414-555d28b269f0
|
||||
gortc.io/stun v1.22.1
|
||||
inet.af/netaddr v0.0.0-20200417213433-f9e5bcc2d6ea
|
||||
inet.af/netaddr v0.0.0-20200430175045-5aaf2097c7fc
|
||||
rsc.io/goversion v1.2.0
|
||||
)
|
||||
|
2
go.sum
2
go.sum
@ -146,5 +146,7 @@ gortc.io/stun v1.22.1 h1:96mOdDATYRqhYB+TZdenWBg4CzL2Ye5kPyBXQ8KAB+8=
|
||||
gortc.io/stun v1.22.1/go.mod h1:XD5lpONVyjvV3BgOyJFNo0iv6R2oZB4L+weMqxts+zg=
|
||||
inet.af/netaddr v0.0.0-20200417213433-f9e5bcc2d6ea h1:DpXewrGVf9+vvYQFrNGj9v34bXMuTVQv+2wuULTNV8I=
|
||||
inet.af/netaddr v0.0.0-20200417213433-f9e5bcc2d6ea/go.mod h1:qqYzz/2whtrbWJvt+DNWQyvekNN4ePQZcg2xc2/Yjww=
|
||||
inet.af/netaddr v0.0.0-20200430175045-5aaf2097c7fc h1:We3b/z+7i9LV4Ls0yWve5vYIlnAPSPeqxKVgZseRDBs=
|
||||
inet.af/netaddr v0.0.0-20200430175045-5aaf2097c7fc/go.mod h1:qqYzz/2whtrbWJvt+DNWQyvekNN4ePQZcg2xc2/Yjww=
|
||||
rsc.io/goversion v1.2.0 h1:SPn+NLTiAG7w30IRK/DKp1BjvpWabYgxlLp/+kx5J8w=
|
||||
rsc.io/goversion v1.2.0/go.mod h1:Eih9y/uIBS3ulggl7KNJ09xGSLcuNaLgmvvqa07sgfo=
|
||||
|
@ -310,12 +310,12 @@ func configureInterface(rs Settings, tun *tun.NativeTun) error {
|
||||
continue
|
||||
}
|
||||
if route.IP.Is4() {
|
||||
if route.Mask == 0 {
|
||||
if route.Bits == 0 {
|
||||
foundDefault4 = true
|
||||
}
|
||||
r.NextHop = *firstGateway4
|
||||
} else if route.IP.Is6() {
|
||||
if route.Mask == 0 {
|
||||
if route.Bits == 0 {
|
||||
foundDefault6 = true
|
||||
}
|
||||
r.NextHop = *firstGateway6
|
||||
@ -360,7 +360,7 @@ func configureInterface(rs Settings, tun *tun.NativeTun) error {
|
||||
|
||||
var dnsIPs []net.IP
|
||||
for _, ip := range rs.DNS {
|
||||
dnsIPs = append(dnsIPs, ip.IP())
|
||||
dnsIPs = append(dnsIPs, ip.IPAddr().IP)
|
||||
}
|
||||
err = iface.SetDNS(dnsIPs)
|
||||
if err != nil && errAcc == nil {
|
||||
|
@ -9,7 +9,7 @@
|
||||
import (
|
||||
"github.com/tailscale/wireguard-go/device"
|
||||
"github.com/tailscale/wireguard-go/tun"
|
||||
"github.com/tailscale/wireguard-go/wgcfg"
|
||||
"inet.af/netaddr"
|
||||
"tailscale.com/types/logger"
|
||||
)
|
||||
|
||||
@ -38,9 +38,9 @@ func New(logf logger.Logf, wgdev *device.Device, tundev tun.Device) (Router, err
|
||||
// Settings is the subset of Tailscale configuration that is relevant
|
||||
// to the OS's network stack.
|
||||
type Settings struct {
|
||||
LocalAddrs []wgcfg.CIDR
|
||||
DNS []wgcfg.IP
|
||||
LocalAddrs []netaddr.IPPrefix
|
||||
DNS []netaddr.IP
|
||||
DNSDomains []string
|
||||
Routes []wgcfg.CIDR // routes to point into the Tailscale interface
|
||||
SubnetRoutes []wgcfg.CIDR // subnets being advertised to other Tailscale nodes
|
||||
Routes []netaddr.IPPrefix // routes to point into the Tailscale interface
|
||||
SubnetRoutes []netaddr.IPPrefix // subnets being advertised to other Tailscale nodes
|
||||
}
|
||||
|
@ -12,7 +12,7 @@
|
||||
|
||||
"github.com/tailscale/wireguard-go/device"
|
||||
"github.com/tailscale/wireguard-go/tun"
|
||||
"github.com/tailscale/wireguard-go/wgcfg"
|
||||
"inet.af/netaddr"
|
||||
"tailscale.com/types/logger"
|
||||
)
|
||||
|
||||
@ -24,8 +24,8 @@
|
||||
type freebsdRouter struct {
|
||||
logf logger.Logf
|
||||
tunname string
|
||||
local wgcfg.CIDR
|
||||
routes map[wgcfg.CIDR]struct{}
|
||||
local netaddr.IPPrefix
|
||||
routes map[netaddr.IPPrefix]struct{}
|
||||
}
|
||||
|
||||
func newUserspaceRouter(logf logger.Logf, _ *device.Device, tundev tun.Device) (Router, error) {
|
||||
@ -70,7 +70,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
|
||||
// Update the address.
|
||||
if localAddr != r.local {
|
||||
// If the interface is already set, remove it.
|
||||
if r.local != (wgcfg.CIDR{}) {
|
||||
if r.local != (netaddr.IPPrefix{}) {
|
||||
addrdel := []string{"ifconfig", r.tunname,
|
||||
"inet", r.local.String(), "-alias"}
|
||||
out, err := cmd(addrdel...).CombinedOutput()
|
||||
@ -94,7 +94,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
|
||||
}
|
||||
}
|
||||
|
||||
newRoutes := make(map[wgcfg.CIDR]struct{})
|
||||
newRoutes := make(map[netaddr.IPPrefix]struct{})
|
||||
for _, route := range rs.Routes {
|
||||
newRoutes[route] = struct{}{}
|
||||
}
|
||||
@ -103,7 +103,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
|
||||
if _, keep := newRoutes[route]; !keep {
|
||||
net := route.IPNet()
|
||||
nip := net.IP.Mask(net.Mask)
|
||||
nstr := fmt.Sprintf("%v/%d", nip, route.Mask)
|
||||
nstr := fmt.Sprintf("%v/%d", nip, route.Bits)
|
||||
routedel := []string{"route", "-q", "-n",
|
||||
"del", "-inet", nstr,
|
||||
"-iface", r.tunname}
|
||||
@ -121,7 +121,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
|
||||
if _, exists := r.routes[route]; !exists {
|
||||
net := route.IPNet()
|
||||
nip := net.IP.Mask(net.Mask)
|
||||
nstr := fmt.Sprintf("%v/%d", nip, route.Mask)
|
||||
nstr := fmt.Sprintf("%v/%d", nip, route.Bits)
|
||||
routeadd := []string{"route", "-q", "-n",
|
||||
"add", "-inet", nstr,
|
||||
"-iface", r.tunname}
|
||||
@ -152,5 +152,5 @@ func (r *freebsdRouter) Close() error {
|
||||
|
||||
// TODO(mbaillie): these are no-ops for now. They could re-use the Linux funcs
|
||||
// (sans systemd parts), but I note Linux DNS is disabled(?) so leaving for now.
|
||||
func (r *freebsdRouter) replaceResolvConf(_ []wgcfg.IP, _ []string) error { return nil }
|
||||
func (r *freebsdRouter) replaceResolvConf(_ []netaddr.IP, _ []string) error { return nil }
|
||||
func (r *freebsdRouter) restoreResolvConf() error { return nil }
|
||||
|
@ -17,7 +17,7 @@
|
||||
"github.com/coreos/go-iptables/iptables"
|
||||
"github.com/tailscale/wireguard-go/device"
|
||||
"github.com/tailscale/wireguard-go/tun"
|
||||
"github.com/tailscale/wireguard-go/wgcfg"
|
||||
"inet.af/netaddr"
|
||||
"tailscale.com/atomicfile"
|
||||
"tailscale.com/types/logger"
|
||||
)
|
||||
@ -51,9 +51,9 @@
|
||||
type linuxRouter struct {
|
||||
logf func(fmt string, args ...interface{})
|
||||
tunname string
|
||||
addrs map[wgcfg.CIDR]bool
|
||||
routes map[wgcfg.CIDR]bool
|
||||
subnetRoutes map[wgcfg.CIDR]bool
|
||||
addrs map[netaddr.IPPrefix]bool
|
||||
routes map[netaddr.IPPrefix]bool
|
||||
subnetRoutes map[netaddr.IPPrefix]bool
|
||||
|
||||
ipt4 *iptables.IPTables
|
||||
}
|
||||
@ -143,9 +143,9 @@ func (r *linuxRouter) Set(rs Settings) error {
|
||||
// cidrDiff calls add and del as needed to make the set of prefixes in
|
||||
// old and new match. Returns a map version of new, and the first
|
||||
// error encountered while reconfiguring, if any.
|
||||
cidrDiff := func(kind string, old map[wgcfg.CIDR]bool, new []wgcfg.CIDR, add, del func(wgcfg.CIDR) error) (map[wgcfg.CIDR]bool, error) {
|
||||
cidrDiff := func(kind string, old map[netaddr.IPPrefix]bool, new []netaddr.IPPrefix, add, del func(netaddr.IPPrefix) error) (map[netaddr.IPPrefix]bool, error) {
|
||||
var (
|
||||
ret = make(map[wgcfg.CIDR]bool, len(new))
|
||||
ret = make(map[netaddr.IPPrefix]bool, len(new))
|
||||
errq error
|
||||
)
|
||||
|
||||
@ -212,7 +212,7 @@ func (r *linuxRouter) Set(rs Settings) error {
|
||||
resolvConf = "/etc/resolv.conf"
|
||||
)
|
||||
|
||||
func (r *linuxRouter) replaceResolvConf(servers []wgcfg.IP, domains []string) error {
|
||||
func (r *linuxRouter) replaceResolvConf(servers []netaddr.IP, domains []string) error {
|
||||
if len(servers) == 0 {
|
||||
return r.restoreResolvConf()
|
||||
}
|
||||
@ -305,43 +305,43 @@ func (r *linuxRouter) restoreResolvConf() error {
|
||||
// addAddress adds an IP/mask to the tunnel interface. Fails if the
|
||||
// address is already assigned to the interface, or if the addition
|
||||
// fails.
|
||||
func (r *linuxRouter) addAddress(addr wgcfg.CIDR) error {
|
||||
func (r *linuxRouter) addAddress(addr netaddr.IPPrefix) error {
|
||||
return cmd("ip", "addr", "add", addr.String(), "dev", r.tunname)
|
||||
}
|
||||
|
||||
// delAddress removes an IP/mask from the tunnel interface. Fails if
|
||||
// the address is not assigned to the interface, or if the removal
|
||||
// fails.
|
||||
func (r *linuxRouter) delAddress(addr wgcfg.CIDR) error {
|
||||
func (r *linuxRouter) delAddress(addr netaddr.IPPrefix) error {
|
||||
return cmd("ip", "addr", "del", addr.String(), "dev", r.tunname)
|
||||
}
|
||||
|
||||
// normalizeCIDR returns cidr as an ip/mask string, with the host bits
|
||||
// of the IP address zeroed out.
|
||||
func normalizeCIDR(cidr wgcfg.CIDR) string {
|
||||
func normalizeCIDR(cidr netaddr.IPPrefix) string {
|
||||
ncidr := cidr.IPNet()
|
||||
nip := ncidr.IP.Mask(ncidr.Mask)
|
||||
return fmt.Sprintf("%s/%d", nip, cidr.Mask)
|
||||
return fmt.Sprintf("%s/%d", nip, cidr.Bits)
|
||||
}
|
||||
|
||||
// addRoute adds a route for cidr, pointing to the tunnel
|
||||
// interface. Fails if the route already exists, or if adding the
|
||||
// route fails.
|
||||
func (r *linuxRouter) addRoute(cidr wgcfg.CIDR) error {
|
||||
func (r *linuxRouter) addRoute(cidr netaddr.IPPrefix) error {
|
||||
return cmd("ip", "route", "add", normalizeCIDR(cidr), "dev", r.tunname, "scope", "global")
|
||||
}
|
||||
|
||||
// delRoute removes the route for cidr pointing to the tunnel
|
||||
// interface. Fails if the route doesn't exist, or if removing the
|
||||
// route fails.
|
||||
func (r *linuxRouter) delRoute(cidr wgcfg.CIDR) error {
|
||||
func (r *linuxRouter) delRoute(cidr netaddr.IPPrefix) error {
|
||||
return cmd("ip", "route", "del", normalizeCIDR(cidr), "dev", r.tunname, "scope", "global")
|
||||
}
|
||||
|
||||
// addSubnetRule adds a netfilter rule that allows traffic to flow
|
||||
// from Tailscale to cidr. Fails if the rule already exists, or if
|
||||
// adding the route fails.
|
||||
func (r *linuxRouter) addSubnetRule(cidr wgcfg.CIDR) error {
|
||||
func (r *linuxRouter) addSubnetRule(cidr netaddr.IPPrefix) error {
|
||||
if err := r.ipt4.Insert("filter", "ts-forward", 1, "-i", r.tunname, "-d", normalizeCIDR(cidr), "-j", "MARK", "--set-mark", tailscaleSubnetRouteMark); err != nil {
|
||||
return err
|
||||
}
|
||||
@ -354,7 +354,7 @@ func (r *linuxRouter) addSubnetRule(cidr wgcfg.CIDR) error {
|
||||
// delSubnetRule deletes the netfilter subnet forwarding rule for
|
||||
// cidr. Fails if the rule doesn't exist, or if removing the rule
|
||||
// fails.
|
||||
func (r *linuxRouter) delSubnetRule(cidr wgcfg.CIDR) error {
|
||||
func (r *linuxRouter) delSubnetRule(cidr netaddr.IPPrefix) error {
|
||||
if err := r.ipt4.Delete("filter", "ts-forward", "-i", r.tunname, "-d", normalizeCIDR(cidr), "-j", "MARK", "--set-mark", tailscaleSubnetRouteMark); err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
"github.com/tailscale/wireguard-go/device"
|
||||
"github.com/tailscale/wireguard-go/tun"
|
||||
"github.com/tailscale/wireguard-go/wgcfg"
|
||||
"inet.af/netaddr"
|
||||
"tailscale.com/atomicfile"
|
||||
"tailscale.com/types/logger"
|
||||
)
|
||||
@ -29,8 +29,8 @@
|
||||
type openbsdRouter struct {
|
||||
logf logger.Logf
|
||||
tunname string
|
||||
local wgcfg.CIDR
|
||||
routes map[wgcfg.CIDR]struct{}
|
||||
local netaddr.IPPrefix
|
||||
routes map[netaddr.IPPrefix]struct{}
|
||||
}
|
||||
|
||||
func newUserspaceRouter(logf logger.Logf, _ *device.Device, tundev tun.Device) (Router, error) {
|
||||
@ -70,7 +70,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
|
||||
var errq error
|
||||
|
||||
if localAddr != r.local {
|
||||
if r.local != (wgcfg.CIDR{}) {
|
||||
if r.local != (netaddr.IPPrefix{}) {
|
||||
addrdel := []string{"ifconfig", r.tunname,
|
||||
"inet", r.local.String(), "-alias"}
|
||||
out, err := cmd(addrdel...).CombinedOutput()
|
||||
@ -113,7 +113,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
|
||||
}
|
||||
}
|
||||
|
||||
newRoutes := make(map[wgcfg.CIDR]struct{})
|
||||
newRoutes := make(map[netaddr.IPPrefix]struct{})
|
||||
for _, route := range rs.Routes {
|
||||
newRoutes[route] = struct{}{}
|
||||
}
|
||||
@ -121,7 +121,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
|
||||
if _, keep := newRoutes[route]; !keep {
|
||||
net := route.IPNet()
|
||||
nip := net.IP.Mask(net.Mask)
|
||||
nstr := fmt.Sprintf("%v/%d", nip, route.Mask)
|
||||
nstr := fmt.Sprintf("%v/%d", nip, route.Bits)
|
||||
routedel := []string{"route", "-q", "-n",
|
||||
"del", "-inet", nstr,
|
||||
"-iface", localAddr.IP.String()}
|
||||
@ -138,7 +138,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
|
||||
if _, exists := r.routes[route]; !exists {
|
||||
net := route.IPNet()
|
||||
nip := net.IP.Mask(net.Mask)
|
||||
nstr := fmt.Sprintf("%v/%d", nip, route.Mask)
|
||||
nstr := fmt.Sprintf("%v/%d", nip, route.Bits)
|
||||
routeadd := []string{"route", "-q", "-n",
|
||||
"add", "-inet", nstr,
|
||||
"-iface", localAddr.IP.String()}
|
||||
@ -181,7 +181,7 @@ func (r *openbsdRouter) Close() error {
|
||||
resolvConf = "/etc/resolv.conf"
|
||||
)
|
||||
|
||||
func (r *openbsdRouter) replaceResolvConf(servers []wgcfg.IP, domains []string) error {
|
||||
func (r *openbsdRouter) replaceResolvConf(servers []netaddr.IP, domains []string) error {
|
||||
if len(servers) == 0 {
|
||||
return r.restoreResolvConf()
|
||||
}
|
||||
|
@ -23,6 +23,7 @@
|
||||
"github.com/tailscale/wireguard-go/tun"
|
||||
"github.com/tailscale/wireguard-go/wgcfg"
|
||||
"go4.org/mem"
|
||||
"inet.af/netaddr"
|
||||
"tailscale.com/ipn/ipnstate"
|
||||
"tailscale.com/net/interfaces"
|
||||
"tailscale.com/tailcfg"
|
||||
@ -397,13 +398,13 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string, local
|
||||
}
|
||||
|
||||
rs := router.Settings{
|
||||
LocalAddrs: addrs,
|
||||
DNS: cfg.DNS,
|
||||
LocalAddrs: wgCIDRToNetaddr(addrs),
|
||||
DNS: wgIPToNetaddr(cfg.DNS),
|
||||
DNSDomains: dnsDomains,
|
||||
SubnetRoutes: localRoutes,
|
||||
SubnetRoutes: wgCIDRToNetaddr(localRoutes),
|
||||
}
|
||||
for _, peer := range cfg.Peers {
|
||||
rs.Routes = append(rs.Routes, peer.AllowedIPs...)
|
||||
rs.Routes = append(rs.Routes, wgCIDRToNetaddr(peer.AllowedIPs)...)
|
||||
}
|
||||
|
||||
if err := e.router.Set(rs); err != nil {
|
||||
@ -414,6 +415,28 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, dnsDomains []string, local
|
||||
return nil
|
||||
}
|
||||
|
||||
func wgIPToNetaddr(ips []wgcfg.IP) (ret []netaddr.IP) {
|
||||
for _, ip := range ips {
|
||||
nip, ok := netaddr.FromStdIP(ip.IP())
|
||||
if !ok {
|
||||
panic(fmt.Sprintf("conversion of %s from wgcfg to netaddr IP failed", ip))
|
||||
}
|
||||
ret = append(ret, nip)
|
||||
}
|
||||
return ret
|
||||
}
|
||||
|
||||
func wgCIDRToNetaddr(cidrs []wgcfg.CIDR) (ret []netaddr.IPPrefix) {
|
||||
for _, cidr := range cidrs {
|
||||
ncidr, ok := netaddr.FromStdIPNet(cidr.IPNet())
|
||||
if !ok {
|
||||
panic(fmt.Sprintf("conversion of %s from wgcfg to netaddr IPNet failed", cidr))
|
||||
}
|
||||
ret = append(ret, ncidr)
|
||||
}
|
||||
return ret
|
||||
}
|
||||
|
||||
func (e *userspaceEngine) GetFilter() *filter.Filter {
|
||||
e.mu.Lock()
|
||||
defer e.mu.Unlock()
|
||||
|
Loading…
Reference in New Issue
Block a user