wgengine/router: restore /etc/resolv.conf after tailscale down is called

This change is to restore /etc/resolv.conf after tailscale down is called. This is done by setting the dns.Manager before errors occur. Error collection is also added. Fixes #723
2025-10-31 13:05:22 +00:00 · 2020-09-17 16:40:22 -04:00
parent 904a91038a
commit f0e9dcdc0a
5 changed files with 18 additions and 11 deletions
--- a/cmd/tailscale/depaware.txt
+++ b/cmd/tailscale/depaware.txt
@@ -5,6 +5,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
        github.com/apenwarr/fixconsole                               from tailscale.com/cmd/tailscale
   W 💣 github.com/apenwarr/w32                                      from github.com/apenwarr/fixconsole
   L    github.com/coreos/go-iptables/iptables                       from tailscale.com/wgengine/router
+   L    github.com/go-multierror/multierror                          from tailscale.com/wgengine/router
   W 💣 github.com/go-ole/go-ole                                     from github.com/go-ole/go-ole/oleutil+
   W 💣 github.com/go-ole/go-ole/oleutil                             from tailscale.com/wgengine/winnet
   L 💣 github.com/godbus/dbus/v5                                    from tailscale.com/wgengine/router/dns
--- a/cmd/tailscaled/depaware.txt
+++ b/cmd/tailscaled/depaware.txt
@@ -5,6 +5,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
        github.com/apenwarr/fixconsole                               from tailscale.com/cmd/tailscaled
   W 💣 github.com/apenwarr/w32                                      from github.com/apenwarr/fixconsole
   L    github.com/coreos/go-iptables/iptables                       from tailscale.com/wgengine/router
+   L    github.com/go-multierror/multierror                          from tailscale.com/wgengine/router
   W 💣 github.com/go-ole/go-ole                                     from github.com/go-ole/go-ole/oleutil+
   W 💣 github.com/go-ole/go-ole/oleutil                             from tailscale.com/wgengine/winnet
   L 💣 github.com/godbus/dbus/v5                                    from tailscale.com/wgengine/router/dns
--- a/go.mod
+++ b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/coreos/go-iptables v0.4.5
 	github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect
 	github.com/gliderlabs/ssh v0.2.2
+	github.com/go-multierror/multierror v1.0.2
 	github.com/go-ole/go-ole v1.2.4
 	github.com/godbus/dbus/v5 v5.0.3
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e
--- a/go.sum
+++ b/go.sum
@@ -30,6 +30,8 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjr
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-multierror/multierror v1.0.2 h1:AwsKbEXkmf49ajdFJgcFXqSG0aLo0HEyAE9zk9JguJo=
+github.com/go-multierror/multierror v1.0.2/go.mod h1:U7SZR/D9jHgt2nkSj8XcbCWdmVM2igraCHQ3HC1HiKY=
 github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI=
 github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
 github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME=
--- a/wgengine/router/router_linux.go
+++ b/wgengine/router/router_linux.go
@@ -10,6 +10,7 @@ import (
 	"strings"

 	"github.com/coreos/go-iptables/iptables"
+	"github.com/go-multierror/multierror"
 	"github.com/tailscale/wireguard-go/device"
 	"github.com/tailscale/wireguard-go/tun"
 	"inet.af/netaddr"
@@ -145,7 +146,7 @@ func (r *linuxRouter) Up() error {

 func (r *linuxRouter) Close() error {
 	if err := r.dns.Down(); err != nil {
-		return fmt.Errorf("dns down: %v", err)
+		return fmt.Errorf("dns down: %w", err)
 	}
 	if err := r.downInterface(); err != nil {
 		return err
@@ -165,23 +166,28 @@ func (r *linuxRouter) Close() error {

 // Set implements the Router interface.
 func (r *linuxRouter) Set(cfg *Config) error {
+	var errs []error
 	if cfg == nil {
 		cfg = &shutdownConfig
 	}

+	if err := r.dns.Set(cfg.DNS); err != nil {
+		errs = append(errs, fmt.Errorf("dns set: %w", err))
+	}
+
 	if err := r.setNetfilterMode(cfg.NetfilterMode); err != nil {
-		return err
+		errs = append(errs, err)
 	}

 	newRoutes, err := cidrDiff("route", r.routes, cfg.Routes, r.addRoute, r.delRoute, r.logf)
 	if err != nil {
-		return err
+		errs = append(errs, err)
 	}
 	r.routes = newRoutes

 	newAddrs, err := cidrDiff("addr", r.addrs, cfg.LocalAddrs, r.addAddress, r.delAddress, r.logf)
 	if err != nil {
-		return err
+		errs = append(errs, err)
 	}
 	r.addrs = newAddrs

@@ -190,20 +196,16 @@ func (r *linuxRouter) Set(cfg *Config) error {
 		// state already correct, nothing to do.
 	case cfg.SNATSubnetRoutes:
 		if err := r.addSNATRule(); err != nil {
-			return err
+			errs = append(errs, err)
 		}
 	default:
 		if err := r.delSNATRule(); err != nil {
-			return err
+			errs = append(errs, err)
 		}
 	}
 	r.snatSubnetRoutes = cfg.SNATSubnetRoutes

-	if err := r.dns.Set(cfg.DNS); err != nil {
-		return fmt.Errorf("dns set: %v", err)
-	}
-
-	return nil
+	return multierror.New(errs)
 }

 // setNetfilterMode switches the router to the given netfilter