lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wgengine/router: rename config.Settings to config.Config, make pointer. 

Signed-off-by: David Anderson <danderson@tailscale.com>
reviewable/pr381/r1
David Anderson 2020-05-12 07:08:52 +00:00 committed by Dave Anderson
parent 72cae5504c
commit 9ccbcda612
13 changed files with 78 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ipn/local.go
View File

@ -711,16 +711,16 @@ func (b *LocalBackend) authReconfig() {
log.Fatalf("WGCfg: %v", err) log.Fatalf("WGCfg: %v", err)
} }
err = b.e.Reconfig(cfg, routerSettings(cfg, uc, dom)) err = b.e.Reconfig(cfg, routerConfig(cfg, uc, dom))
if err == wgengine.ErrNoChanges { if err == wgengine.ErrNoChanges {
return return
} }
b.logf("authReconfig: ra=%v dns=%v 0x%02x: %v", uc.RouteAll, uc.CorpDNS, uflags, err) b.logf("authReconfig: ra=%v dns=%v 0x%02x: %v", uc.RouteAll, uc.CorpDNS, uflags, err)
} }
// routerSettings produces a router.Settings from a wireguard config, // routerConfig produces a router.Config from a wireguard config,
// IPN prefs, and the dnsDomains pulled from control's network map. // IPN prefs, and the dnsDomains pulled from control's network map.
func routerSettings(cfg *wgcfg.Config, prefs *Prefs, dnsDomains []string) router.Settings { func routerConfig(cfg *wgcfg.Config, prefs *Prefs, dnsDomains []string) *router.Config {
var addrs []wgcfg.CIDR var addrs []wgcfg.CIDR
for _, addr := range cfg.Addresses { for _, addr := range cfg.Addresses {
addrs = append(addrs, wgcfg.CIDR{ addrs = append(addrs, wgcfg.CIDR{
@ -733,7 +733,7 @@ func routerSettings(cfg *wgcfg.Config, prefs *Prefs, dnsDomains []string) router
}) })
} }
rs := router.Settings{ rs := &router.Config{
LocalAddrs: wgCIDRToNetaddr(addrs), LocalAddrs: wgCIDRToNetaddr(addrs),
DNS: wgIPToNetaddr(cfg.DNS), DNS: wgIPToNetaddr(cfg.DNS),
DNSDomains: dnsDomains, DNSDomains: dnsDomains,
@ -793,7 +793,7 @@ func (b *LocalBackend) enterState(newState State) {
b.blockEngineUpdates(true) b.blockEngineUpdates(true)
fallthrough fallthrough
case Stopped: case Stopped:
err := b.e.Reconfig(&wgcfg.Config{}, router.Settings{}) err := b.e.Reconfig(&wgcfg.Config{}, nil)
if err != nil { if err != nil {
b.logf("Reconfig(down): %v", err) b.logf("Reconfig(down): %v", err)
} }
@ -869,7 +869,7 @@ func (b *LocalBackend) stateMachine() {
func (b *LocalBackend) stopEngineAndWait() { func (b *LocalBackend) stopEngineAndWait() {
b.logf("stopEngineAndWait...") b.logf("stopEngineAndWait...")
b.e.Reconfig(&wgcfg.Config{}, router.Settings{}) b.e.Reconfig(&wgcfg.Config{}, nil)
b.requestEngineStatusAndWait() b.requestEngineStatusAndWait()
b.logf("stopEngineAndWait: done.") b.logf("stopEngineAndWait: done.")
} }

12
wgengine/router/ifconfig_windows.go
View File

@ -236,7 +236,7 @@ func setFirewall(ifcGUID *windows.GUID) (bool, error) {
return false, nil return false, nil
} }
func configureInterface(rs Settings, tun *tun.NativeTun) error { func configureInterface(cfg *Config, tun *tun.NativeTun) error {
const mtu = 0 const mtu = 0
guid := tun.GUID() guid := tun.GUID()
log.Printf("wintun GUID is %v\n", guid) log.Printf("wintun GUID is %v\n", guid)
@ -262,13 +262,13 @@ func configureInterface(rs Settings, tun *tun.NativeTun) error {
} }
}() }()
setDNSDomains(guid, rs.DNSDomains) setDNSDomains(guid, cfg.DNSDomains)
routes := []winipcfg.RouteData{} routes := []winipcfg.RouteData{}
var firstGateway4 *net.IP var firstGateway4 *net.IP
var firstGateway6 *net.IP var firstGateway6 *net.IP
addresses := make([]*net.IPNet, len(rs.LocalAddrs)) addresses := make([]*net.IPNet, len(cfg.LocalAddrs))
for i, addr := range rs.LocalAddrs { for i, addr := range cfg.LocalAddrs {
ipnet := addr.IPNet() ipnet := addr.IPNet()
addresses[i] = ipnet addresses[i] = ipnet
gateway := ipnet.IP gateway := ipnet.IP
@ -281,7 +281,7 @@ func configureInterface(rs Settings, tun *tun.NativeTun) error {
foundDefault4 := false foundDefault4 := false
foundDefault6 := false foundDefault6 := false
for _, route := range rs.Routes { for _, route := range cfg.Routes {
if (route.IP.Is4() && firstGateway4 == nil) || (route.IP.Is6() && firstGateway6 == nil) { if (route.IP.Is4() && firstGateway4 == nil) || (route.IP.Is6() && firstGateway6 == nil) {
return errors.New("Due to a Windows limitation, one cannot have interface routes without an interface address") return errors.New("Due to a Windows limitation, one cannot have interface routes without an interface address")
} }
@ -359,7 +359,7 @@ func configureInterface(rs Settings, tun *tun.NativeTun) error {
} }
var dnsIPs []net.IP var dnsIPs []net.IP
for _, ip := range rs.DNS { for _, ip := range cfg.DNS {
dnsIPs = append(dnsIPs, ip.IPAddr().IP) dnsIPs = append(dnsIPs, ip.IPAddr().IP)
} }
err = iface.SetDNS(dnsIPs) err = iface.SetDNS(dnsIPs)

21
wgengine/router/router.go
View File

@ -20,10 +20,10 @@ type Router interface {
// Up brings the router up. // Up brings the router up.
Up() error Up() error
// Set updates the OS network stack with new settings. It may be // Set updates the OS network stack with a new Config. It may be
// called multiple times with identical Settings, which the // called multiple times with identical Configs, which the
// implementation should handle gracefully. // implementation should handle gracefully.
Set(Settings) error Set(*Config) error
// Close closes the router. // Close closes the router.
Close() error Close() error
@ -35,9 +35,9 @@ func New(logf logger.Logf, wgdev *device.Device, tundev tun.Device) (Router, err
return newUserspaceRouter(logf, wgdev, tundev) return newUserspaceRouter(logf, wgdev, tundev)
} }
// Settings is the subset of Tailscale configuration that is relevant // Config is the subset of Tailscale configuration that is relevant to
// to the OS's network stack. // the OS's network stack.
type Settings struct { type Config struct {
LocalAddrs []netaddr.IPPrefix LocalAddrs []netaddr.IPPrefix
DNS []netaddr.IP DNS []netaddr.IP
DNSDomains []string DNSDomains []string
@ -45,3 +45,12 @@ type Settings struct {
SubnetRoutes []netaddr.IPPrefix // subnets being advertised to other Tailscale nodes SubnetRoutes []netaddr.IPPrefix // subnets being advertised to other Tailscale nodes
NoSNAT bool // don't SNAT traffic to local subnets NoSNAT bool // don't SNAT traffic to local subnets
} }
// shutdownConfig is a routing configuration that removes all router
// state from the OS. It's the config used when callers pass in a nil
// Config.
var shutdownConfig = Config{
// TODO(danderson): set more things in here to disable all
// firewall rules and routing overrides when nil.
NoSNAT: true,
}

11
wgengine/router/router_darwin.go
View File

@ -26,11 +26,14 @@ func (r *darwinRouter) Up() error {
return nil return nil
} }
func (r *darwinRouter) Set(rs Settings) error { func (r *darwinRouter) Set(cfg *Config) error {
if SetRoutesFunc != nil { if SetRoutesFunc == nil {
return SetRoutesFunc(rs) return nil
} }
return nil if cfg == nil {
cfg = &shutdownConfig
}
return SetRoutesFunc(cfg)
} }
func (r *darwinRouter) Close() error { func (r *darwinRouter) Close() error {

4
wgengine/router/router_darwin_support.go
View File

@ -7,7 +7,7 @@
package router package router
// SetRoutesFunc applies the given router settings to the OS network // SetRoutesFunc applies the given router settings to the OS network
// stack. // stack. cfg is guaranteed to be non-nil.
// //
// This is logically part of the router_darwin.go implementation, and // This is logically part of the router_darwin.go implementation, and
// should not be used on other platforms. // should not be used on other platforms.
@ -22,4 +22,4 @@ package router
// as MacOS, so that we don't have to wait until the Mac CI to // as MacOS, so that we don't have to wait until the Mac CI to
// discover that we broke it. So this one definition needs to exist in // discover that we broke it. So this one definition needs to exist in
// both the darwin and linux builds. Hence this file and build tag. // both the darwin and linux builds. Hence this file and build tag.
var SetRoutesFunc func(rs Settings) error var SetRoutesFunc func(cfg *Config) error

2
wgengine/router/router_fake.go
View File

@ -25,7 +25,7 @@ func (r fakeRouter) Up() error {
return nil return nil
} }
func (r fakeRouter) Set(rs Settings) error { func (r fakeRouter) Set(cfg *Config) error {
r.logf("Warning: fakeRouter.Set: not implemented.") r.logf("Warning: fakeRouter.Set: not implemented.")
return nil return nil
} }

15
wgengine/router/router_freebsd.go
View File

@ -55,15 +55,18 @@ func (r *freebsdRouter) Up() error {
return nil return nil
} }
func (r *freebsdRouter) Set(rs Settings) error { func (r *freebsdRouter) Set(cfg *Config) error {
if len(rs.LocalAddrs) == 0 { if cfg == nil {
cfg = &shutdownConfig
}
if len(cfg.LocalAddrs) == 0 {
return nil return nil
} }
// TODO: support configuring multiple local addrs on interface. // TODO: support configuring multiple local addrs on interface.
if len(rs.LocalAddrs) != 1 { if len(cfg.LocalAddrs) != 1 {
return errors.New("freebsd doesn't support setting multiple local addrs yet") return errors.New("freebsd doesn't support setting multiple local addrs yet")
} }
localAddr := rs.LocalAddrs[0] localAddr := cfg.LocalAddrs[0]
var errq error var errq error
@ -95,7 +98,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
} }
newRoutes := make(map[netaddr.IPPrefix]struct{}) newRoutes := make(map[netaddr.IPPrefix]struct{})
for _, route := range rs.Routes { for _, route := range cfg.Routes {
newRoutes[route] = struct{}{} newRoutes[route] = struct{}{}
} }
// Delete any pre-existing routes. // Delete any pre-existing routes.
@ -139,7 +142,7 @@ func (r *freebsdRouter) Set(rs Settings) error {
r.local = localAddr r.local = localAddr
r.routes = newRoutes r.routes = newRoutes
if err := r.replaceResolvConf(rs.DNS, rs.DNSDomains); err != nil { if err := r.replaceResolvConf(cfg.DNS, cfg.DNSDomains); err != nil {
errq = fmt.Errorf("replacing resolv.conf failed: %v", err) errq = fmt.Errorf("replacing resolv.conf failed: %v", err)
} }

20
wgengine/router/router_linux.go
View File

@ -141,7 +141,11 @@ func (r *linuxRouter) Close() error {
} }
// Set implements the Router interface. // Set implements the Router interface.
func (r *linuxRouter) Set(rs Settings) error { func (r *linuxRouter) Set(cfg *Config) error {
if cfg == nil {
cfg = &shutdownConfig
}
// cidrDiff calls add and del as needed to make the set of prefixes in // cidrDiff calls add and del as needed to make the set of prefixes in
// old and new match. Returns a map version of new, and the first // old and new match. Returns a map version of new, and the first
// error encountered while reconfiguring, if any. // error encountered while reconfiguring, if any.
@ -182,23 +186,23 @@ func (r *linuxRouter) Set(rs Settings) error {
var errq error var errq error
newAddrs, err := cidrDiff("addr", r.addrs, rs.LocalAddrs, r.addAddress, r.delAddress) newAddrs, err := cidrDiff("addr", r.addrs, cfg.LocalAddrs, r.addAddress, r.delAddress)
if err != nil && errq == nil { if err != nil && errq == nil {
errq = err errq = err
} }
newRoutes, err := cidrDiff("route", r.routes, rs.Routes, r.addRoute, r.delRoute) newRoutes, err := cidrDiff("route", r.routes, cfg.Routes, r.addRoute, r.delRoute)
if err != nil && errq == nil { if err != nil && errq == nil {
errq = err errq = err
} }
newSubnetRoutes, err := cidrDiff("subnet rule", r.subnetRoutes, rs.SubnetRoutes, r.addSubnetRule, r.delSubnetRule) newSubnetRoutes, err := cidrDiff("subnet rule", r.subnetRoutes, cfg.SubnetRoutes, r.addSubnetRule, r.delSubnetRule)
if err != nil && errq == nil { if err != nil && errq == nil {
errq = err errq = err
} }
switch { switch {
case rs.NoSNAT == r.noSNAT: case cfg.NoSNAT == r.noSNAT:
// state already correct, nothing to do. // state already correct, nothing to do.
case rs.NoSNAT: case cfg.NoSNAT:
if err := r.delSNATRule(); err != nil && errq == nil { if err := r.delSNATRule(); err != nil && errq == nil {
errq = err errq = err
} }
@ -211,11 +215,11 @@ func (r *linuxRouter) Set(rs Settings) error {
r.addrs = newAddrs r.addrs = newAddrs
r.routes = newRoutes r.routes = newRoutes
r.subnetRoutes = newSubnetRoutes r.subnetRoutes = newSubnetRoutes
r.noSNAT = rs.NoSNAT r.noSNAT = cfg.NoSNAT
// TODO: this: // TODO: this:
if false { if false {
if err := r.replaceResolvConf(rs.DNS, rs.DNSDomains); err != nil { if err := r.replaceResolvConf(cfg.DNS, cfg.DNSDomains); err != nil {
errq = fmt.Errorf("replacing resolv.conf failed: %v", err) errq = fmt.Errorf("replacing resolv.conf failed: %v", err)
} }
} }

14
wgengine/router/router_openbsd.go
View File

@ -60,12 +60,16 @@ func (r *openbsdRouter) Up() error {
return nil return nil
} }
func (r *openbsdRouter) Set(rs Settings) error { func (r *openbsdRouter) Set(cfg *Config) error {
if cfg == nil {
cfg = &shutdownConfig
}
// TODO: support configuring multiple local addrs on interface. // TODO: support configuring multiple local addrs on interface.
if len(rs.LocalAddrs) != 1 { if len(cfg.LocalAddrs) != 1 {
return errors.New("freebsd doesn't support setting multiple local addrs yet") return errors.New("freebsd doesn't support setting multiple local addrs yet")
} }
localAddr := rs.LocalAddrs[0] localAddr := cfg.LocalAddrs[0]
var errq error var errq error
@ -114,7 +118,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
} }
newRoutes := make(map[netaddr.IPPrefix]struct{}) newRoutes := make(map[netaddr.IPPrefix]struct{})
for _, route := range rs.Routes { for _, route := range cfg.Routes {
newRoutes[route] = struct{}{} newRoutes[route] = struct{}{}
} }
for route := range r.routes { for route := range r.routes {
@ -155,7 +159,7 @@ func (r *openbsdRouter) Set(rs Settings) error {
r.local = localAddr r.local = localAddr
r.routes = newRoutes r.routes = newRoutes
if err := r.replaceResolvConf(rs.DNS, rs.DNSDomains); err != nil { if err := r.replaceResolvConf(cfg.DNS, cfg.DNSDomains); err != nil {
errq = fmt.Errorf("replacing resolv.conf failed: %v", err) errq = fmt.Errorf("replacing resolv.conf failed: %v", err)
} }

8
wgengine/router/router_windows.go
View File

@ -45,8 +45,12 @@ func (r *winRouter) Up() error {
return nil return nil
} }
func (r *winRouter) Set(rs Settings) error { func (r *winRouter) Set(cfg *Config) error {
err := configureInterface(rs, r.nativeTun) if cfg == nil {
cfg = &shutdownConfig
}
err := configureInterface(cfg, r.nativeTun)
if err != nil { if err != nil {
r.logf("ConfigureInterface: %v\n", err) r.logf("ConfigureInterface: %v\n", err)
return err return err

6
wgengine/userspace.go
View File

@ -243,7 +243,7 @@ func newUserspaceEngineAdvanced(logf logger.Logf, tundev tun.Device, routerGen R
} }
// TODO(danderson): we should delete this. It's pointless to apply // TODO(danderson): we should delete this. It's pointless to apply
// a no-op settings here. // a no-op settings here.
if err := e.router.Set(router.Settings{}); err != nil { if err := e.router.Set(nil); err != nil {
e.wgdev.Close() e.wgdev.Close()
return nil, err return nil, err
} }
@ -326,7 +326,7 @@ func (e *userspaceEngine) pinger(peerKey wgcfg.Key, ips []wgcfg.IP) {
} }
} }
func configSignature(cfg *wgcfg.Config, routerCfg router.Settings) (string, error) { func configSignature(cfg *wgcfg.Config, routerCfg *router.Config) (string, error) {
// TODO(apenwarr): get rid of uapi stuff for in-process comms // TODO(apenwarr): get rid of uapi stuff for in-process comms
uapi, err := cfg.ToUAPI() uapi, err := cfg.ToUAPI()
if err != nil { if err != nil {
@ -336,7 +336,7 @@ func configSignature(cfg *wgcfg.Config, routerCfg router.Settings) (string, erro
return fmt.Sprintf("%s %v", uapi, routerCfg), nil return fmt.Sprintf("%s %v", uapi, routerCfg), nil
} }
func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, routerCfg router.Settings) error { func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config) error {
e.wgLock.Lock() e.wgLock.Lock()
defer e.wgLock.Unlock() defer e.wgLock.Unlock()

2
wgengine/watchdog.go
View File

@ -62,7 +62,7 @@ func (e *watchdogEngine) watchdog(name string, fn func()) {
}) })
} }
func (e *watchdogEngine) Reconfig(cfg *wgcfg.Config, routerCfg router.Settings) error { func (e *watchdogEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config) error {
return e.watchdogErr("Reconfig", func() error { return e.wrap.Reconfig(cfg, routerCfg) }) return e.watchdogErr("Reconfig", func() error { return e.wrap.Reconfig(cfg, routerCfg) })
} }
func (e *watchdogEngine) GetFilter() *filter.Filter { func (e *watchdogEngine) GetFilter() *filter.Filter {

5
wgengine/wgengine.go
View File

@ -53,14 +53,11 @@ type Engine interface {
// Reconfig reconfigures WireGuard and makes sure it's running. // Reconfig reconfigures WireGuard and makes sure it's running.
// This also handles setting up any kernel routes. // This also handles setting up any kernel routes.
// //
// The provided DNS domains are not part of wgcfg.Config, as
// WireGuard itself doesn't care about such things.
//
// This is called whenever the tailcontrol (control plane) // This is called whenever the tailcontrol (control plane)
// sends an updated network map. // sends an updated network map.
// //
// The returned error is ErrNoChanges if no changes were made. // The returned error is ErrNoChanges if no changes were made.
Reconfig(cfg *wgcfg.Config, routerCfg router.Settings) error Reconfig(*wgcfg.Config, *router.Config) error
// GetFilter returns the current packet filter, if any. // GetFilter returns the current packet filter, if any.
GetFilter() *filter.Filter GetFilter() *filter.Filter