From df9ce972c79023e0b0535bffee6afb3d88e61dc3 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Thu, 14 Apr 2022 14:40:17 -0700 Subject: [PATCH] tailcfg, ipn/ipnlocal: add debug flag to enable one-big-CGNAT/10 route To experiment with avoiding Chrome ERR_NETWORK_CHANGED errors on route changes. Updates #3102 Change-Id: I339da14c684fdac45ac261566aa21bf2198672ff Signed-off-by: Brad Fitzpatrick --- ipn/ipnlocal/local.go | 11 ++++++++--- tailcfg/tailcfg.go | 4 ++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index 81a516073..1d7a63673 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -1957,6 +1957,7 @@ func (b *LocalBackend) authReconfig() { nm := b.netMap hasPAC := b.prevIfState.HasPAC() disableSubnetsIfPAC := nm != nil && nm.Debug != nil && nm.Debug.DisableSubnetsIfPAC.EqualBool(true) + oneCGNATRoute := nm != nil && nm.Debug != nil && nm.Debug.OneCGNATRoute.EqualBool(true) b.mu.Unlock() if blocked { @@ -2001,7 +2002,7 @@ func (b *LocalBackend) authReconfig() { return } - rcfg := b.routerConfig(cfg, prefs) + rcfg := b.routerConfig(cfg, prefs, oneCGNATRoute) dcfg := dnsConfigForNetmap(nm, prefs, b.logf, version.OS()) err = b.e.Reconfig(cfg, rcfg, dcfg, nm.Debug) @@ -2412,13 +2413,17 @@ func ipPrefixLess(ri, rj netaddr.IPPrefix) bool { } // routerConfig produces a router.Config from a wireguard config and IPN prefs. -func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs) *router.Config { +func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs, oneCGNATRoute bool) *router.Config { + singleRouteThreshold := 10_000 + if oneCGNATRoute { + singleRouteThreshold = 1 + } rs := &router.Config{ LocalAddrs: unmapIPPrefixes(cfg.Addresses), SubnetRoutes: unmapIPPrefixes(prefs.AdvertiseRoutes), SNATSubnetRoutes: !prefs.NoSNAT, NetfilterMode: prefs.NetfilterMode, - Routes: peerRoutes(cfg.Peers, 10_000), + Routes: peerRoutes(cfg.Peers, singleRouteThreshold), } if distro.Get() == distro.Synology { diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go index c8d98ba66..33f89dbc5 100644 --- a/tailcfg/tailcfg.go +++ b/tailcfg/tailcfg.go @@ -1377,6 +1377,10 @@ type Debug struct { // fixed port. RandomizeClientPort bool `json:",omitempty"` + // OneCGNATRoute controls whether the client should prefer to make one + // big CGNAT /10 route rather than a /32 per peer. + OneCGNATRoute opt.Bool `json:",omitempty"` + // DisableUPnP is whether the client will attempt to perform a UPnP portmapping. // By default, we want to enable it to see if it works on more clients. //