all: replace wgcfg.IP and wgcfg.CIDR with netaddr types
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
This commit is contained in:
Josh Bleecher Snyder
committed by
Josh Bleecher Snyder
Josh Bleecher Snyder
parent
ff2b3d02e6
commit
2fe770ed72
@@ -702,18 +702,17 @@ func peerForIP(nm *controlclient.NetworkMap, ip netaddr.IP) (n *tailcfg.Node, ok
|
||||
if nm == nil {
|
||||
return nil, false
|
||||
}
|
||||
wgIP := wgcfg.IP{Addr: ip.As16()}
|
||||
// Check for exact matches before looking for subnet matches.
|
||||
for _, p := range nm.Peers {
|
||||
for _, a := range p.Addresses {
|
||||
if a.IP == wgIP {
|
||||
if a.IP == ip {
|
||||
return p, true
|
||||
}
|
||||
}
|
||||
}
|
||||
for _, p := range nm.Peers {
|
||||
for _, cidr := range p.AllowedIPs {
|
||||
if cidr.Contains(wgIP) {
|
||||
if cidr.Contains(ip) {
|
||||
return p, true
|
||||
}
|
||||
}
|
||||
@@ -2720,16 +2719,15 @@ func (c *Conn) UpdateStatus(sb *ipnstate.StatusBuilder) {
|
||||
|
||||
if c.netMap != nil {
|
||||
for _, addr := range c.netMap.Addresses {
|
||||
ip := netaddr.IPFrom16(addr.IP.Addr)
|
||||
if addr.Mask != ip.BitLen() {
|
||||
if !addr.IsSingleIP() {
|
||||
continue
|
||||
}
|
||||
sb.AddTailscaleIP(ip)
|
||||
sb.AddTailscaleIP(addr.IP)
|
||||
// TailAddr only allows for a single Tailscale IP. For
|
||||
// readability of `tailscale status`, make it the IPv4
|
||||
// address.
|
||||
if addr.IP.Is4() {
|
||||
ss.TailAddr = ip.String()
|
||||
ss.TailAddr = addr.IP.String()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -248,13 +248,13 @@ func meshStacks(logf logger.Logf, ms []*magicStack) (cleanup func()) {
|
||||
nm := &controlclient.NetworkMap{
|
||||
PrivateKey: me.privateKey,
|
||||
NodeKey: tailcfg.NodeKey(me.privateKey.Public()),
|
||||
Addresses: []wgcfg.CIDR{{IP: wgcfg.IPv4(1, 0, 0, byte(myIdx+1)), Mask: 32}},
|
||||
Addresses: []netaddr.IPPrefix{{IP: netaddr.IPv4(1, 0, 0, byte(myIdx+1)), Bits: 32}},
|
||||
}
|
||||
for i, peer := range ms {
|
||||
if i == myIdx {
|
||||
continue
|
||||
}
|
||||
addrs := []wgcfg.CIDR{{IP: wgcfg.IPv4(1, 0, 0, byte(i+1)), Mask: 32}}
|
||||
addrs := []netaddr.IPPrefix{{IP: netaddr.IPv4(1, 0, 0, byte(i+1)), Bits: 32}}
|
||||
peer := &tailcfg.Node{
|
||||
ID: tailcfg.NodeID(i + 1),
|
||||
Name: fmt.Sprintf("node%d", i+1),
|
||||
@@ -454,7 +454,7 @@ func makeConfigs(t *testing.T, addrs []netaddr.IPPort) []wgcfg.Config {
|
||||
t.Helper()
|
||||
|
||||
var privKeys []wgcfg.PrivateKey
|
||||
var addresses [][]wgcfg.CIDR
|
||||
var addresses [][]netaddr.IPPrefix
|
||||
|
||||
for i := range addrs {
|
||||
privKey, err := wgcfg.NewPrivateKey()
|
||||
@@ -463,7 +463,7 @@ func makeConfigs(t *testing.T, addrs []netaddr.IPPort) []wgcfg.Config {
|
||||
}
|
||||
privKeys = append(privKeys, privKey)
|
||||
|
||||
addresses = append(addresses, []wgcfg.CIDR{
|
||||
addresses = append(addresses, []netaddr.IPPrefix{
|
||||
parseCIDR(t, fmt.Sprintf("1.0.0.%d/32", i+1)),
|
||||
})
|
||||
}
|
||||
@@ -496,9 +496,9 @@ func makeConfigs(t *testing.T, addrs []netaddr.IPPort) []wgcfg.Config {
|
||||
return cfgs
|
||||
}
|
||||
|
||||
func parseCIDR(t *testing.T, addr string) wgcfg.CIDR {
|
||||
func parseCIDR(t *testing.T, addr string) netaddr.IPPrefix {
|
||||
t.Helper()
|
||||
cidr, err := wgcfg.ParseCIDR(addr)
|
||||
cidr, err := netaddr.ParseIPPrefix(addr)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@@ -81,7 +81,7 @@ func (r *openbsdRouter) Set(cfg *Config) error {
|
||||
var errq error
|
||||
|
||||
if localAddr != r.local {
|
||||
if r.local != (netaddr.IPPrefix{}) {
|
||||
if !r.local.IsZero() {
|
||||
addrdel := []string{"ifconfig", r.tunname,
|
||||
"inet", r.local.String(), "-alias"}
|
||||
out, err := cmd(addrdel...).CombinedOutput()
|
||||
|
||||
@@ -81,7 +81,7 @@ func (r *userspaceBSDRouter) Set(cfg *Config) error {
|
||||
// Update the address.
|
||||
if localAddr != r.local {
|
||||
// If the interface is already set, remove it.
|
||||
if r.local != (netaddr.IPPrefix{}) {
|
||||
if !r.local.IsZero() {
|
||||
addrdel := []string{"ifconfig", r.tunname,
|
||||
"inet", r.local.String(), "-alias"}
|
||||
out, err := cmd(addrdel...).CombinedOutput()
|
||||
|
||||
+19
-21
@@ -278,12 +278,14 @@ func newUserspaceEngineAdvanced(conf EngineConfig) (_ Engine, reterr error) {
|
||||
|
||||
// Ping every single-IP that peer routes.
|
||||
// These synthetic packets are used to traverse NATs.
|
||||
var ips []wgcfg.IP
|
||||
var ips []netaddr.IP
|
||||
allowedIPs := deviceAllowedIPs.EntriesForPeer(peer)
|
||||
for _, ipNet := range allowedIPs {
|
||||
if ones, bits := ipNet.Mask.Size(); ones == bits && ones != 0 {
|
||||
var ip wgcfg.IP
|
||||
copy(ip.Addr[:], ipNet.IP.To16())
|
||||
ip, ok := netaddr.FromStdIP(ipNet.IP)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
ips = append(ips, ip)
|
||||
}
|
||||
}
|
||||
@@ -485,7 +487,7 @@ func (p *pinger) close() {
|
||||
<-p.done
|
||||
}
|
||||
|
||||
func (p *pinger) run(ctx context.Context, peerKey wgcfg.Key, ips []wgcfg.IP, srcIP netaddr.IP) {
|
||||
func (p *pinger) run(ctx context.Context, peerKey wgcfg.Key, ips []netaddr.IP, srcIP netaddr.IP) {
|
||||
defer func() {
|
||||
p.e.mu.Lock()
|
||||
if p.e.pingers[peerKey] == p {
|
||||
@@ -520,7 +522,7 @@ func (p *pinger) run(ctx context.Context, peerKey wgcfg.Key, ips []wgcfg.IP, src
|
||||
// work.
|
||||
continue
|
||||
}
|
||||
dstIPs = append(dstIPs, netaddr.IPFrom16(ip.Addr))
|
||||
dstIPs = append(dstIPs, ip)
|
||||
}
|
||||
|
||||
payload := []byte("magicsock_spray") // no meaning
|
||||
@@ -554,13 +556,13 @@ func (p *pinger) run(ctx context.Context, peerKey wgcfg.Key, ips []wgcfg.IP, src
|
||||
//
|
||||
// This is only used with legacy peers (before 0.100.0) that don't
|
||||
// have advertised discovery keys.
|
||||
func (e *userspaceEngine) pinger(peerKey wgcfg.Key, ips []wgcfg.IP) {
|
||||
func (e *userspaceEngine) pinger(peerKey wgcfg.Key, ips []netaddr.IP) {
|
||||
e.logf("[v1] generating initial ping traffic to %s (%v)", peerKey.ShortString(), ips)
|
||||
var srcIP netaddr.IP
|
||||
|
||||
e.wgLock.Lock()
|
||||
if len(e.lastCfgFull.Addresses) > 0 {
|
||||
srcIP = netaddr.IPFrom16(e.lastCfgFull.Addresses[0].IP.Addr)
|
||||
srcIP = e.lastCfgFull.Addresses[0].IP
|
||||
}
|
||||
e.wgLock.Unlock()
|
||||
|
||||
@@ -642,9 +644,7 @@ func isTrimmablePeer(p *wgcfg.Peer, numPeers int) bool {
|
||||
|
||||
// AllowedIPs must all be single IPs, not subnets.
|
||||
for _, aip := range p.AllowedIPs {
|
||||
if aip.IP.Is4() && aip.Mask != 32 {
|
||||
return false
|
||||
} else if aip.IP.Is6() && aip.Mask != 128 {
|
||||
if !aip.IsSingleIP() {
|
||||
return false
|
||||
}
|
||||
}
|
||||
@@ -684,12 +684,11 @@ func (e *userspaceEngine) noteReceiveActivity(dk tailcfg.DiscoKey) {
|
||||
// had a packet sent to or received from it since t.
|
||||
//
|
||||
// e.wgLock must be held.
|
||||
func (e *userspaceEngine) isActiveSince(dk tailcfg.DiscoKey, ip wgcfg.IP, t time.Time) bool {
|
||||
func (e *userspaceEngine) isActiveSince(dk tailcfg.DiscoKey, ip netaddr.IP, t time.Time) bool {
|
||||
if e.recvActivityAt[dk].After(t) {
|
||||
return true
|
||||
}
|
||||
pip := netaddr.IPFrom16(ip.Addr)
|
||||
timePtr, ok := e.sentActivityAt[pip]
|
||||
timePtr, ok := e.sentActivityAt[ip]
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
@@ -746,7 +745,7 @@ func (e *userspaceEngine) maybeReconfigWireguardLocked(discoChanged map[key.Publ
|
||||
// we'll need to install tracking hooks for to watch their
|
||||
// send/receive activity.
|
||||
trackDisco := make([]tailcfg.DiscoKey, 0, len(full.Peers))
|
||||
trackIPs := make([]wgcfg.IP, 0, len(full.Peers))
|
||||
trackIPs := make([]netaddr.IP, 0, len(full.Peers))
|
||||
|
||||
trimmedDisco := map[tailcfg.DiscoKey]bool{} // TODO: don't re-alloc this map each time
|
||||
|
||||
@@ -816,7 +815,7 @@ func (e *userspaceEngine) maybeReconfigWireguardLocked(discoChanged map[key.Publ
|
||||
// as given to wireguard-go.
|
||||
//
|
||||
// e.wgLock must be held.
|
||||
func (e *userspaceEngine) updateActivityMapsLocked(trackDisco []tailcfg.DiscoKey, trackIPs []wgcfg.IP) {
|
||||
func (e *userspaceEngine) updateActivityMapsLocked(trackDisco []tailcfg.DiscoKey, trackIPs []netaddr.IP) {
|
||||
// Generate the new map of which discokeys we want to track
|
||||
// receive times for.
|
||||
mr := map[tailcfg.DiscoKey]time.Time{} // TODO: only recreate this if set of keys changed
|
||||
@@ -857,19 +856,18 @@ func (e *userspaceEngine) updateActivityMapsLocked(trackDisco []tailcfg.DiscoKey
|
||||
}
|
||||
}
|
||||
|
||||
for _, wip := range trackIPs {
|
||||
pip := netaddr.IPFrom16(wip.Addr)
|
||||
timePtr := oldTime[pip]
|
||||
for _, ip := range trackIPs {
|
||||
timePtr := oldTime[ip]
|
||||
if timePtr == nil {
|
||||
timePtr = new(int64)
|
||||
}
|
||||
e.sentActivityAt[pip] = timePtr
|
||||
e.sentActivityAt[ip] = timePtr
|
||||
|
||||
fn := oldFunc[pip]
|
||||
fn := oldFunc[ip]
|
||||
if fn == nil {
|
||||
fn = updateFn(timePtr)
|
||||
}
|
||||
e.destIPActivityFuncs[pip] = fn
|
||||
e.destIPActivityFuncs[ip] = fn
|
||||
}
|
||||
e.tundev.SetDestIPActivityFuncs(e.destIPActivityFuncs)
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
|
||||
"github.com/tailscale/wireguard-go/wgcfg"
|
||||
"go4.org/mem"
|
||||
"inet.af/netaddr"
|
||||
"tailscale.com/tailcfg"
|
||||
"tailscale.com/types/key"
|
||||
"tailscale.com/wgengine/router"
|
||||
@@ -99,8 +100,8 @@ func TestUserspaceEngineReconfig(t *testing.T) {
|
||||
cfg := &wgcfg.Config{
|
||||
Peers: []wgcfg.Peer{
|
||||
{
|
||||
AllowedIPs: []wgcfg.CIDR{
|
||||
{IP: wgcfg.IPv4(100, 100, 99, 1), Mask: 32},
|
||||
AllowedIPs: []netaddr.IPPrefix{
|
||||
{IP: netaddr.IPv4(100, 100, 99, 1), Bits: 32},
|
||||
},
|
||||
Endpoints: []wgcfg.Endpoint{
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user