wgengine/wgcfg: use just the hexlified node key as the WireGuard endpoint.
The node key is all magicsock needs to find the endpoint that WireGuard needs. Updates #2752 Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson
committed by
Dave Anderson
Dave Anderson
parent
d00341360f
commit
bb10443edf
@@ -11,7 +11,6 @@ import (
|
||||
"context"
|
||||
crand "crypto/rand"
|
||||
"encoding/binary"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"hash/fnv"
|
||||
@@ -55,7 +54,6 @@ import (
|
||||
"tailscale.com/util/uniq"
|
||||
"tailscale.com/version"
|
||||
"tailscale.com/wgengine/monitor"
|
||||
"tailscale.com/wgengine/wgcfg"
|
||||
)
|
||||
|
||||
// useDerpRoute reports whether magicsock should enable the DERP
|
||||
@@ -2101,20 +2099,7 @@ func (c *Conn) SetNetworkMap(nm *netmap.NetworkMap) {
|
||||
ep.discoKey = n.DiscoKey
|
||||
ep.discoShort = n.DiscoKey.ShortString()
|
||||
}
|
||||
epDef := wgcfg.Endpoints{
|
||||
PublicKey: wgkey.Key(n.Key),
|
||||
DiscoKey: n.DiscoKey,
|
||||
}
|
||||
// We have to make the endpoint string we return to
|
||||
// WireGuard be the right kind of json that wgcfg expects
|
||||
// to get back out of uapi, so we have to do this somewhat
|
||||
// unnecessary json encoding here.
|
||||
// TODO(danderson): remove this in the wgcfg.Endpoints refactor.
|
||||
epBytes, err := json.Marshal(epDef)
|
||||
if err != nil {
|
||||
c.logf("[unexpected] magicsock: creating endpoint: failed to marshal endpoints json %w", err)
|
||||
}
|
||||
ep.wgEndpoint = string(epBytes)
|
||||
ep.wgEndpoint = (wgkey.Key(n.Key)).HexString()
|
||||
ep.initFakeUDPAddr()
|
||||
c.logf("magicsock: created endpoint key=%s: disco=%s; %v", n.Key.ShortString(), n.DiscoKey.ShortString(), logger.ArgWriter(func(w *bufio.Writer) {
|
||||
const derpPrefix = "127.3.3.40:"
|
||||
@@ -2636,14 +2621,12 @@ func packIPPort(ua netaddr.IPPort) []byte {
|
||||
}
|
||||
|
||||
// ParseEndpoint is called by WireGuard to connect to an endpoint.
|
||||
// endpointStr is a json-serialized wgcfg.Endpoints struct.
|
||||
func (c *Conn) ParseEndpoint(endpointStr string) (conn.Endpoint, error) {
|
||||
var endpoints wgcfg.Endpoints
|
||||
err := json.Unmarshal([]byte(endpointStr), &endpoints)
|
||||
func (c *Conn) ParseEndpoint(nodeKeyStr string) (conn.Endpoint, error) {
|
||||
k, err := wgkey.ParseHex(nodeKeyStr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("magicsock: ParseEndpoint: json.Unmarshal failed on %q: %w", endpointStr, err)
|
||||
return nil, fmt.Errorf("magicsock: ParseEndpoint: parse failed on %q: %w", nodeKeyStr, err)
|
||||
}
|
||||
pk := key.Public(endpoints.PublicKey)
|
||||
pk := tailcfg.NodeKey(k)
|
||||
|
||||
c.mu.Lock()
|
||||
defer c.mu.Unlock()
|
||||
|
||||
@@ -9,7 +9,6 @@ import (
|
||||
"context"
|
||||
crand "crypto/rand"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
@@ -942,11 +941,8 @@ func testTwoDevicePing(t *testing.T, d *devices) {
|
||||
Peers: []wgcfg.Peer{
|
||||
wgcfg.Peer{
|
||||
PublicKey: m2.privateKey.Public(),
|
||||
DiscoKey: m2.conn.DiscoPublicKey(),
|
||||
AllowedIPs: []netaddr.IPPrefix{netaddr.MustParseIPPrefix("1.0.0.2/32")},
|
||||
Endpoints: wgcfg.Endpoints{
|
||||
PublicKey: m2.privateKey.Public(),
|
||||
DiscoKey: m2.conn.DiscoPublicKey(),
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -957,11 +953,8 @@ func testTwoDevicePing(t *testing.T, d *devices) {
|
||||
Peers: []wgcfg.Peer{
|
||||
wgcfg.Peer{
|
||||
PublicKey: m1.privateKey.Public(),
|
||||
DiscoKey: m1.conn.DiscoPublicKey(),
|
||||
AllowedIPs: []netaddr.IPPrefix{netaddr.MustParseIPPrefix("1.0.0.1/32")},
|
||||
Endpoints: wgcfg.Endpoints{
|
||||
PublicKey: m1.privateKey.Public(),
|
||||
DiscoKey: m1.conn.DiscoPublicKey(),
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -1158,19 +1151,6 @@ func newTestConn(t testing.TB) *Conn {
|
||||
return conn
|
||||
}
|
||||
|
||||
func makeEndpoint(tb testing.TB, public tailcfg.NodeKey, disco tailcfg.DiscoKey) string {
|
||||
tb.Helper()
|
||||
ep := wgcfg.Endpoints{
|
||||
PublicKey: wgkey.Key(public),
|
||||
DiscoKey: disco,
|
||||
}
|
||||
buf, err := json.Marshal(ep)
|
||||
if err != nil {
|
||||
tb.Fatal(err)
|
||||
}
|
||||
return string(buf)
|
||||
}
|
||||
|
||||
// addTestEndpoint sets conn's network map to a single peer expected
|
||||
// to receive packets from sendConn (or DERP), and returns that peer's
|
||||
// nodekey and discokey.
|
||||
@@ -1190,7 +1170,7 @@ func addTestEndpoint(tb testing.TB, conn *Conn, sendConn net.PacketConn) (tailcf
|
||||
},
|
||||
})
|
||||
conn.SetPrivateKey(wgkey.Private{0: 1})
|
||||
_, err := conn.ParseEndpoint(makeEndpoint(tb, nodeKey, discoKey))
|
||||
_, err := conn.ParseEndpoint(wgkey.Key(nodeKey).HexString())
|
||||
if err != nil {
|
||||
tb.Fatal(err)
|
||||
}
|
||||
@@ -1374,7 +1354,7 @@ func TestSetNetworkMapChangingNodeKey(t *testing.T) {
|
||||
},
|
||||
},
|
||||
})
|
||||
_, err := conn.ParseEndpoint(makeEndpoint(t, nodeKey1, discoKey))
|
||||
_, err := conn.ParseEndpoint(wgkey.Key(nodeKey1).HexString())
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user