feature/conn25: connect the ExtraWireguardAllowedIPs hook (#19140)

The hook calls into the client assigned addresses to return a view of the transit IPs associated with that connector. Fixes tailscale/corp#38125 Signed-off-by: George Jones <george@tailscale.com>
3 weeks ago · e7121b49d5
parent 86135d3df5
commit e7121b49d5
1 changed files with 15 additions and 0 deletions
--- a/feature/conn25/conn25.go
+++ b/feature/conn25/conn25.go
@ -127,6 +127,7 @@ func (e *extension) Init(host ipnext.Host) error {

 	host.Hooks().OnSelfChange.Add(e.onSelfChange)
 	host.Hooks().ExtraRouterConfigRoutes.Set(e.getMagicRange)
+	host.Hooks().ExtraWireGuardAllowedIPs.Set(e.extraWireGuardAllowedIPs)
 	ctx, cancel := context.WithCancelCause(context.Background())
 	e.ctxCancel = cancel
 	go e.sendLoop(ctx)
@ -187,6 +188,10 @@ func (e *extension) onSelfChange(selfNode tailcfg.NodeView) {
 	}
 }

+func (e *extension) extraWireGuardAllowedIPs(k key.NodePublic) views.Slice[netip.Prefix] {
+	return e.conn25.client.extraWireGuardAllowedIPs(k)
+}
+
 func (e *extension) registerDNSHook() error {
 	e.mu.Lock()
 	defer e.mu.Unlock()
@ -660,6 +665,16 @@ func (c *client) enqueueAddressAssignment(addrs addrs) error {
 	}
 }

+func (c *client) extraWireGuardAllowedIPs(k key.NodePublic) views.Slice[netip.Prefix] {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	tips, ok := c.assignments.lookupTransitIPsByConnKey(k)
+	if !ok {
+		return views.Slice[netip.Prefix]{}
+	}
+	return views.SliceOf(tips)
+}
+
 func makePeerAPIReq(ctx context.Context, httpClient *http.Client, urlBase string, as addrs) error {
 	url := urlBase + "/v0/connector/transit-ip"