ipn/{ipnext,ipnlocal}: expose authReconfig in ipnext.Host as AuthReconfigAsync
Also implement a limit of one on the number of goroutines that can be waiting to do a reconfig via AuthReconfig, to prevent extensions from calling too fast and taxing resources. Even with the protection, the new method should only be used in experimental or proof-of-concept contexts. The current intended use is for an extension to be able force a reconfiguration of WireGuard, and have the reconfiguration call back into the extension for extra Allowed IPs. If in the future if WireGuard is able to reconfigure individual peers more dynamically, an extension might be able to hook into that process, and this method on ipnext.Host may be deprecated. Fixes tailscale/corp#38120 Updates tailscale/corp#38124 Updates tailscale/corp#38125 Signed-off-by: Michael Ben-Ami <mzb@tailscale.com>
This commit is contained in:
Michael Ben-Ami
committed by
mzbenami
mzbenami
parent
3a5afc3358
commit
ea7040eea2
@@ -204,6 +204,16 @@ type Host interface {
|
||||
// NodeBackend returns the [NodeBackend] for the currently active node
|
||||
// (which is approximately the same as the current profile).
|
||||
NodeBackend() NodeBackend
|
||||
|
||||
// AuthReconfigAsync asynchronously pushes a new configuration into wgengine,
|
||||
// if engine updates are not currently blocked, based on the cached netmap and
|
||||
// user prefs. The reconfiguration is applied to [ipnlocal.LocalBackend]'s currently
|
||||
// active node at the time of execution.
|
||||
//
|
||||
// AuthReconfigAsync should not be called at a high rate (i.e., more often
|
||||
// than prefs and netmap changes), except in experimental or proof-of-concept
|
||||
// contexts, since reconfiguration is known to be slow.
|
||||
AuthReconfigAsync()
|
||||
}
|
||||
|
||||
// SafeBackend is a subset of the [ipnlocal.LocalBackend] type's methods that
|
||||
|
||||
Reference in New Issue
Block a user