wgengine/router: create netfilter runner in setNetfilterMode

This will enable the runner to be replaced as a configuration side
effect in a later change.

Updates tailscale/corp#14029

Signed-off-by: James Tucker <james@tailscale.com>
pull/10370/head
James Tucker 1 year ago committed by Naman Sood
parent 94a64c0017
commit 215f657a5e

@ -60,8 +60,8 @@ type linuxRouter struct {
// ipPolicyPrefBase is the base priority at which ip rules are installed. // ipPolicyPrefBase is the base priority at which ip rules are installed.
ipPolicyPrefBase int ipPolicyPrefBase int
nfr linuxfw.NetfilterRunner
cmd commandRunner cmd commandRunner
nfr linuxfw.NetfilterRunner
} }
func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Monitor) (Router, error) { func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Monitor) (Router, error) {
@ -70,26 +70,20 @@ func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Moni
return nil, err return nil, err
} }
nfr, err := linuxfw.New(logf)
if err != nil {
return nil, err
}
cmd := osCommandRunner{ cmd := osCommandRunner{
ambientCapNetAdmin: useAmbientCaps(), ambientCapNetAdmin: useAmbientCaps(),
} }
return newUserspaceRouterAdvanced(logf, tunname, netMon, nfr, cmd) return newUserspaceRouterAdvanced(logf, tunname, netMon, cmd)
} }
func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netMon *netmon.Monitor, nfr linuxfw.NetfilterRunner, cmd commandRunner) (Router, error) { func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netMon *netmon.Monitor, cmd commandRunner) (Router, error) {
r := &linuxRouter{ r := &linuxRouter{
logf: logf, logf: logf,
tunname: tunname, tunname: tunname,
netfilterMode: netfilterOff, netfilterMode: netfilterOff,
netMon: netMon, netMon: netMon,
nfr: nfr,
cmd: cmd, cmd: cmd,
ipRuleFixLimiter: rate.NewLimiter(rate.Every(5*time.Second), 10), ipRuleFixLimiter: rate.NewLimiter(rate.Every(5*time.Second), 10),
@ -294,12 +288,12 @@ func (r *linuxRouter) Up() error {
if r.unregNetMon == nil && r.netMon != nil { if r.unregNetMon == nil && r.netMon != nil {
r.unregNetMon = r.netMon.RegisterRuleDeleteCallback(r.onIPRuleDeleted) r.unregNetMon = r.netMon.RegisterRuleDeleteCallback(r.onIPRuleDeleted)
} }
if err := r.addIPRules(); err != nil {
return fmt.Errorf("adding IP rules: %w", err)
}
if err := r.setNetfilterMode(netfilterOff); err != nil { if err := r.setNetfilterMode(netfilterOff); err != nil {
return fmt.Errorf("setting netfilter mode: %w", err) return fmt.Errorf("setting netfilter mode: %w", err)
} }
if err := r.addIPRules(); err != nil {
return fmt.Errorf("adding IP rules: %w", err)
}
if err := r.upInterface(); err != nil { if err := r.upInterface(); err != nil {
return fmt.Errorf("bringing interface up: %w", err) return fmt.Errorf("bringing interface up: %w", err)
} }
@ -386,6 +380,15 @@ func (r *linuxRouter) setNetfilterMode(mode preftype.NetfilterMode) error {
if distro.Get() == distro.Synology { if distro.Get() == distro.Synology {
mode = netfilterOff mode = netfilterOff
} }
if r.nfr == nil {
var err error
r.nfr, err = linuxfw.New(r.logf)
if err != nil {
return err
}
}
if r.netfilterMode == mode { if r.netfilterMode == mode {
return nil return nil
} }

@ -331,7 +331,8 @@ ip route add throw 192.168.0.0/24 table 52` + basic,
defer mon.Close() defer mon.Close()
fake := NewFakeOS(t) fake := NewFakeOS(t)
router, err := newUserspaceRouterAdvanced(t.Logf, "tailscale0", mon, fake.nfr, fake) router, err := newUserspaceRouterAdvanced(t.Logf, "tailscale0", mon, fake)
router.(*linuxRouter).nfr = fake.nfr
if err != nil { if err != nil {
t.Fatalf("failed to create router: %v", err) t.Fatalf("failed to create router: %v", err)
} }

Loading…
Cancel
Save