@ -1728,7 +1728,7 @@ func (b *LocalBackend) blockEngineUpdates(block bool) {
func ( b * LocalBackend ) authReconfig ( ) {
func ( b * LocalBackend ) authReconfig ( ) {
b . mu . Lock ( )
b . mu . Lock ( )
blocked := b . blocked
blocked := b . blocked
uc := b . prefs
prefs := b . prefs
nm := b . netMap
nm := b . netMap
hasPAC := b . prevIfState . HasPAC ( )
hasPAC := b . prevIfState . HasPAC ( )
disableSubnetsIfPAC := nm != nil && nm . Debug != nil && nm . Debug . DisableSubnetsIfPAC . EqualBool ( true )
disableSubnetsIfPAC := nm != nil && nm . Debug != nil && nm . Debug . DisableSubnetsIfPAC . EqualBool ( true )
@ -1742,16 +1742,16 @@ func (b *LocalBackend) authReconfig() {
b . logf ( "authReconfig: netmap not yet valid. Skipping." )
b . logf ( "authReconfig: netmap not yet valid. Skipping." )
return
return
}
}
if ! uc . WantRunning {
if ! prefs . WantRunning {
b . logf ( "authReconfig: skipping because !WantRunning." )
b . logf ( "authReconfig: skipping because !WantRunning." )
return
return
}
}
var flags netmap . WGConfigFlags
var flags netmap . WGConfigFlags
if uc . RouteAll {
if prefs . RouteAll {
flags |= netmap . AllowSubnetRoutes
flags |= netmap . AllowSubnetRoutes
}
}
if uc . AllowSingleHosts {
if prefs . AllowSingleHosts {
flags |= netmap . AllowSingleHosts
flags |= netmap . AllowSingleHosts
}
}
if hasPAC && disableSubnetsIfPAC {
if hasPAC && disableSubnetsIfPAC {
@ -1761,15 +1761,26 @@ func (b *LocalBackend) authReconfig() {
}
}
}
}
cfg , err := nmcfg . WGCfg ( nm , b . logf , flags , uc . ExitNodeID )
cfg , err := nmcfg . WGCfg ( nm , b . logf , flags , prefs . ExitNodeID )
if err != nil {
if err != nil {
b . logf ( "wgcfg: %v" , err )
b . logf ( "wgcfg: %v" , err )
return
return
}
}
rcfg := b . routerConfig ( cfg , uc )
rcfg := b . routerConfig ( cfg , prefs )
dcfg := dnsConfigForNetmap ( nm , prefs , b . logf )
err = b . e . Reconfig ( cfg , rcfg , dcfg , nm . Debug )
if err == wgengine . ErrNoChanges {
return
}
b . logf ( "[v1] authReconfig: ra=%v dns=%v 0x%02x: %v" , prefs . RouteAll , prefs . CorpDNS , flags , err )
b . initPeerAPIListener ( )
}
dcfg := dns . Config {
func dnsConfigForNetmap ( nm * netmap . NetworkMap , prefs * ipn . Prefs , logf logger . Logf ) * dns . Config {
dcfg := & dns . Config {
Routes : map [ dnsname . FQDN ] [ ] dnstype . Resolver { } ,
Routes : map [ dnsname . FQDN ] [ ] dnstype . Resolver { } ,
Hosts : map [ dnsname . FQDN ] [ ] netaddr . IP { } ,
Hosts : map [ dnsname . FQDN ] [ ] netaddr . IP { } ,
}
}
@ -1827,7 +1838,7 @@ func (b *LocalBackend) authReconfig() {
dcfg . Hosts [ fqdn ] = append ( dcfg . Hosts [ fqdn ] , ip )
dcfg . Hosts [ fqdn ] = append ( dcfg . Hosts [ fqdn ] , ip )
}
}
if uc . CorpDNS {
if prefs . CorpDNS {
addDefault := func ( resolvers [ ] dnstype . Resolver ) {
addDefault := func ( resolvers [ ] dnstype . Resolver ) {
for _ , r := range resolvers {
for _ , r := range resolvers {
dcfg . DefaultResolvers = append ( dcfg . DefaultResolvers , normalizeResolver ( r ) )
dcfg . DefaultResolvers = append ( dcfg . DefaultResolvers , normalizeResolver ( r ) )
@ -1838,7 +1849,7 @@ func (b *LocalBackend) authReconfig() {
for suffix , resolvers := range nm . DNS . Routes {
for suffix , resolvers := range nm . DNS . Routes {
fqdn , err := dnsname . ToFQDN ( suffix )
fqdn , err := dnsname . ToFQDN ( suffix )
if err != nil {
if err != nil {
b . logf ( "[unexpected] non-FQDN route suffix %q" , suffix )
logf ( "[unexpected] non-FQDN route suffix %q" , suffix )
}
}
// Create map entry even if len(resolvers) == 0; Issue 2706.
// Create map entry even if len(resolvers) == 0; Issue 2706.
@ -1858,7 +1869,7 @@ func (b *LocalBackend) authReconfig() {
for _ , dom := range nm . DNS . Domains {
for _ , dom := range nm . DNS . Domains {
fqdn , err := dnsname . ToFQDN ( dom )
fqdn , err := dnsname . ToFQDN ( dom )
if err != nil {
if err != nil {
b . logf ( "[unexpected] non-FQDN search domain %q" , dom )
logf ( "[unexpected] non-FQDN search domain %q" , dom )
}
}
dcfg . SearchDomains = append ( dcfg . SearchDomains , fqdn )
dcfg . SearchDomains = append ( dcfg . SearchDomains , fqdn )
}
}
@ -1875,7 +1886,7 @@ func (b *LocalBackend) authReconfig() {
switch {
switch {
case len ( dcfg . DefaultResolvers ) != 0 :
case len ( dcfg . DefaultResolvers ) != 0 :
// Default resolvers already set.
// Default resolvers already set.
case ! uc . ExitNodeID . IsZero ( ) :
case ! prefs . ExitNodeID . IsZero ( ) :
// When using exit nodes, it's very likely the LAN
// When using exit nodes, it's very likely the LAN
// resolvers will become unreachable. So, force use of the
// resolvers will become unreachable. So, force use of the
// fallback resolvers until we implement DNS forwarding to
// fallback resolvers until we implement DNS forwarding to
@ -1895,14 +1906,7 @@ func (b *LocalBackend) authReconfig() {
addDefault ( nm . DNS . FallbackResolvers )
addDefault ( nm . DNS . FallbackResolvers )
}
}
}
}
return dcfg
err = b . e . Reconfig ( cfg , rcfg , & dcfg , nm . Debug )
if err == wgengine . ErrNoChanges {
return
}
b . logf ( "[v1] authReconfig: ra=%v dns=%v 0x%02x: %v" , uc . RouteAll , uc . CorpDNS , flags , err )
b . initPeerAPIListener ( )
}
}
func normalizeResolver ( cfg dnstype . Resolver ) dnstype . Resolver {
func normalizeResolver ( cfg dnstype . Resolver ) dnstype . Resolver {