|
|
@ -161,35 +161,21 @@ func (nm *NetworkMap) JSON() string {
|
|
|
|
return string(b)
|
|
|
|
return string(b)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
// WGConfigFlags is a bitmask of flags to control the behavior of the
|
|
|
|
UAllowSingleHosts = 1 << iota
|
|
|
|
// wireguard configuration generation done by NetMap.WGCfg.
|
|
|
|
UAllowSubnetRoutes
|
|
|
|
type WGConfigFlags int
|
|
|
|
UAllowDefaultRoute
|
|
|
|
|
|
|
|
UHackDefaultRoute
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UDefault = 0
|
|
|
|
const (
|
|
|
|
|
|
|
|
AllowSingleHosts WGConfigFlags = 1 << iota
|
|
|
|
|
|
|
|
AllowSubnetRoutes
|
|
|
|
|
|
|
|
AllowDefaultRoute
|
|
|
|
|
|
|
|
HackDefaultRoute
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// Several programs need to parse these arguments into uflags, so let's
|
|
|
|
|
|
|
|
// centralize it here.
|
|
|
|
|
|
|
|
func UFlagsHelper(uroutes, rroutes, droutes bool) int {
|
|
|
|
|
|
|
|
uflags := 0
|
|
|
|
|
|
|
|
if uroutes {
|
|
|
|
|
|
|
|
uflags |= UAllowSingleHosts
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if rroutes {
|
|
|
|
|
|
|
|
uflags |= UAllowSubnetRoutes
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if droutes {
|
|
|
|
|
|
|
|
uflags |= UAllowDefaultRoute
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return uflags
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// TODO(bradfitz): UAPI seems to only be used by the old confnode and
|
|
|
|
// TODO(bradfitz): UAPI seems to only be used by the old confnode and
|
|
|
|
// pingnode; delete this when those are deleted/rewritten?
|
|
|
|
// pingnode; delete this when those are deleted/rewritten?
|
|
|
|
func (nm *NetworkMap) UAPI(uflags int, dnsOverride []wgcfg.IP) string {
|
|
|
|
func (nm *NetworkMap) UAPI(flags WGConfigFlags, dnsOverride []wgcfg.IP) string {
|
|
|
|
wgcfg, err := nm.WGCfg(log.Printf, uflags, dnsOverride)
|
|
|
|
wgcfg, err := nm.WGCfg(log.Printf, flags, dnsOverride)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("WGCfg() failed unexpectedly: %v", err)
|
|
|
|
log.Fatalf("WGCfg() failed unexpectedly: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -206,7 +192,7 @@ func (nm *NetworkMap) UAPI(uflags int, dnsOverride []wgcfg.IP) string {
|
|
|
|
const EndpointDiscoSuffix = ".disco.tailscale:12345"
|
|
|
|
const EndpointDiscoSuffix = ".disco.tailscale:12345"
|
|
|
|
|
|
|
|
|
|
|
|
// WGCfg returns the NetworkMaps's Wireguard configuration.
|
|
|
|
// WGCfg returns the NetworkMaps's Wireguard configuration.
|
|
|
|
func (nm *NetworkMap) WGCfg(logf logger.Logf, uflags int, dnsOverride []wgcfg.IP) (*wgcfg.Config, error) {
|
|
|
|
func (nm *NetworkMap) WGCfg(logf logger.Logf, flags WGConfigFlags, dnsOverride []wgcfg.IP) (*wgcfg.Config, error) {
|
|
|
|
cfg := &wgcfg.Config{
|
|
|
|
cfg := &wgcfg.Config{
|
|
|
|
Name: "tailscale",
|
|
|
|
Name: "tailscale",
|
|
|
|
PrivateKey: nm.PrivateKey,
|
|
|
|
PrivateKey: nm.PrivateKey,
|
|
|
@ -220,7 +206,7 @@ func (nm *NetworkMap) WGCfg(logf logger.Logf, uflags int, dnsOverride []wgcfg.IP
|
|
|
|
if Debug.OnlyDisco && peer.DiscoKey.IsZero() {
|
|
|
|
if Debug.OnlyDisco && peer.DiscoKey.IsZero() {
|
|
|
|
continue
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (uflags&UAllowSingleHosts) == 0 && len(peer.AllowedIPs) < 2 {
|
|
|
|
if (flags&AllowSingleHosts) == 0 && len(peer.AllowedIPs) < 2 {
|
|
|
|
logf("wgcfg: %v skipping a single-host peer.", peer.Key.ShortString())
|
|
|
|
logf("wgcfg: %v skipping a single-host peer.", peer.Key.ShortString())
|
|
|
|
continue
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -249,16 +235,16 @@ func (nm *NetworkMap) WGCfg(logf logger.Logf, uflags int, dnsOverride []wgcfg.IP
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, allowedIP := range peer.AllowedIPs {
|
|
|
|
for _, allowedIP := range peer.AllowedIPs {
|
|
|
|
if allowedIP.Mask == 0 {
|
|
|
|
if allowedIP.Mask == 0 {
|
|
|
|
if (uflags & UAllowDefaultRoute) == 0 {
|
|
|
|
if (flags & AllowDefaultRoute) == 0 {
|
|
|
|
logf("wgcfg: %v skipping default route", peer.Key.ShortString())
|
|
|
|
logf("wgcfg: %v skipping default route", peer.Key.ShortString())
|
|
|
|
continue
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (uflags & UHackDefaultRoute) != 0 {
|
|
|
|
if (flags & HackDefaultRoute) != 0 {
|
|
|
|
allowedIP = wgcfg.CIDR{IP: wgcfg.IPv4(10, 0, 0, 0), Mask: 8}
|
|
|
|
allowedIP = wgcfg.CIDR{IP: wgcfg.IPv4(10, 0, 0, 0), Mask: 8}
|
|
|
|
logf("wgcfg: %v converting default route => %v", peer.Key.ShortString(), allowedIP.String())
|
|
|
|
logf("wgcfg: %v converting default route => %v", peer.Key.ShortString(), allowedIP.String())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if allowedIP.Mask < 32 {
|
|
|
|
} else if allowedIP.Mask < 32 {
|
|
|
|
if (uflags & UAllowSubnetRoutes) == 0 {
|
|
|
|
if (flags & AllowSubnetRoutes) == 0 {
|
|
|
|
logf("wgcfg: %v skipping subnet route", peer.Key.ShortString())
|
|
|
|
logf("wgcfg: %v skipping subnet route", peer.Key.ShortString())
|
|
|
|
continue
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
|