From 8af50fa97cb1e309d27002d4d540cba3be13e1e0 Mon Sep 17 00:00:00 2001 From: James Tucker Date: Fri, 23 Aug 2024 11:09:53 -0700 Subject: [PATCH] ipn/ipnlocal: update routes on link change with ExitNodeAllowLANAccess On a major link change the LAN routes may change, so on linkChange where ChangeDelta.Major, we need to call authReconfig to ensure that new routes are observed and applied. Updates tailscale/corp#22574 Signed-off-by: James Tucker --- ipn/ipnlocal/local.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index cbd4f5196..73c41f326 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -712,14 +712,26 @@ func (b *LocalBackend) linkChange(delta *netmon.ChangeDelta) { if delta.Major && shouldAutoExitNode() { b.refreshAutoExitNode = true } - // If the PAC-ness of the network changed, reconfig wireguard+route to - // add/remove subnets. + + var needReconfig bool + // If the network changed and we're using an exit node and allowing LAN access, we may need to reconfigure. + if delta.Major && b.pm.CurrentPrefs().ExitNodeID() != "" && b.pm.CurrentPrefs().ExitNodeAllowLANAccess() { + b.logf("linkChange: in state %v; updating LAN routes", b.state) + needReconfig = true + } + // If the PAC-ness of the network changed, reconfig wireguard+route to add/remove subnets. if hadPAC != ifst.HasPAC() { b.logf("linkChange: in state %v; PAC changed from %v->%v", b.state, hadPAC, ifst.HasPAC()) + needReconfig = true + } + if needReconfig { switch b.state { case ipn.NoState, ipn.Stopped: // Do nothing. default: + // TODO(raggi,tailscale/corp#22574): authReconfig should be refactored such that we can call the + // necessary operations here and avoid the need for asynchronous behavior that is racy and hard + // to test here, and do less extra work in these conditions. go b.authReconfig() } }