diff --git a/go.mod b/go.mod index e10e8e54e..1e9e440c4 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/pborman/getopt v0.0.0-20190409184431-ee0cd42419d3 github.com/peterbourgon/ff/v2 v2.0.0 github.com/tailscale/winipcfg-go v0.0.0-20200413171540-609dcf2df55f - github.com/tailscale/wireguard-go v0.0.0-20200710044538-9320f191f6b1 + github.com/tailscale/wireguard-go v0.0.0-20200716032321-dd6c1c8fe14c github.com/tcnksm/go-httpstat v0.2.0 github.com/toqueteos/webbrowser v1.2.0 go4.org/mem v0.0.0-20200706164138-185c595c3ecc diff --git a/go.sum b/go.sum index f71e2480a..fbdf2aff5 100644 --- a/go.sum +++ b/go.sum @@ -89,6 +89,8 @@ github.com/tailscale/winipcfg-go v0.0.0-20200413171540-609dcf2df55f h1:uFj5bslHs github.com/tailscale/winipcfg-go v0.0.0-20200413171540-609dcf2df55f/go.mod h1:x880GWw5fvrl2DVTQ04ttXQD4DuppTt1Yz6wLibbjNE= github.com/tailscale/wireguard-go v0.0.0-20200710044538-9320f191f6b1 h1:zMEeWu/X0l+xFnsbri69miflb3HIKoLwedZHD5xx6Mk= github.com/tailscale/wireguard-go v0.0.0-20200710044538-9320f191f6b1/go.mod h1:JPm5cTfu1K+qDFRbiHy0sOlHUylYQbpl356sdYFD8V4= +github.com/tailscale/wireguard-go v0.0.0-20200716032321-dd6c1c8fe14c h1:45GoTCd7XoVVet8ws6q1p8DBvWz3tDrUZ60030+Y+C4= +github.com/tailscale/wireguard-go v0.0.0-20200716032321-dd6c1c8fe14c/go.mod h1:JPm5cTfu1K+qDFRbiHy0sOlHUylYQbpl356sdYFD8V4= github.com/tcnksm/go-httpstat v0.2.0 h1:rP7T5e5U2HfmOBmZzGgGZjBQ5/GluWUylujl0tJ04I0= github.com/tcnksm/go-httpstat v0.2.0/go.mod h1:s3JVJFtQxtBEBC9dwcdTTXS9xFnM3SXAZwPG41aurT8= github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9rrstGQ= diff --git a/wgengine/userspace.go b/wgengine/userspace.go index 230ae2056..948b61c8a 100644 --- a/wgengine/userspace.go +++ b/wgengine/userspace.go @@ -12,7 +12,6 @@ import ( "fmt" "io" "log" - "net" "os" "os/exec" "runtime" @@ -233,7 +232,7 @@ func newUserspaceEngineAdvanced(conf EngineConfig) (_ Engine, reterr error) { opts := &device.DeviceOptions{ Logger: &logger, - HandshakeDone: func(peerKey wgcfg.Key, allowedIPs []net.IPNet) { + HandshakeDone: func(peerKey wgcfg.Key, peer *device.Peer, deviceAllowedIPs *device.AllowedIPs) { // Send an unsolicited status event every time a // handshake completes. This makes sure our UI can // update quickly as soon as it connects to a peer. @@ -247,6 +246,7 @@ func newUserspaceEngineAdvanced(conf EngineConfig) (_ Engine, reterr error) { // Ping every single-IP that peer routes. // These synthetic packets are used to traverse NATs. var ips []wgcfg.IP + allowedIPs := deviceAllowedIPs.EntriesForPeer(peer) for _, ipNet := range allowedIPs { if ones, bits := ipNet.Mask.Size(); ones == bits && ones != 0 { var ip wgcfg.IP @@ -666,7 +666,12 @@ func (e *userspaceEngine) getStatus() (*Status, error) { bw := bufio.NewWriterSize(pw, lineLen) // TODO(apenwarr): get rid of silly uapi stuff for in-process comms // FIXME: get notified of status changes instead of polling. - if err := e.wgdev.IpcGetOperation(bw); err != nil { + filter := device.IPCGetFilter{ + // The allowed_ips are somewhat expensive to compute and they're + // unused below; request that they not be sent instead. + FilterAllowedIPs: true, + } + if err := e.wgdev.IpcGetOperationFiltered(bw, filter); err != nil { errc <- fmt.Errorf("IpcGetOperation: %w", err) return }