Inicio Explorar Axuda
Iniciar sesión
Tailscale
/
tailscale
réplica de https://github.com/tailscale/tailscale.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

wgengine/router: create netfilter runner in setNetfilterMode

This will enable the runner to be replaced as a configuration side
effect in a later change.

Updates tailscale/corp#14029

Signed-off-by: James Tucker <[email protected]>
James Tucker %!s(int64=2) %!d(string=hai) anos
pai
94a64c0017
achega
215f657a5e
Modificáronse 2 ficheiros con 17 adicións e 13 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 15 12
      wgengine/router/router_linux.go
  2. 2 1
      wgengine/router/router_linux_test.go

+ 15 - 12
wgengine/router/router_linux.go
Ver ficheiro 

@@ -60,8 +60,8 @@ type linuxRouter struct {
 
 	// ipPolicyPrefBase is the base priority at which ip rules are installed.
 
 	ipPolicyPrefBase int
 
 
-	nfr linuxfw.NetfilterRunner
 
 	cmd commandRunner
 
+	nfr linuxfw.NetfilterRunner
 
 }
 
 
 func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Monitor) (Router, error) {
 
@@ -70,26 +70,20 @@ func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Moni
 
 		return nil, err
 
 	}
 
 
-	nfr, err := linuxfw.New(logf)
 
-	if err != nil {
 
-		return nil, err
 
-	}
 
-
 
 	cmd := osCommandRunner{
 
 		ambientCapNetAdmin: useAmbientCaps(),
 
 	}
 
 
-	return newUserspaceRouterAdvanced(logf, tunname, netMon, nfr, cmd)
 
+	return newUserspaceRouterAdvanced(logf, tunname, netMon, cmd)
 
 }
 
 
-func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netMon *netmon.Monitor, nfr linuxfw.NetfilterRunner, cmd commandRunner) (Router, error) {
 
+func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, netMon *netmon.Monitor, cmd commandRunner) (Router, error) {
 
 	r := &linuxRouter{
 
 		logf:          logf,
 
 		tunname:       tunname,
 
 		netfilterMode: netfilterOff,
 
 		netMon:        netMon,
 
 
-		nfr: nfr,
 
 		cmd: cmd,
 
 
 		ipRuleFixLimiter: rate.NewLimiter(rate.Every(5*time.Second), 10),
 
@@ -294,12 +288,12 @@ func (r *linuxRouter) Up() error {
 
 	if r.unregNetMon == nil && r.netMon != nil {
 
 		r.unregNetMon = r.netMon.RegisterRuleDeleteCallback(r.onIPRuleDeleted)
 
 	}
 
-	if err := r.addIPRules(); err != nil {
 
-		return fmt.Errorf("adding IP rules: %w", err)
 
-	}
 
 	if err := r.setNetfilterMode(netfilterOff); err != nil {
 
 		return fmt.Errorf("setting netfilter mode: %w", err)
 
 	}
 
+	if err := r.addIPRules(); err != nil {
 
+		return fmt.Errorf("adding IP rules: %w", err)
 
+	}
 
 	if err := r.upInterface(); err != nil {
 
 		return fmt.Errorf("bringing interface up: %w", err)
 
 	}
 
@@ -386,6 +380,15 @@ func (r *linuxRouter) setNetfilterMode(mode preftype.NetfilterMode) error {
 
 	if distro.Get() == distro.Synology {
 
 		mode = netfilterOff
 
 	}
 
+
 
+	if r.nfr == nil {
 
+		var err error
 
+		r.nfr, err = linuxfw.New(r.logf)
 
+		if err != nil {
 
+			return err
 
+		}
 
+	}
 
+
 
 	if r.netfilterMode == mode {
 
 		return nil
 
 	}

+ 2 - 1
wgengine/router/router_linux_test.go
Ver ficheiro 

@@ -331,7 +331,8 @@ ip route add throw 192.168.0.0/24 table 52` + basic,
 
 	defer mon.Close()
 
 
 	fake := NewFakeOS(t)
 
-	router, err := newUserspaceRouterAdvanced(t.Logf, "tailscale0", mon, fake.nfr, fake)
 
+	router, err := newUserspaceRouterAdvanced(t.Logf, "tailscale0", mon, fake)
 
+	router.(*linuxRouter).nfr = fake.nfr
 
 	if err != nil {
 
 		t.Fatalf("failed to create router: %v", err)
 
 	}