Add ability to skip installing unsafe routes on the os routing table (#831)

2026-02-16 09:44:23 +01:00 · 2023-04-10 12:32:37 -05:00
parent 9b03053191
commit 397fe5f879
8 changed files with 51 additions and 20 deletions
--- a/overlay/route.go
+++ b/overlay/route.go
@@ -14,10 +14,11 @@ import (
 )

 type Route struct {
-	MTU    int
-	Metric int
-	Cidr   *net.IPNet
-	Via    *iputil.VpnIp
+	MTU     int
+	Metric  int
+	Cidr    *net.IPNet
+	Via     *iputil.VpnIp
+	Install bool
 }

 func makeRouteTree(l *logrus.Logger, routes []Route, allowMTU bool) (*cidr.Tree4, error) {
@@ -81,7 +82,8 @@ func parseRoutes(c *config.C, network *net.IPNet) ([]Route, error) {
 		}

 		r := Route{
-			MTU: mtu,
+			Install: true,
+			MTU:     mtu,
 		}

 		_, r.Cidr, err = net.ParseCIDR(fmt.Sprintf("%v", rRoute))
@@ -182,10 +184,20 @@ func parseUnsafeRoutes(c *config.C, network *net.IPNet) ([]Route, error) {

 		viaVpnIp := iputil.Ip2VpnIp(nVia)

+		install := true
+		rInstall, ok := m["install"]
+		if ok {
+			install, err = strconv.ParseBool(fmt.Sprintf("%v", rInstall))
+			if err != nil {
+				return nil, fmt.Errorf("entry %v.install in tun.unsafe_routes is not a boolean: %v", i+1, err)
+			}
+		}
+
 		r := Route{
-			Via:    &viaVpnIp,
-			MTU:    mtu,
-			Metric: metric,
+			Via:     &viaVpnIp,
+			MTU:     mtu,
+			Metric:  metric,
+			Install: install,
 		}

 		_, r.Cidr, err = net.ParseCIDR(fmt.Sprintf("%v", rRoute))