Push route handling into overlay, a few more nits fixed (#581)

2025-11-24 01:14:25 +01:00 · 2021-11-12 11:19:28 -06:00
parent 2f1f0d602f
commit 467e605d5e
17 changed files with 300 additions and 185 deletions
--- a/overlay/tun_freebsd.go
+++ b/overlay/tun_freebsd.go
@@ -14,16 +14,19 @@ import (
 	"strings"

 	"github.com/sirupsen/logrus"
+	"github.com/slackhq/nebula/cidr"
+	"github.com/slackhq/nebula/iputil"
 )

 var deviceNameRE = regexp.MustCompile(`^tun[0-9]+$`)

 type tun struct {
-	Device       string
-	Cidr         *net.IPNet
-	MTU          int
-	UnsafeRoutes []Route
-	l            *logrus.Logger
+	Device   string
+	Cidr     *net.IPNet
+	MTU      int
+	Routes   []Route
+	cidrTree *cidr.Tree4
+	l        *logrus.Logger

 	io.ReadWriteCloser
 }
@@ -35,14 +38,16 @@ func (t *tun) Close() error {
 	return nil
 }

-func newTunFromFd(_ *logrus.Logger, _ int, _ *net.IPNet, _ int, _ []Route, _ []Route, _ int) (*tun, error) {
+func newTunFromFd(_ *logrus.Logger, _ int, _ *net.IPNet, _ int, _ []Route, _ int) (*tun, error) {
 	return nil, fmt.Errorf("newTunFromFd not supported in FreeBSD")
 }

-func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, _ int, _ bool) (*tun, error) {
-	if len(routes) > 0 {
-		return nil, fmt.Errorf("route MTU not supported in FreeBSD")
+func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []Route, _ int, _ bool) (*tun, error) {
+	cidrTree, err := makeCidrTree(routes, false)
+	if err != nil {
+		return nil, err
 	}
+
 	if strings.HasPrefix(deviceName, "/dev/") {
 		deviceName = strings.TrimPrefix(deviceName, "/dev/")
 	}
@@ -50,11 +55,12 @@ func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int
 		return nil, fmt.Errorf("tun.dev must match `tun[0-9]+`")
 	}
 	return &tun{
-		Device:       deviceName,
-		Cidr:         cidr,
-		MTU:          defaultMTU,
-		UnsafeRoutes: unsafeRoutes,
-		l:            l,
+		Device:   deviceName,
+		Cidr:     cidr,
+		MTU:      defaultMTU,
+		Routes:   routes,
+		cidrTree: cidrTree,
+		l:        l,
 	}, nil
 }

@@ -79,7 +85,12 @@ func (t *tun) Activate() error {
 		return fmt.Errorf("failed to run 'ifconfig': %s", err)
 	}
 	// Unsafe path routes
-	for _, r := range t.UnsafeRoutes {
+	for _, r := range t.Routes {
+		if r.Via == nil {
+			// We don't allow route MTUs so only install routes with a via
+			continue
+		}
+
 		t.l.Debug("command: route", "-n", "add", "-net", r.Cidr.String(), "-interface", t.Device)
 		if err = exec.Command("/sbin/route", "-n", "add", "-net", r.Cidr.String(), "-interface", t.Device).Run(); err != nil {
 			return fmt.Errorf("failed to run 'route add' for unsafe_route %s: %s", r.Cidr.String(), err)
@@ -89,6 +100,15 @@ func (t *tun) Activate() error {
 	return nil
 }

+func (t *tun) RouteFor(ip iputil.VpnIp) iputil.VpnIp {
+	r := t.cidrTree.MostSpecificContains(ip)
+	if r != nil {
+		return r.(iputil.VpnIp)
+	}
+
+	return 0
+}
+
 func (t *tun) CidrNet() *net.IPNet {
 	return t.Cidr
 }