personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-12-18 12:58:27 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge tag 'v1.9.4' into multiport

Browse Source 
1.9.4 Release
This commit is contained in:
Wade Simmons
2024-09-13 10:17:59 -04:00
parent 6b78e9cdb3 ab81b62ea0
commit dabce8a1b4
83 changed files with 2056 additions and 2755 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
interface.go
View File

@@ -2,10 +2,11 @@ package nebula
import (
"context"
"encoding/binary"
"errors"
"fmt"
"io"
"net"
"net/netip"
"os"
"runtime"
"sync/atomic"
@@ -16,7 +17,6 @@ import (
"github.com/slackhq/nebula/config"
"github.com/slackhq/nebula/firewall"
"github.com/slackhq/nebula/header"
"github.com/slackhq/nebula/iputil"
"github.com/slackhq/nebula/overlay"
"github.com/slackhq/nebula/udp"
)
@@ -63,8 +63,8 @@ type Interface struct {
serveDns bool
createTime time.Time
lightHouse *LightHouse
localBroadcast iputil.VpnIp
myVpnIp iputil.VpnIp
myBroadcastAddr netip.Addr
myVpnNet netip.Prefix
dropLocalBroadcast bool
dropMulticast bool
routines int
@@ -103,7 +103,7 @@ type MultiPortConfig struct {
TxBasePort uint16
TxPorts int
TxHandshake bool
TxHandshakeDelay int
TxHandshakeDelay int64
}
type EncWriter interface {
@@ -114,9 +114,9 @@ type EncWriter interface {
out []byte,
nocopy bool,
)
SendMessageToVpnIp(t header.MessageType, st header.MessageSubType, vpnIp iputil.VpnIp, p, nb, out []byte)
SendMessageToVpnIp(t header.MessageType, st header.MessageSubType, vpnIp netip.Addr, p, nb, out []byte)
SendMessageToHostInfo(t header.MessageType, st header.MessageSubType, hostinfo *HostInfo, p, nb, out []byte)
Handshake(vpnIp iputil.VpnIp)
Handshake(vpnIp netip.Addr)
}
type sendRecvErrorConfig uint8
@@ -127,10 +127,10 @@ const (
sendRecvErrorPrivate
)
func (s sendRecvErrorConfig) ShouldSendRecvError(ip net.IP) bool {
func (s sendRecvErrorConfig) ShouldSendRecvError(ip netip.AddrPort) bool {
switch s {
case sendRecvErrorPrivate:
return ip.IsPrivate()
return ip.Addr().IsPrivate()
case sendRecvErrorAlways:
return true
case sendRecvErrorNever:
@@ -168,7 +168,27 @@ func NewInterface(ctx context.Context, c *InterfaceConfig) (*Interface, error) {
}
certificate := c.pki.GetCertState().Certificate
myVpnIp := iputil.Ip2VpnIp(certificate.Details.Ips[0].IP)
myVpnAddr, ok := netip.AddrFromSlice(certificate.Details.Ips[0].IP)
if !ok {
return nil, fmt.Errorf("invalid ip address in certificate: %s", certificate.Details.Ips[0].IP)
}
myVpnMask, ok := netip.AddrFromSlice(certificate.Details.Ips[0].Mask)
if !ok {
return nil, fmt.Errorf("invalid ip mask in certificate: %s", certificate.Details.Ips[0].Mask)
}
myVpnAddr = myVpnAddr.Unmap()
myVpnMask = myVpnMask.Unmap()
if myVpnAddr.BitLen() != myVpnMask.BitLen() {
return nil, fmt.Errorf("ip address and mask are different lengths in certificate")
}
ones, _ := certificate.Details.Ips[0].Mask.Size()
myVpnNet := netip.PrefixFrom(myVpnAddr, ones)
ifce := &Interface{
pki: c.pki,
hostMap: c.HostMap,
@@ -180,14 +200,13 @@ func NewInterface(ctx context.Context, c *InterfaceConfig) (*Interface, error) {
handshakeManager: c.HandshakeManager,
createTime: time.Now(),
lightHouse: c.lightHouse,
localBroadcast: myVpnIp | ^iputil.Ip2VpnIp(certificate.Details.Ips[0].Mask),
dropLocalBroadcast: c.DropLocalBroadcast,
dropMulticast: c.DropMulticast,
routines: c.routines,
version: c.version,
writers: make([]udp.Conn, c.routines),
readers: make([]io.ReadWriteCloser, c.routines),
myVpnIp: myVpnIp,
myVpnNet: myVpnNet,
relayManager: c.relayManager,
conntrackCacheTimeout: c.ConntrackCacheTimeout,
@@ -202,6 +221,12 @@ func NewInterface(ctx context.Context, c *InterfaceConfig) (*Interface, error) {
l: c.l,
}
if myVpnAddr.Is4() {
addr := myVpnNet.Masked().Addr().As4()
binary.BigEndian.PutUint32(addr[:], binary.BigEndian.Uint32(addr[:])|^binary.BigEndian.Uint32(certificate.Details.Ips[0].Mask))
ifce.myBroadcastAddr = netip.AddrFrom4(addr)
}
ifce.tryPromoteEvery.Store(c.tryPromoteEvery)
ifce.reQueryEvery.Store(c.reQueryEvery)
ifce.reQueryWait.Store(int64(c.reQueryWait))