From f8fe454972d740556600cf2ec9e69caf7a18ff75 Mon Sep 17 00:00:00 2001 From: Nate Brown Date: Mon, 24 Feb 2025 14:09:33 -0600 Subject: [PATCH] Fix netbsd routes --- overlay/tun_darwin.go | 1 - overlay/tun_netbsd.go | 54 ++++++++++++++++++++++++++++--------------- pki.go | 1 - 3 files changed, 35 insertions(+), 21 deletions(-) diff --git a/overlay/tun_darwin.go b/overlay/tun_darwin.go index 1a02b49..8bf52db 100644 --- a/overlay/tun_darwin.go +++ b/overlay/tun_darwin.go @@ -294,7 +294,6 @@ func (t *tun) activate6(network netip.Prefix) error { Vltime: 0xffffffff, Pltime: 0xffffffff, }, - //TODO: CERT-V2 should we disable DAD (duplicate address detection) and mark this as a secured address? Flags: _IN6_IFF_NODAD, } diff --git a/overlay/tun_netbsd.go b/overlay/tun_netbsd.go index f7586cb..b109281 100644 --- a/overlay/tun_netbsd.go +++ b/overlay/tun_netbsd.go @@ -108,26 +108,34 @@ func (t *tun) addIp(cidr netip.Prefix) error { var err error // TODO use syscalls instead of exec.Command - cmd := exec.Command("/sbin/ifconfig", t.Device, cidr.String(), cidr.Addr().String()) - t.l.Debug("command: ", cmd.String()) - if err = cmd.Run(); err != nil { - return fmt.Errorf("failed to run 'ifconfig': %s", err) + if cidr.Addr().Is6() { + cmd := exec.Command("/sbin/ifconfig", t.Device, "inet6", cidr.Addr().String(), "prefixlen", strconv.Itoa(cidr.Bits()), "alias") + t.l.Debug("command: ", cmd.String()) + if err = cmd.Run(); err != nil { + return fmt.Errorf("failed to run 'ifconfig': %s", err) + } + + cmd = exec.Command("/sbin/route", "-n", "add", "-net", cidr.String(), cidr.Addr().String()) + t.l.Debug("command: ", cmd.String()) + if err = cmd.Run(); err != nil { + return fmt.Errorf("failed to run 'route add': %s", err) + } + + } else { + cmd := exec.Command("/sbin/ifconfig", t.Device, cidr.String(), cidr.Addr().String()) + t.l.Debug("command: ", cmd.String()) + if err = cmd.Run(); err != nil { + return fmt.Errorf("failed to run 'ifconfig': %s", err) + } + + cmd = exec.Command("/sbin/route", "-n", "add", "-net", cidr.String(), cidr.Addr().String()) + t.l.Debug("command: ", cmd.String()) + if err = cmd.Run(); err != nil { + return fmt.Errorf("failed to run 'route add': %s", err) + } } - cmd = exec.Command("/sbin/route", "-n", "add", "-net", cidr.String(), cidr.Addr().String()) - t.l.Debug("command: ", cmd.String()) - if err = cmd.Run(); err != nil { - return fmt.Errorf("failed to run 'route add': %s", err) - } - - cmd = exec.Command("/sbin/ifconfig", t.Device, "mtu", strconv.Itoa(t.MTU)) - t.l.Debug("command: ", cmd.String()) - if err = cmd.Run(); err != nil { - return fmt.Errorf("failed to run 'ifconfig': %s", err) - } - - // Unsafe path routes - return t.addRoutes(false) + return nil } func (t *tun) Activate() error { @@ -137,7 +145,15 @@ func (t *tun) Activate() error { return err } } - return nil + + cmd := exec.Command("/sbin/ifconfig", t.Device, "mtu", strconv.Itoa(t.MTU)) + t.l.Debug("command: ", cmd.String()) + if err := cmd.Run(); err != nil { + return fmt.Errorf("failed to run '%s': %s", cmd, err) + } + + // Unsafe path routes + return t.addRoutes(false) } func (t *tun) reload(c *config.C, initial bool) error { diff --git a/pki.go b/pki.go index 888da7c..acbc6fb 100644 --- a/pki.go +++ b/pki.go @@ -173,7 +173,6 @@ func (p *PKI) reloadCerts(c *config.C, initial bool) *util.ContextualError { p.cs.Store(newState) - //TODO: CERT-V2 newState needs a stringer that does json if initial { p.l.WithField("cert", newState).Debug("Client nebula certificate(s)") } else {