From e07524a654ed808daf731554e2d85d67deb0c49b Mon Sep 17 00:00:00 2001 From: Nate Brown Date: Thu, 11 Nov 2021 16:37:29 -0600 Subject: [PATCH] Move all of tun into overlay (#577) --- connection_manager_test.go | 7 +- control_tester.go | 7 +- hostmap.go | 7 +- main.go | 31 +------ tun_common.go => overlay/route.go | 56 ++++++------ overlay/tun.go | 41 +++++++++ tun_android.go => overlay/tun_android.go | 10 +-- tun_darwin.go => overlay/tun_darwin.go | 12 +-- tun_disabled.go => overlay/tun_disabled.go | 5 +- tun_freebsd.go => overlay/tun_freebsd.go | 14 +-- tun_ios.go => overlay/tun_ios.go | 6 +- tun_linux.go => overlay/tun_linux.go | 36 ++++---- .../tun_linux_test.go | 16 ++-- tun_test.go => overlay/tun_test.go | 88 +++++++++---------- tun_tester.go => overlay/tun_tester.go | 18 ++-- .../tun_water_windows.go | 10 +-- tun_windows.go => overlay/tun_windows.go | 11 ++- .../tun_wintun_windows.go | 14 +-- 18 files changed, 203 insertions(+), 186 deletions(-) rename tun_common.go => overlay/route.go (82%) create mode 100644 overlay/tun.go rename tun_android.go => overlay/tun_android.go (88%) rename tun_darwin.go => overlay/tun_darwin.go (97%) rename tun_disabled.go => overlay/tun_disabled.go (95%) rename tun_freebsd.go => overlay/tun_freebsd.go (86%) rename tun_ios.go => overlay/tun_ios.go (93%) rename tun_linux.go => overlay/tun_linux.go (92%) rename tun_linux_test.go => overlay/tun_linux_test.go (56%) rename tun_test.go => overlay/tun_test.go (82%) rename tun_tester.go => overlay/tun_tester.go (87%) rename tun_water_windows.go => overlay/tun_water_windows.go (89%) rename tun_windows.go => overlay/tun_windows.go (87%) rename tun_wintun_windows.go => overlay/tun_wintun_windows.go (92%) diff --git a/connection_manager_test.go b/connection_manager_test.go index f05eaee..603a236 100644 --- a/connection_manager_test.go +++ b/connection_manager_test.go @@ -11,6 +11,7 @@ import ( "github.com/flynn/noise" "github.com/slackhq/nebula/cert" "github.com/slackhq/nebula/iputil" + "github.com/slackhq/nebula/overlay" "github.com/slackhq/nebula/test" "github.com/slackhq/nebula/udp" "github.com/stretchr/testify/assert" @@ -38,7 +39,7 @@ func Test_NewConnectionManagerTest(t *testing.T) { lh := NewLightHouse(l, false, &net.IPNet{IP: net.IP{0, 0, 0, 0}, Mask: net.IPMask{0, 0, 0, 0}}, []iputil.VpnIp{}, 1000, 0, &udp.Conn{}, false, 1, false) ifce := &Interface{ hostMap: hostMap, - inside: &Tun{}, + inside: &overlay.Tun{}, outside: &udp.Conn{}, certState: cs, firewall: &Firewall{}, @@ -107,7 +108,7 @@ func Test_NewConnectionManagerTest2(t *testing.T) { lh := NewLightHouse(l, false, &net.IPNet{IP: net.IP{0, 0, 0, 0}, Mask: net.IPMask{0, 0, 0, 0}}, []iputil.VpnIp{}, 1000, 0, &udp.Conn{}, false, 1, false) ifce := &Interface{ hostMap: hostMap, - inside: &Tun{}, + inside: &overlay.Tun{}, outside: &udp.Conn{}, certState: cs, firewall: &Firewall{}, @@ -216,7 +217,7 @@ func Test_NewConnectionManagerTest_DisconnectInvalid(t *testing.T) { lh := NewLightHouse(l, false, &net.IPNet{IP: net.IP{0, 0, 0, 0}, Mask: net.IPMask{0, 0, 0, 0}}, []iputil.VpnIp{}, 1000, 0, &udp.Conn{}, false, 1, false) ifce := &Interface{ hostMap: hostMap, - inside: &Tun{}, + inside: &overlay.Tun{}, outside: &udp.Conn{}, certState: cs, firewall: &Firewall{}, diff --git a/control_tester.go b/control_tester.go index 2c7752e..c9a9161 100644 --- a/control_tester.go +++ b/control_tester.go @@ -10,6 +10,7 @@ import ( "github.com/google/gopacket/layers" "github.com/slackhq/nebula/header" "github.com/slackhq/nebula/iputil" + "github.com/slackhq/nebula/overlay" "github.com/slackhq/nebula/udp" ) @@ -64,7 +65,7 @@ func (c *Control) InjectLightHouseAddr(vpnIp net.IP, toAddr *net.UDPAddr) { // GetFromTun will pull a packet off the tun side of nebula func (c *Control) GetFromTun(block bool) []byte { - return c.f.inside.(*Tun).Get(block) + return c.f.inside.(*overlay.Tun).Get(block) } // GetFromUDP will pull a udp packet off the udp side of nebula @@ -77,7 +78,7 @@ func (c *Control) GetUDPTxChan() <-chan *udp.Packet { } func (c *Control) GetTunTxChan() <-chan []byte { - return c.f.inside.(*Tun).txPackets + return c.f.inside.(*overlay.Tun).TxPackets } // InjectUDPPacket will inject a packet into the udp side of nebula @@ -114,7 +115,7 @@ func (c *Control) InjectTunUDPPacket(toIp net.IP, toPort uint16, fromPort uint16 panic(err) } - c.f.inside.(*Tun).Send(buffer.Bytes()) + c.f.inside.(*overlay.Tun).Send(buffer.Bytes()) } func (c *Control) GetUDPAddr() string { diff --git a/hostmap.go b/hostmap.go index d558100..82e7016 100644 --- a/hostmap.go +++ b/hostmap.go @@ -15,6 +15,7 @@ import ( "github.com/slackhq/nebula/cidr" "github.com/slackhq/nebula/header" "github.com/slackhq/nebula/iputil" + "github.com/slackhq/nebula/overlay" "github.com/slackhq/nebula/udp" ) @@ -408,10 +409,10 @@ func (hm *HostMap) Punchy(ctx context.Context, conn *udp.Conn) { } } -func (hm *HostMap) addUnsafeRoutes(routes *[]route) { +func (hm *HostMap) addUnsafeRoutes(routes *[]overlay.Route) { for _, r := range *routes { - hm.l.WithField("route", r.route).WithField("via", r.via).Warn("Adding UNSAFE Route") - hm.unsafeRoutes.AddCIDR(r.route, iputil.Ip2VpnIp(*r.via)) + hm.l.WithField("cidr", r.Cidr).WithField("via", r.Via).Warn("Adding UNSAFE Route") + hm.unsafeRoutes.AddCIDR(r.Cidr, iputil.Ip2VpnIp(*r.Via)) } } diff --git a/main.go b/main.go index 2d62176..7f73365 100644 --- a/main.go +++ b/main.go @@ -78,11 +78,11 @@ func Main(c *config.C, configTest bool, buildVersion string, logger *logrus.Logg // TODO: make sure mask is 4 bytes tunCidr := cs.certificate.Details.Ips[0] - routes, err := parseRoutes(c, tunCidr) + routes, err := overlay.ParseRoutes(c, tunCidr) if err != nil { return nil, util.NewContextualError("Could not parse tun.routes", nil, err) } - unsafeRoutes, err := parseUnsafeRoutes(c, tunCidr) + unsafeRoutes, err := overlay.ParseUnsafeRoutes(c, tunCidr) if err != nil { return nil, util.NewContextualError("Could not parse tun.unsafe_routes", nil, err) } @@ -142,32 +142,7 @@ func Main(c *config.C, configTest bool, buildVersion string, logger *logrus.Logg if !configTest { c.CatchHUP(ctx) - switch { - case c.GetBool("tun.disabled", false): - tun = newDisabledTun(tunCidr, c.GetInt("tun.tx_queue", 500), c.GetBool("stats.message_metrics", false), l) - case tunFd != nil: - tun, err = newTunFromFd( - l, - *tunFd, - tunCidr, - c.GetInt("tun.mtu", DEFAULT_MTU), - routes, - unsafeRoutes, - c.GetInt("tun.tx_queue", 500), - ) - default: - tun, err = newTun( - l, - c.GetString("tun.dev", ""), - tunCidr, - c.GetInt("tun.mtu", DEFAULT_MTU), - routes, - unsafeRoutes, - c.GetInt("tun.tx_queue", 500), - routines > 1, - ) - } - + tun, err = overlay.NewDeviceFromConfig(c, l, tunCidr, routes, unsafeRoutes, tunFd, routines) if err != nil { return nil, util.NewContextualError("Failed to get a tun/tap device", nil, err) } diff --git a/tun_common.go b/overlay/route.go similarity index 82% rename from tun_common.go rename to overlay/route.go index a6c7c1e..a104dab 100644 --- a/tun_common.go +++ b/overlay/route.go @@ -1,4 +1,4 @@ -package nebula +package overlay import ( "fmt" @@ -9,21 +9,19 @@ import ( "github.com/slackhq/nebula/config" ) -const DEFAULT_MTU = 1300 - -type route struct { - mtu int - metric int - route *net.IPNet - via *net.IP +type Route struct { + MTU int + Metric int + Cidr *net.IPNet + Via *net.IP } -func parseRoutes(c *config.C, network *net.IPNet) ([]route, error) { +func ParseRoutes(c *config.C, network *net.IPNet) ([]Route, error) { var err error r := c.Get("tun.routes") if r == nil { - return []route{}, nil + return []Route{}, nil } rawRoutes, ok := r.([]interface{}) @@ -32,10 +30,10 @@ func parseRoutes(c *config.C, network *net.IPNet) ([]route, error) { } if len(rawRoutes) < 1 { - return []route{}, nil + return []Route{}, nil } - routes := make([]route, len(rawRoutes)) + routes := make([]Route, len(rawRoutes)) for i, r := range rawRoutes { m, ok := r.(map[interface{}]interface{}) if !ok { @@ -64,20 +62,20 @@ func parseRoutes(c *config.C, network *net.IPNet) ([]route, error) { return nil, fmt.Errorf("entry %v.route in tun.routes is not present", i+1) } - r := route{ - mtu: mtu, + r := Route{ + MTU: mtu, } - _, r.route, err = net.ParseCIDR(fmt.Sprintf("%v", rRoute)) + _, r.Cidr, err = net.ParseCIDR(fmt.Sprintf("%v", rRoute)) if err != nil { return nil, fmt.Errorf("entry %v.route in tun.routes failed to parse: %v", i+1, err) } - if !ipWithin(network, r.route) { + if !ipWithin(network, r.Cidr) { return nil, fmt.Errorf( "entry %v.route in tun.routes is not contained within the network attached to the certificate; route: %v, network: %v", i+1, - r.route.String(), + r.Cidr.String(), network.String(), ) } @@ -88,12 +86,12 @@ func parseRoutes(c *config.C, network *net.IPNet) ([]route, error) { return routes, nil } -func parseUnsafeRoutes(c *config.C, network *net.IPNet) ([]route, error) { +func ParseUnsafeRoutes(c *config.C, network *net.IPNet) ([]Route, error) { var err error r := c.Get("tun.unsafe_routes") if r == nil { - return []route{}, nil + return []Route{}, nil } rawRoutes, ok := r.([]interface{}) @@ -102,10 +100,10 @@ func parseUnsafeRoutes(c *config.C, network *net.IPNet) ([]route, error) { } if len(rawRoutes) < 1 { - return []route{}, nil + return []Route{}, nil } - routes := make([]route, len(rawRoutes)) + routes := make([]Route, len(rawRoutes)) for i, r := range rawRoutes { m, ok := r.(map[interface{}]interface{}) if !ok { @@ -114,7 +112,7 @@ func parseUnsafeRoutes(c *config.C, network *net.IPNet) ([]route, error) { rMtu, ok := m["mtu"] if !ok { - rMtu = c.GetInt("tun.mtu", DEFAULT_MTU) + rMtu = c.GetInt("tun.mtu", DefaultMTU) } mtu, ok := rMtu.(int) @@ -166,22 +164,22 @@ func parseUnsafeRoutes(c *config.C, network *net.IPNet) ([]route, error) { return nil, fmt.Errorf("entry %v.route in tun.unsafe_routes is not present", i+1) } - r := route{ - via: &nVia, - mtu: mtu, - metric: metric, + r := Route{ + Via: &nVia, + MTU: mtu, + Metric: metric, } - _, r.route, err = net.ParseCIDR(fmt.Sprintf("%v", rRoute)) + _, r.Cidr, err = net.ParseCIDR(fmt.Sprintf("%v", rRoute)) if err != nil { return nil, fmt.Errorf("entry %v.route in tun.unsafe_routes failed to parse: %v", i+1, err) } - if ipWithin(network, r.route) { + if ipWithin(network, r.Cidr) { return nil, fmt.Errorf( "entry %v.route in tun.unsafe_routes is contained within the network attached to the certificate; route: %v, network: %v", i+1, - r.route.String(), + r.Cidr.String(), network.String(), ) } diff --git a/overlay/tun.go b/overlay/tun.go new file mode 100644 index 0000000..cdb6b64 --- /dev/null +++ b/overlay/tun.go @@ -0,0 +1,41 @@ +package overlay + +import ( + "net" + + "github.com/sirupsen/logrus" + "github.com/slackhq/nebula/config" +) + +const DefaultMTU = 1300 + +func NewDeviceFromConfig(c *config.C, l *logrus.Logger, tunCidr *net.IPNet, routes, unsafeRoutes []Route, fd *int, routines int) (Device, error) { + switch { + case c.GetBool("tun.disabled", false): + tun := newDisabledTun(tunCidr, c.GetInt("tun.tx_queue", 500), c.GetBool("stats.message_metrics", false), l) + return tun, nil + + case fd != nil: + return newTunFromFd( + l, + *fd, + tunCidr, + c.GetInt("tun.mtu", DefaultMTU), + routes, + unsafeRoutes, + c.GetInt("tun.tx_queue", 500), + ) + + default: + return newTun( + l, + c.GetString("tun.dev", ""), + tunCidr, + c.GetInt("tun.mtu", DefaultMTU), + routes, + unsafeRoutes, + c.GetInt("tun.tx_queue", 500), + routines > 1, + ) + } +} diff --git a/tun_android.go b/overlay/tun_android.go similarity index 88% rename from tun_android.go rename to overlay/tun_android.go index 8d1a1ff..d94a0a8 100644 --- a/tun_android.go +++ b/overlay/tun_android.go @@ -1,7 +1,7 @@ //go:build !e2e_testing // +build !e2e_testing -package nebula +package overlay import ( "fmt" @@ -21,12 +21,12 @@ type Tun struct { MaxMTU int DefaultMTU int TXQueueLen int - Routes []route - UnsafeRoutes []route + Routes []Route + UnsafeRoutes []Route l *logrus.Logger } -func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int) (ifce *Tun, err error) { +func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int) (ifce *Tun, err error) { file := os.NewFile(uintptr(deviceFd), "/dev/net/tun") ifce = &Tun{ @@ -43,7 +43,7 @@ func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU in return } -func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { +func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { return nil, fmt.Errorf("newTun not supported in Android") } diff --git a/tun_darwin.go b/overlay/tun_darwin.go similarity index 97% rename from tun_darwin.go rename to overlay/tun_darwin.go index 0cfd24b..526b302 100644 --- a/tun_darwin.go +++ b/overlay/tun_darwin.go @@ -1,7 +1,7 @@ //go:build !ios && !e2e_testing // +build !ios,!e2e_testing -package nebula +package overlay import ( "fmt" @@ -22,7 +22,7 @@ type Tun struct { Cidr *net.IPNet DefaultMTU int TXQueueLen int - UnsafeRoutes []route + UnsafeRoutes []Route l *logrus.Logger // cache out buffer since we need to prepend 4 bytes for tun metadata @@ -80,7 +80,7 @@ type ifreqQLEN struct { pad [8]byte } -func newTun(l *logrus.Logger, name string, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { +func newTun(l *logrus.Logger, name string, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { if len(routes) > 0 { return nil, fmt.Errorf("route MTU not supported in Darwin") } @@ -172,7 +172,7 @@ func (t *Tun) deviceBytes() (o [16]byte) { return } -func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int) (ifce *Tun, err error) { +func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int) (ifce *Tun, err error) { return nil, fmt.Errorf("newTunFromFd not supported in Darwin") } @@ -286,8 +286,8 @@ func (t *Tun) Activate() error { // Unsafe path routes for _, r := range t.UnsafeRoutes { - copy(routeAddr.IP[:], r.route.IP.To4()) - copy(maskAddr.IP[:], net.IP(r.route.Mask).To4()) + copy(routeAddr.IP[:], r.Cidr.IP.To4()) + copy(maskAddr.IP[:], net.IP(r.Cidr.Mask).To4()) err = addRoute(routeSock, routeAddr, maskAddr, linkAddr) if err != nil { diff --git a/tun_disabled.go b/overlay/tun_disabled.go similarity index 95% rename from tun_disabled.go rename to overlay/tun_disabled.go index 5db8961..3718223 100644 --- a/tun_disabled.go +++ b/overlay/tun_disabled.go @@ -1,4 +1,4 @@ -package nebula +package overlay import ( "encoding/binary" @@ -71,7 +71,8 @@ func (t *disabledTun) Read(b []byte) (int, error) { func (t *disabledTun) handleICMPEchoRequest(b []byte) bool { // Return early if this is not a simple ICMP Echo Request - if !(len(b) >= 28 && len(b) <= mtu && b[0] == 0x45 && b[9] == 0x01 && b[20] == 0x08) { + //TODO: make constants out of these + if !(len(b) >= 28 && len(b) <= 9001 && b[0] == 0x45 && b[9] == 0x01 && b[20] == 0x08) { return false } diff --git a/tun_freebsd.go b/overlay/tun_freebsd.go similarity index 86% rename from tun_freebsd.go rename to overlay/tun_freebsd.go index 482edad..d5b5b3e 100644 --- a/tun_freebsd.go +++ b/overlay/tun_freebsd.go @@ -1,7 +1,7 @@ //go:build !e2e_testing // +build !e2e_testing -package nebula +package overlay import ( "fmt" @@ -22,7 +22,7 @@ type Tun struct { Device string Cidr *net.IPNet MTU int - UnsafeRoutes []route + UnsafeRoutes []Route l *logrus.Logger io.ReadWriteCloser @@ -35,11 +35,11 @@ func (c *Tun) Close() error { return nil } -func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int) (ifce *Tun, err error) { +func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int) (ifce *Tun, err error) { return nil, fmt.Errorf("newTunFromFd not supported in FreeBSD") } -func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { +func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { if len(routes) > 0 { return nil, fmt.Errorf("Route MTU not supported in FreeBSD") } @@ -80,9 +80,9 @@ func (c *Tun) Activate() error { } // Unsafe path routes for _, r := range c.UnsafeRoutes { - c.l.Debug("command: route", "-n", "add", "-net", r.route.String(), "-interface", c.Device) - if err = exec.Command("/sbin/route", "-n", "add", "-net", r.route.String(), "-interface", c.Device).Run(); err != nil { - return fmt.Errorf("failed to run 'route add' for unsafe_route %s: %s", r.route.String(), err) + c.l.Debug("command: route", "-n", "add", "-net", r.Cidr.String(), "-interface", c.Device) + if err = exec.Command("/sbin/route", "-n", "add", "-net", r.Cidr.String(), "-interface", c.Device).Run(); err != nil { + return fmt.Errorf("failed to run 'route add' for unsafe_route %s: %s", r.Cidr.String(), err) } } diff --git a/tun_ios.go b/overlay/tun_ios.go similarity index 93% rename from tun_ios.go rename to overlay/tun_ios.go index 43e29f3..4dd448d 100644 --- a/tun_ios.go +++ b/overlay/tun_ios.go @@ -1,7 +1,7 @@ //go:build ios && !e2e_testing // +build ios,!e2e_testing -package nebula +package overlay import ( "errors" @@ -21,11 +21,11 @@ type Tun struct { Cidr *net.IPNet } -func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { +func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { return nil, fmt.Errorf("newTun not supported in iOS") } -func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int) (ifce *Tun, err error) { +func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int) (ifce *Tun, err error) { if len(routes) > 0 { return nil, fmt.Errorf("route MTU not supported in Darwin") } diff --git a/tun_linux.go b/overlay/tun_linux.go similarity index 92% rename from tun_linux.go rename to overlay/tun_linux.go index 406a6c5..1403381 100644 --- a/tun_linux.go +++ b/overlay/tun_linux.go @@ -1,7 +1,7 @@ //go:build !android && !e2e_testing // +build !android,!e2e_testing -package nebula +package overlay import ( "fmt" @@ -24,8 +24,8 @@ type Tun struct { MaxMTU int DefaultMTU int TXQueueLen int - Routes []route - UnsafeRoutes []route + Routes []Route + UnsafeRoutes []Route l *logrus.Logger } @@ -81,7 +81,7 @@ type ifreqQLEN struct { pad [8]byte } -func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int) (ifce *Tun, err error) { +func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int) (ifce *Tun, err error) { file := os.NewFile(uintptr(deviceFd), "/dev/net/tun") @@ -99,7 +99,7 @@ func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU in return } -func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { +func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { fd, err := unix.Open("/dev/net/tun", os.O_RDWR, 0) if err != nil { return nil, err @@ -120,8 +120,8 @@ func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int maxMTU := defaultMTU for _, r := range routes { - if r.mtu > maxMTU { - maxMTU = r.mtu + if r.MTU > maxMTU { + maxMTU = r.MTU } } @@ -266,7 +266,7 @@ func (c Tun) Activate() error { LinkIndex: link.Attrs().Index, Dst: dr, MTU: c.DefaultMTU, - AdvMSS: c.advMSS(route{}), + AdvMSS: c.advMSS(Route{}), Scope: unix.RT_SCOPE_LINK, Src: c.Cidr.IP, Protocol: unix.RTPROT_KERNEL, @@ -282,15 +282,15 @@ func (c Tun) Activate() error { for _, r := range c.Routes { nr := netlink.Route{ LinkIndex: link.Attrs().Index, - Dst: r.route, - MTU: r.mtu, + Dst: r.Cidr, + MTU: r.MTU, AdvMSS: c.advMSS(r), Scope: unix.RT_SCOPE_LINK, } err = netlink.RouteAdd(&nr) if err != nil { - return fmt.Errorf("failed to set mtu %v on route %v; %v", r.mtu, r.route, err) + return fmt.Errorf("failed to set mtu %v on route %v; %v", r.MTU, r.Cidr, err) } } @@ -298,16 +298,16 @@ func (c Tun) Activate() error { for _, r := range c.UnsafeRoutes { nr := netlink.Route{ LinkIndex: link.Attrs().Index, - Dst: r.route, - MTU: r.mtu, - Priority: r.metric, + Dst: r.Cidr, + MTU: r.MTU, + Priority: r.Metric, AdvMSS: c.advMSS(r), Scope: unix.RT_SCOPE_LINK, } err = netlink.RouteAdd(&nr) if err != nil { - return fmt.Errorf("failed to set mtu %v on route %v; %v", r.mtu, r.route, err) + return fmt.Errorf("failed to set mtu %v on route %v; %v", r.MTU, r.Cidr, err) } } @@ -328,9 +328,9 @@ func (c *Tun) DeviceName() string { return c.Device } -func (c Tun) advMSS(r route) int { - mtu := r.mtu - if r.mtu == 0 { +func (c Tun) advMSS(r Route) int { + mtu := r.MTU + if r.MTU == 0 { mtu = c.DefaultMTU } diff --git a/tun_linux_test.go b/overlay/tun_linux_test.go similarity index 56% rename from tun_linux_test.go rename to overlay/tun_linux_test.go index 17a0faa..1951a0e 100644 --- a/tun_linux_test.go +++ b/overlay/tun_linux_test.go @@ -1,25 +1,25 @@ //go:build !e2e_testing // +build !e2e_testing -package nebula +package overlay import "testing" var runAdvMSSTests = []struct { name string tun Tun - r route + r Route expected int }{ // Standard case, default MTU is the device max MTU - {"default", Tun{DefaultMTU: 1440, MaxMTU: 1440}, route{}, 0}, - {"default-min", Tun{DefaultMTU: 1440, MaxMTU: 1440}, route{mtu: 1440}, 0}, - {"default-low", Tun{DefaultMTU: 1440, MaxMTU: 1440}, route{mtu: 1200}, 1160}, + {"default", Tun{DefaultMTU: 1440, MaxMTU: 1440}, Route{}, 0}, + {"default-min", Tun{DefaultMTU: 1440, MaxMTU: 1440}, Route{MTU: 1440}, 0}, + {"default-low", Tun{DefaultMTU: 1440, MaxMTU: 1440}, Route{MTU: 1200}, 1160}, // Case where we have a route MTU set higher than the default - {"route", Tun{DefaultMTU: 1440, MaxMTU: 8941}, route{}, 1400}, - {"route-min", Tun{DefaultMTU: 1440, MaxMTU: 8941}, route{mtu: 1440}, 1400}, - {"route-high", Tun{DefaultMTU: 1440, MaxMTU: 8941}, route{mtu: 8941}, 0}, + {"route", Tun{DefaultMTU: 1440, MaxMTU: 8941}, Route{}, 1400}, + {"route-min", Tun{DefaultMTU: 1440, MaxMTU: 8941}, Route{MTU: 1440}, 1400}, + {"route-high", Tun{DefaultMTU: 1440, MaxMTU: 8941}, Route{MTU: 8941}, 0}, } func TestTunAdvMSS(t *testing.T) { diff --git a/tun_test.go b/overlay/tun_test.go similarity index 82% rename from tun_test.go rename to overlay/tun_test.go index 9cbb548..8adac5d 100644 --- a/tun_test.go +++ b/overlay/tun_test.go @@ -1,4 +1,4 @@ -package nebula +package overlay import ( "fmt" @@ -10,73 +10,73 @@ import ( "github.com/stretchr/testify/assert" ) -func Test_parseRoutes(t *testing.T) { +func Test_ParseRoutes(t *testing.T) { l := test.NewLogger() c := config.NewC(l) _, n, _ := net.ParseCIDR("10.0.0.0/24") // test no routes config - routes, err := parseRoutes(c, n) + routes, err := ParseRoutes(c, n) assert.Nil(t, err) assert.Len(t, routes, 0) // not an array c.Settings["tun"] = map[interface{}]interface{}{"routes": "hi"} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "tun.routes is not an array") // no routes c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{}} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, err) assert.Len(t, routes, 0) // weird route c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{"asdf"}} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1 in tun.routes is invalid") // no mtu c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{}}} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.mtu in tun.routes is not present") // bad mtu c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "nope"}}} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.mtu in tun.routes is not an integer: strconv.Atoi: parsing \"nope\": invalid syntax") // low mtu c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "499"}}} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.mtu in tun.routes is below 500: 499") // missing route c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500"}}} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.route in tun.routes is not present") // unparsable route c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "route": "nope"}}} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.route in tun.routes failed to parse: invalid CIDR address: nope") // below network range c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "route": "1.0.0.0/8"}}} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.route in tun.routes is not contained within the network attached to the certificate; route: 1.0.0.0/8, network: 10.0.0.0/24") // above network range c.Settings["tun"] = map[interface{}]interface{}{"routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "route": "10.0.1.0/24"}}} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.route in tun.routes is not contained within the network attached to the certificate; route: 10.0.1.0/24, network: 10.0.0.0/24") @@ -85,18 +85,18 @@ func Test_parseRoutes(t *testing.T) { map[interface{}]interface{}{"mtu": "9000", "route": "10.0.0.0/29"}, map[interface{}]interface{}{"mtu": "8000", "route": "10.0.0.1/32"}, }} - routes, err = parseRoutes(c, n) + routes, err = ParseRoutes(c, n) assert.Nil(t, err) assert.Len(t, routes, 2) tested := 0 for _, r := range routes { - if r.mtu == 8000 { - assert.Equal(t, "10.0.0.1/32", r.route.String()) + if r.MTU == 8000 { + assert.Equal(t, "10.0.0.1/32", r.Cidr.String()) tested++ } else { - assert.Equal(t, 9000, r.mtu) - assert.Equal(t, "10.0.0.0/29", r.route.String()) + assert.Equal(t, 9000, r.MTU) + assert.Equal(t, "10.0.0.0/29", r.Cidr.String()) tested++ } } @@ -106,37 +106,37 @@ func Test_parseRoutes(t *testing.T) { } } -func Test_parseUnsafeRoutes(t *testing.T) { +func Test_ParseUnsafeRoutes(t *testing.T) { l := test.NewLogger() c := config.NewC(l) _, n, _ := net.ParseCIDR("10.0.0.0/24") // test no routes config - routes, err := parseUnsafeRoutes(c, n) + routes, err := ParseUnsafeRoutes(c, n) assert.Nil(t, err) assert.Len(t, routes, 0) // not an array c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": "hi"} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "tun.unsafe_routes is not an array") // no routes c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, err) assert.Len(t, routes, 0) // weird route c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{"asdf"}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1 in tun.unsafe_routes is invalid") // no via c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.via in tun.unsafe_routes is not present") @@ -145,62 +145,62 @@ func Test_parseUnsafeRoutes(t *testing.T) { 127, false, nil, 1.0, []string{"1", "2"}, } { c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": invalidValue}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, fmt.Sprintf("entry 1.via in tun.unsafe_routes is not a string: found %T", invalidValue)) } // unparsable via c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"mtu": "500", "via": "nope"}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.via in tun.unsafe_routes failed to parse address: nope") // missing route c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "500"}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.route in tun.unsafe_routes is not present") // unparsable route c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "500", "route": "nope"}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.route in tun.unsafe_routes failed to parse: invalid CIDR address: nope") // within network range c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "10.0.0.0/24"}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.route in tun.unsafe_routes is contained within the network attached to the certificate; route: 10.0.0.0/24, network: 10.0.0.0/24") // below network range c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "1.0.0.0/8"}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Len(t, routes, 1) assert.Nil(t, err) // above network range c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "10.0.1.0/24"}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Len(t, routes, 1) assert.Nil(t, err) // no mtu c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "route": "1.0.0.0/8"}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Len(t, routes, 1) - assert.Equal(t, DEFAULT_MTU, routes[0].mtu) + assert.Equal(t, DefaultMTU, routes[0].MTU) // bad mtu c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "nope"}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.mtu in tun.unsafe_routes is not an integer: strconv.Atoi: parsing \"nope\": invalid syntax") // low mtu c.Settings["tun"] = map[interface{}]interface{}{"unsafe_routes": []interface{}{map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "499"}}} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, routes) assert.EqualError(t, err, "entry 1.mtu in tun.unsafe_routes is below 500: 499") @@ -210,23 +210,23 @@ func Test_parseUnsafeRoutes(t *testing.T) { map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "8000", "route": "1.0.0.1/32"}, map[interface{}]interface{}{"via": "127.0.0.1", "mtu": "1500", "metric": 1234, "route": "1.0.0.2/32"}, }} - routes, err = parseUnsafeRoutes(c, n) + routes, err = ParseUnsafeRoutes(c, n) assert.Nil(t, err) assert.Len(t, routes, 3) tested := 0 for _, r := range routes { - if r.mtu == 8000 { - assert.Equal(t, "1.0.0.1/32", r.route.String()) + if r.MTU == 8000 { + assert.Equal(t, "1.0.0.1/32", r.Cidr.String()) tested++ - } else if r.mtu == 9000 { - assert.Equal(t, 9000, r.mtu) - assert.Equal(t, "1.0.0.0/29", r.route.String()) + } else if r.MTU == 9000 { + assert.Equal(t, 9000, r.MTU) + assert.Equal(t, "1.0.0.0/29", r.Cidr.String()) tested++ } else { - assert.Equal(t, 1500, r.mtu) - assert.Equal(t, 1234, r.metric) - assert.Equal(t, "1.0.0.2/32", r.route.String()) + assert.Equal(t, 1500, r.MTU) + assert.Equal(t, 1234, r.Metric) + assert.Equal(t, "1.0.0.2/32", r.Cidr.String()) tested++ } } diff --git a/tun_tester.go b/overlay/tun_tester.go similarity index 87% rename from tun_tester.go rename to overlay/tun_tester.go index 09e2684..4d333b0 100644 --- a/tun_tester.go +++ b/overlay/tun_tester.go @@ -1,7 +1,7 @@ //go:build e2e_testing // +build e2e_testing -package nebula +package overlay import ( "fmt" @@ -15,14 +15,14 @@ type Tun struct { Device string Cidr *net.IPNet MTU int - UnsafeRoutes []route + UnsafeRoutes []Route l *logrus.Logger rxPackets chan []byte // Packets to receive into nebula - txPackets chan []byte // Packets transmitted outside by nebula + TxPackets chan []byte // Packets transmitted outside by nebula } -func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, _ []route, unsafeRoutes []route, _ int, _ bool) (ifce *Tun, err error) { +func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, _ []Route, unsafeRoutes []Route, _ int, _ bool) (ifce *Tun, err error) { return &Tun{ Device: deviceName, Cidr: cidr, @@ -30,11 +30,11 @@ func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int UnsafeRoutes: unsafeRoutes, l: l, rxPackets: make(chan []byte, 1), - txPackets: make(chan []byte, 1), + TxPackets: make(chan []byte, 1), }, nil } -func newTunFromFd(_ *logrus.Logger, _ int, _ *net.IPNet, _ int, _ []route, _ []route, _ int) (ifce *Tun, err error) { +func newTunFromFd(_ *logrus.Logger, _ int, _ *net.IPNet, _ int, _ []Route, _ []Route, _ int) (ifce *Tun, err error) { return nil, fmt.Errorf("newTunFromFd not supported") } @@ -51,11 +51,11 @@ func (c *Tun) Send(packet []byte) { // packets were ingested from the udp side, you can send them with udpConn.Send func (c *Tun) Get(block bool) []byte { if block { - return <-c.txPackets + return <-c.TxPackets } select { - case p := <-c.txPackets: + case p := <-c.TxPackets: return p default: return nil @@ -90,7 +90,7 @@ func (c *Tun) Close() error { func (c *Tun) WriteRaw(b []byte) error { packet := make([]byte, len(b), len(b)) copy(packet, b) - c.txPackets <- packet + c.TxPackets <- packet return nil } diff --git a/tun_water_windows.go b/overlay/tun_water_windows.go similarity index 89% rename from tun_water_windows.go rename to overlay/tun_water_windows.go index 5544471..99a82c0 100644 --- a/tun_water_windows.go +++ b/overlay/tun_water_windows.go @@ -1,4 +1,4 @@ -package nebula +package overlay import ( "fmt" @@ -14,12 +14,12 @@ type WindowsWaterTun struct { Device string Cidr *net.IPNet MTU int - UnsafeRoutes []route + UnsafeRoutes []Route *water.Interface } -func newWindowsWaterTun(deviceName string, cidr *net.IPNet, defaultMTU int, unsafeRoutes []route, txQueueLen int) (ifce *WindowsWaterTun, err error) { +func newWindowsWaterTun(deviceName string, cidr *net.IPNet, defaultMTU int, unsafeRoutes []Route, txQueueLen int) (ifce *WindowsWaterTun, err error) { // NOTE: You cannot set the deviceName under Windows, so you must check tun.Device after calling .Activate() return &WindowsWaterTun{ Cidr: cidr, @@ -71,10 +71,10 @@ func (c *WindowsWaterTun) Activate() error { for _, r := range c.UnsafeRoutes { err = exec.Command( - "C:\\Windows\\System32\\route.exe", "add", r.route.String(), r.via.String(), "IF", strconv.Itoa(iface.Index), "METRIC", strconv.Itoa(r.metric), + "C:\\Windows\\System32\\route.exe", "add", r.Cidr.String(), r.Via.String(), "IF", strconv.Itoa(iface.Index), "METRIC", strconv.Itoa(r.Metric), ).Run() if err != nil { - return fmt.Errorf("failed to add the unsafe_route %s: %v", r.route.String(), err) + return fmt.Errorf("failed to add the unsafe_route %s: %v", r.Cidr.String(), err) } } diff --git a/tun_windows.go b/overlay/tun_windows.go similarity index 87% rename from tun_windows.go rename to overlay/tun_windows.go index d55ae5f..0351f01 100644 --- a/tun_windows.go +++ b/overlay/tun_windows.go @@ -1,7 +1,7 @@ //go:build !e2e_testing // +build !e2e_testing -package nebula +package overlay import ( "fmt" @@ -13,18 +13,17 @@ import ( "syscall" "github.com/sirupsen/logrus" - "github.com/slackhq/nebula/overlay" ) type Tun struct { - overlay.Device + Device } -func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int) (ifce *Tun, err error) { +func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int) (ifce *Tun, err error) { return nil, fmt.Errorf("newTunFromFd not supported in Windows") } -func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []route, unsafeRoutes []route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { +func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []Route, unsafeRoutes []Route, txQueueLen int, multiqueue bool) (ifce *Tun, err error) { if len(routes) > 0 { return nil, fmt.Errorf("route MTU not supported in Windows") } @@ -35,7 +34,7 @@ func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int useWintun = false } - var inside overlay.Device + var inside Device if useWintun { inside, err = newWinTun(deviceName, cidr, defaultMTU, unsafeRoutes, txQueueLen) if err != nil { diff --git a/tun_wintun_windows.go b/overlay/tun_wintun_windows.go similarity index 92% rename from tun_wintun_windows.go rename to overlay/tun_wintun_windows.go index b39c06c..67fdfe2 100644 --- a/tun_wintun_windows.go +++ b/overlay/tun_wintun_windows.go @@ -1,4 +1,4 @@ -package nebula +package overlay import ( "crypto" @@ -18,7 +18,7 @@ type WinTun struct { Device string Cidr *net.IPNet MTU int - UnsafeRoutes []route + UnsafeRoutes []Route tun *wintun.NativeTun } @@ -42,7 +42,7 @@ func generateGUIDByDeviceName(name string) (*windows.GUID, error) { return (*windows.GUID)(unsafe.Pointer(&sum[0])), nil } -func newWinTun(deviceName string, cidr *net.IPNet, defaultMTU int, unsafeRoutes []route, txQueueLen int) (ifce *WinTun, err error) { +func newWinTun(deviceName string, cidr *net.IPNet, defaultMTU int, unsafeRoutes []Route, txQueueLen int) (ifce *WinTun, err error) { guid, err := generateGUIDByDeviceName(deviceName) if err != nil { return nil, fmt.Errorf("Generate GUID failed: %w", err) @@ -77,16 +77,16 @@ func (c *WinTun) Activate() error { for _, r := range c.UnsafeRoutes { if !foundDefault4 { - if cidr, bits := r.route.Mask.Size(); cidr == 0 && bits != 0 { + if cidr, bits := r.Cidr.Mask.Size(); cidr == 0 && bits != 0 { foundDefault4 = true } } // Add our unsafe route routes = append(routes, &winipcfg.RouteData{ - Destination: *r.route, - NextHop: *r.via, - Metric: uint32(r.metric), + Destination: *r.Cidr, + NextHop: *r.Via, + Metric: uint32(r.Metric), }) }