From bd04124e43ff42d80740bb93b413fc04245198c8 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 14 Jan 2019 18:06:41 +0000 Subject: [PATCH] Reconfigure support for crypto-key routing --- src/yggdrasil/ckr.go | 60 ++++++++++++++++++++++++++++++++++++----- src/yggdrasil/core.go | 25 ----------------- src/yggdrasil/router.go | 8 ++++++ 3 files changed, 62 insertions(+), 31 deletions(-) diff --git a/src/yggdrasil/ckr.go b/src/yggdrasil/ckr.go index 84d60e36..bf569fbb 100644 --- a/src/yggdrasil/ckr.go +++ b/src/yggdrasil/ckr.go @@ -45,25 +45,73 @@ func (c *cryptokey) init(core *Core) { for { select { case e := <-c.reconfigure: - e <- nil + e <- c.configure() } } }() + if err := c.configure(); err != nil { + c.core.log.Println("CKR configuration failed:", err) + } +} + +// Configure the CKR routes +func (c *cryptokey) configure() error { + c.core.configMutex.RLock() + defer c.core.configMutex.RUnlock() + + // Set enabled/disabled state + c.setEnabled(c.core.config.TunnelRouting.Enable) + + // Clear out existing routes c.mutexroutes.Lock() - c.ipv4routes = make([]cryptokey_route, 0) c.ipv6routes = make([]cryptokey_route, 0) + c.ipv4routes = make([]cryptokey_route, 0) c.mutexroutes.Unlock() + // Add IPv6 routes + for ipv6, pubkey := range c.core.config.TunnelRouting.IPv6Destinations { + if err := c.addRoute(ipv6, pubkey); err != nil { + return err + } + } + + // Add IPv4 routes + for ipv4, pubkey := range c.core.config.TunnelRouting.IPv4Destinations { + if err := c.addRoute(ipv4, pubkey); err != nil { + return err + } + } + + // Clear out existing sources + c.mutexsources.Lock() + c.ipv6sources = make([]net.IPNet, 0) + c.ipv4sources = make([]net.IPNet, 0) + c.mutexsources.Unlock() + + // Add IPv6 sources + c.ipv6sources = make([]net.IPNet, 0) + for _, source := range c.core.config.TunnelRouting.IPv6Sources { + if err := c.addSourceSubnet(source); err != nil { + return err + } + } + + // Add IPv4 sources + c.ipv4sources = make([]net.IPNet, 0) + for _, source := range c.core.config.TunnelRouting.IPv4Sources { + if err := c.addSourceSubnet(source); err != nil { + return err + } + } + + // Wipe the caches c.mutexcache.Lock() c.ipv4cache = make(map[address.Address]cryptokey_route, 0) c.ipv6cache = make(map[address.Address]cryptokey_route, 0) c.mutexcache.Unlock() - c.mutexsources.Lock() - c.ipv4sources = make([]net.IPNet, 0) - c.ipv6sources = make([]net.IPNet, 0) - c.mutexsources.Unlock() + return nil } // Enable or disable crypto-key routing. diff --git a/src/yggdrasil/core.go b/src/yggdrasil/core.go index a53449b5..4b00fc37 100644 --- a/src/yggdrasil/core.go +++ b/src/yggdrasil/core.go @@ -231,31 +231,6 @@ func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) error { return err } - c.router.cryptokey.setEnabled(nc.TunnelRouting.Enable) - if c.router.cryptokey.isEnabled() { - c.log.Println("Crypto-key routing enabled") - for ipv6, pubkey := range nc.TunnelRouting.IPv6Destinations { - if err := c.router.cryptokey.addRoute(ipv6, pubkey); err != nil { - panic(err) - } - } - for _, source := range nc.TunnelRouting.IPv6Sources { - if err := c.router.cryptokey.addSourceSubnet(source); err != nil { - panic(err) - } - } - for ipv4, pubkey := range nc.TunnelRouting.IPv4Destinations { - if err := c.router.cryptokey.addRoute(ipv4, pubkey); err != nil { - panic(err) - } - } - for _, source := range nc.TunnelRouting.IPv4Sources { - if err := c.router.cryptokey.addSourceSubnet(source); err != nil { - panic(err) - } - } - } - if err := c.admin.start(); err != nil { c.log.Println("Failed to start admin socket") return err diff --git a/src/yggdrasil/router.go b/src/yggdrasil/router.go index 68fb025a..74fff3fd 100644 --- a/src/yggdrasil/router.go +++ b/src/yggdrasil/router.go @@ -127,6 +127,14 @@ func (r *router) mainLoop() { case f := <-r.admin: f() case e := <-r.reconfigure: + // Send reconfigure notification to cryptokey + response := make(chan error) + r.cryptokey.reconfigure <- response + if err := <-response; err != nil { + e <- err + } + + // Anything else to do? e <- nil } }