support unsafe_routes for use with port_forwarding and user_tun

cre4ture · Aug 11, 2024 · 86da471 · 86da471
1 parent 8a6a0f0
commit 86da471
Showing 1 changed file with 39 additions and 3 deletions.
diff --git a/overlay/user.go b/overlay/user.go
@@ -3,16 +3,42 @@ package overlay
 import (
 	"io"
 	"net/netip"
+	"sync/atomic"
 
+	"github.com/gaissmai/bart"
 	"github.com/sirupsen/logrus"
 	"github.com/slackhq/nebula/config"
 )
 
 func NewUserDeviceFromConfig(c *config.C, l *logrus.Logger, tunCidr netip.Prefix, routines int) (Device, error) {
-	return NewUserDevice(tunCidr)
+	d, err := NewUserDevice(tunCidr)
+	if err != nil {
+		return nil, err
+	}
+
+	_, routes, err := getAllRoutesFromConfig(c, tunCidr, true)
+	if err != nil {
+		return nil, err
+	}
+
+	routeTree, err := makeRouteTree(l, routes, true)
+	if err != nil {
+		return nil, err
+	}
+
+	newDefaultMTU := c.GetInt("tun.mtu", DefaultMTU)
+	for i, r := range routes {
+		if r.MTU == 0 {
+			routes[i].MTU = newDefaultMTU
+		}
+	}
+
+	d.routeTree.Store(routeTree)
+
+	return d, nil
 }
 
-func NewUserDevice(tunCidr netip.Prefix) (Device, error) {
+func NewUserDevice(tunCidr netip.Prefix) (*UserDevice, error) {
 	// these pipes guarantee each write/read will match 1:1
 	or, ow := io.Pipe()
 	ir, iw := io.Pipe()
@@ -33,14 +59,24 @@ type UserDevice struct {
 
 	inboundReader *io.PipeReader
 	inboundWriter *io.PipeWriter
+
+	routeTree atomic.Pointer[bart.Table[netip.Addr]]
 }
 
 func (d *UserDevice) Activate() error {
 	return nil
 }
 func (d *UserDevice) Cidr() netip.Prefix                { return d.tunCidr }
 func (d *UserDevice) Name() string                      { return "faketun0" }
-func (d *UserDevice) RouteFor(ip netip.Addr) netip.Addr { return ip }
+func (d *UserDevice) RouteFor(ip netip.Addr) netip.Addr {
+	ptr := d.routeTree.Load()
+	if ptr != nil {
+		r, _ := d.routeTree.Load().Lookup(ip)
+		return r
+	} else {
+		return ip
+	}
+}
 func (d *UserDevice) NewMultiQueueReader() (io.ReadWriteCloser, error) {
 	return d, nil
 }