internal/routing/enable.go

package routing

import (
	"fmt"
	"net"
)

var (
	ErrSetup    = fmt.Errorf("cannot setup routing")
	ErrTeardown = fmt.Errorf("cannot teardown routing")
)

const (
	table    = 200
	priority = 100
)

func (r *routing) Setup() (err error) {
	defaultIP, err := r.DefaultIP()
	if err != nil {
		return fmt.Errorf("%s: %w", ErrSetup, err)
	}
	defaultInterfaceName, defaultGateway, err := r.DefaultRoute()
	if err != nil {
		return fmt.Errorf("%s: %w", ErrSetup, err)
	}

	defer func() {
		if err == nil {
			return
		}
		if err := r.TearDown(); err != nil {
			r.logger.Error(err)
		}
	}()
	if err := r.addIPRule(defaultIP, table, priority); err != nil {
		return fmt.Errorf("%s: %w", ErrSetup, err)
	}
	defaultDestination := net.IPNet{IP: net.IPv4(0, 0, 0, 0), Mask: net.IPv4Mask(0, 0, 0, 0)}
	if err := r.addRouteVia(defaultDestination, defaultGateway, defaultInterfaceName, table); err != nil {
		return fmt.Errorf("%s: %w", ErrSetup, err)
	}

	r.stateMutex.RLock()
	outboundSubnets := r.outboundSubnets
	r.stateMutex.RUnlock()
	if err := r.setOutboundRoutes(outboundSubnets, defaultInterfaceName, defaultGateway); err != nil {
		return fmt.Errorf("%s: %w", ErrSetup, err)
	}

	return nil
}

func (r *routing) TearDown() error {
	defaultIP, err := r.DefaultIP()
	if err != nil {
		return fmt.Errorf("%s: %w", ErrTeardown, err)
	}
	defaultInterfaceName, defaultGateway, err := r.DefaultRoute()
	if err != nil {
		return fmt.Errorf("%s: %w", ErrTeardown, err)
	}

	defaultNet := net.IPNet{IP: net.IPv4(0, 0, 0, 0), Mask: net.IPv4Mask(0, 0, 0, 0)}
	if err := r.deleteRouteVia(defaultNet, defaultGateway, defaultInterfaceName, table); err != nil {
		return fmt.Errorf("%s: %w", ErrTeardown, err)
	}
	if err := r.deleteIPRule(defaultIP, table, priority); err != nil {
		return fmt.Errorf("%s: %w", ErrTeardown, err)
	}

	if err := r.setOutboundRoutes(nil, defaultInterfaceName, defaultGateway); err != nil {
		return fmt.Errorf("%s: %w", ErrSetup, err)
	}

	return nil
}
Routing improvements (#268) - Fixes #82 - Remove `EXTRA_SUBNETS` - Remove no longer needed iptables rules - Reduce routing interface arity - Routing setup is done in main.go instead of in the firewall - Routing setup gets reverted at shutdown 2020-10-24 18:05:11 -04:00			`package routing`

			`import (`
			`"fmt"`
			`"net"`
			`)`

			`var (`
			`ErrSetup = fmt.Errorf("cannot setup routing")`
			`ErrTeardown = fmt.Errorf("cannot teardown routing")`
			`)`

			`const (`
			`table = 200`
			`priority = 100`
			`)`

			`func (r *routing) Setup() (err error) {`
Fix #273 (#277), adding FIREWALL_OUTBOUND_SUBNETS 2020-10-29 19:23:44 -04:00			`defaultIP, err := r.DefaultIP()`
Routing improvements (#268) - Fixes #82 - Remove `EXTRA_SUBNETS` - Remove no longer needed iptables rules - Reduce routing interface arity - Routing setup is done in main.go instead of in the firewall - Routing setup gets reverted at shutdown 2020-10-24 18:05:11 -04:00			`if err != nil {`
			`return fmt.Errorf("%s: %w", ErrSetup, err)`
			`}`
			`defaultInterfaceName, defaultGateway, err := r.DefaultRoute()`
			`if err != nil {`
			`return fmt.Errorf("%s: %w", ErrSetup, err)`
			`}`

			`defer func() {`
			`if err == nil {`
			`return`
			`}`
			`if err := r.TearDown(); err != nil {`
			`r.logger.Error(err)`
			`}`
			`}()`
			`if err := r.addIPRule(defaultIP, table, priority); err != nil {`
			`return fmt.Errorf("%s: %w", ErrSetup, err)`
			`}`
Routing: use 0.0.0.0/0 instead of nil 2020-10-25 20:41:09 +00:00			`defaultDestination := net.IPNet{IP: net.IPv4(0, 0, 0, 0), Mask: net.IPv4Mask(0, 0, 0, 0)}`
			`if err := r.addRouteVia(defaultDestination, defaultGateway, defaultInterfaceName, table); err != nil {`
Routing improvements (#268) - Fixes #82 - Remove `EXTRA_SUBNETS` - Remove no longer needed iptables rules - Reduce routing interface arity - Routing setup is done in main.go instead of in the firewall - Routing setup gets reverted at shutdown 2020-10-24 18:05:11 -04:00			`return fmt.Errorf("%s: %w", ErrSetup, err)`
			`}`
Fix #273 (#277), adding FIREWALL_OUTBOUND_SUBNETS 2020-10-29 19:23:44 -04:00
			`r.stateMutex.RLock()`
			`outboundSubnets := r.outboundSubnets`
			`r.stateMutex.RUnlock()`
			`if err := r.setOutboundRoutes(outboundSubnets, defaultInterfaceName, defaultGateway); err != nil {`
			`return fmt.Errorf("%s: %w", ErrSetup, err)`
			`}`

Routing improvements (#268) - Fixes #82 - Remove `EXTRA_SUBNETS` - Remove no longer needed iptables rules - Reduce routing interface arity - Routing setup is done in main.go instead of in the firewall - Routing setup gets reverted at shutdown 2020-10-24 18:05:11 -04:00			`return nil`
			`}`

			`func (r *routing) TearDown() error {`
Fix #273 (#277), adding FIREWALL_OUTBOUND_SUBNETS 2020-10-29 19:23:44 -04:00			`defaultIP, err := r.DefaultIP()`
Routing improvements (#268) - Fixes #82 - Remove `EXTRA_SUBNETS` - Remove no longer needed iptables rules - Reduce routing interface arity - Routing setup is done in main.go instead of in the firewall - Routing setup gets reverted at shutdown 2020-10-24 18:05:11 -04:00			`if err != nil {`
			`return fmt.Errorf("%s: %w", ErrTeardown, err)`
			`}`
			`defaultInterfaceName, defaultGateway, err := r.DefaultRoute()`
			`if err != nil {`
			`return fmt.Errorf("%s: %w", ErrTeardown, err)`
			`}`

Routing: use 0.0.0.0/0 instead of nil 2020-10-25 20:41:09 +00:00			`defaultNet := net.IPNet{IP: net.IPv4(0, 0, 0, 0), Mask: net.IPv4Mask(0, 0, 0, 0)}`
			`if err := r.deleteRouteVia(defaultNet, defaultGateway, defaultInterfaceName, table); err != nil {`
Routing improvements (#268) - Fixes #82 - Remove `EXTRA_SUBNETS` - Remove no longer needed iptables rules - Reduce routing interface arity - Routing setup is done in main.go instead of in the firewall - Routing setup gets reverted at shutdown 2020-10-24 18:05:11 -04:00			`return fmt.Errorf("%s: %w", ErrTeardown, err)`
			`}`
			`if err := r.deleteIPRule(defaultIP, table, priority); err != nil {`
			`return fmt.Errorf("%s: %w", ErrTeardown, err)`
			`}`
Fix #273 (#277), adding FIREWALL_OUTBOUND_SUBNETS 2020-10-29 19:23:44 -04:00
			`if err := r.setOutboundRoutes(nil, defaultInterfaceName, defaultGateway); err != nil {`
			`return fmt.Errorf("%s: %w", ErrSetup, err)`
			`}`

Routing improvements (#268) - Fixes #82 - Remove `EXTRA_SUBNETS` - Remove no longer needed iptables rules - Reduce routing interface arity - Routing setup is done in main.go instead of in the firewall - Routing setup gets reverted at shutdown 2020-10-24 18:05:11 -04:00			`return nil`
			`}`