Replace temporary DHCP client with dhcp4c
This replaces our temporary DHCP client with the new one. The old GetIP()
interface is still preserved temporarily and will be ripped out in another revision
stacked on top of this one. nanoswitch also got some updates to support renewals which
it previously didn't have to do. This does leave the hacky channel system in place, supervisor observables are still in the design phase.
Test Plan: E2E tests still pass
X-Origin-Diff: phab/D656
GitOrigin-RevId: cc2f11e3989f4dbc6814fcfa22f6be81d7f88460
diff --git a/core/internal/network/main.go b/core/internal/network/main.go
index 414d971..e0bac79 100644
--- a/core/internal/network/main.go
+++ b/core/internal/network/main.go
@@ -18,20 +18,24 @@
import (
"context"
+ "errors"
"fmt"
"io/ioutil"
"net"
"os"
+ "sync"
+ "time"
"github.com/google/nftables"
"github.com/google/nftables/expr"
-
+ "github.com/insomniacslk/dhcp/dhcpv4"
"github.com/vishvananda/netlink"
"golang.org/x/sys/unix"
"git.monogon.dev/source/nexantic.git/core/internal/common/supervisor"
- "git.monogon.dev/source/nexantic.git/core/internal/network/dhcp"
"git.monogon.dev/source/nexantic.git/core/internal/network/dns"
+ "git.monogon.dev/source/nexantic.git/core/pkg/dhcp4c"
+ dhcpcb "git.monogon.dev/source/nexantic.git/core/pkg/dhcp4c/callback"
"git.monogon.dev/source/nexantic.git/core/pkg/logtree"
)
@@ -42,7 +46,16 @@
type Service struct {
config Config
- dhcp *dhcp.Client
+ dhcp *dhcp4c.Client
+
+ // nftConn is a shared file descriptor handle to nftables, automatically initialized on first use.
+ nftConn nftables.Conn
+ natTable *nftables.Table
+ natPostroutingChain *nftables.Chain
+
+ // These are a temporary hack pending the removal of the GetIP interface
+ ipLock sync.Mutex
+ currentIPTmp net.IP
logger logtree.LeveledLogger
}
@@ -54,7 +67,6 @@
func New(config Config) *Service {
return &Service{
config: config,
- dhcp: dhcp.New(),
}
}
@@ -81,27 +93,6 @@
return unix.Rename(resolvConfSwapPath, resolvConfPath)
}
-func (s *Service) addNetworkRoutes(link netlink.Link, addr net.IPNet, gw net.IP) error {
- if err := netlink.AddrReplace(link, &netlink.Addr{IPNet: &addr}); err != nil {
- return fmt.Errorf("failed to add DHCP address to network interface \"%v\": %w", link.Attrs().Name, err)
- }
-
- if gw.IsUnspecified() {
- s.logger.Infof("No default route set, only local network %s will be reachable", addr.String())
- return nil
- }
-
- route := &netlink.Route{
- Dst: &net.IPNet{IP: net.IPv4(0, 0, 0, 0), Mask: net.IPv4Mask(0, 0, 0, 0)},
- Gw: gw,
- Scope: netlink.SCOPE_UNIVERSE,
- }
- if err := netlink.RouteAdd(route); err != nil {
- return fmt.Errorf("could not add default route: netlink.RouteAdd(%+v): %v", route, err)
- }
- return nil
-}
-
// nfifname converts an interface name into 16 bytes padded with zeroes (for nftables)
func nfifname(n string) []byte {
b := make([]byte, 16)
@@ -109,42 +100,48 @@
return b
}
+func (s *Service) dhcpDNSCallback(old, new *dhcp4c.Lease) error {
+ oldServers := old.DNSServers()
+ newServers := new.DNSServers()
+ if newServers.Equal(oldServers) {
+ return nil // nothing to do
+ }
+ s.logger.Infof("Setting upstream DNS servers to %v", newServers)
+ s.config.CorednsRegistrationChan <- dns.NewUpstreamDirective(newServers)
+ return nil
+}
+
+// TODO(lorenz): Get rid of this once we have robust node resolution
+func (s *Service) getIPCallbackHack(old, new *dhcp4c.Lease) error {
+ if old == nil && new != nil {
+ s.ipLock.Lock()
+ s.currentIPTmp = new.AssignedIP
+ s.ipLock.Unlock()
+ }
+ return nil
+}
+
func (s *Service) useInterface(ctx context.Context, iface netlink.Link) error {
- err := supervisor.Run(ctx, "dhcp", s.dhcp.Run(iface))
+ netIface, err := net.InterfaceByIndex(iface.Attrs().Index)
+ if err != nil {
+ return fmt.Errorf("cannot create Go net.Interface from netlink.Link: %w", err)
+ }
+ s.dhcp, err = dhcp4c.NewClient(netIface)
+ if err != nil {
+ return fmt.Errorf("failed to create DHCP client on interface %v: %w", iface.Attrs().Name, err)
+ }
+ s.dhcp.VendorClassIdentifier = "com.nexantic.smalltown.v1"
+ s.dhcp.RequestedOptions = []dhcpv4.OptionCode{dhcpv4.OptionRouter, dhcpv4.OptionNameServer}
+ s.dhcp.LeaseCallback = dhcpcb.Compose(dhcpcb.ManageIP(iface), dhcpcb.ManageDefaultRoute(iface), s.dhcpDNSCallback, s.getIPCallbackHack)
+ err = supervisor.Run(ctx, "dhcp", s.dhcp.Run)
if err != nil {
return err
}
- status, err := s.dhcp.Status(ctx, true)
- if err != nil {
- return fmt.Errorf("could not get DHCP Status: %w", err)
- }
-
- // We're currently never removing this directive just like we're not removing routes and IPs
- s.config.CorednsRegistrationChan <- dns.NewUpstreamDirective(status.DNS)
-
- if err := s.addNetworkRoutes(iface, status.Address, status.Gateway); err != nil {
- s.logger.Warning("Failed to add routes: %v", err)
- }
-
- c := nftables.Conn{}
-
- nat := c.AddTable(&nftables.Table{
- Family: nftables.TableFamilyIPv4,
- Name: "nat",
- })
-
- postrouting := c.AddChain(&nftables.Chain{
- Name: "postrouting",
- Hooknum: nftables.ChainHookPostrouting,
- Priority: nftables.ChainPriorityNATSource,
- Table: nat,
- Type: nftables.ChainTypeNAT,
- })
// Masquerade/SNAT all traffic going out of the external interface
- c.AddRule(&nftables.Rule{
- Table: nat,
- Chain: postrouting,
+ s.nftConn.AddRule(&nftables.Rule{
+ Table: s.natTable,
+ Chain: s.natPostroutingChain,
Exprs: []expr.Any{
&expr.Meta{Key: expr.MetaKeyOIFNAME, Register: 1},
&expr.Cmp{
@@ -156,7 +153,7 @@
},
})
- if err := c.Flush(); err != nil {
+ if err := s.nftConn.Flush(); err != nil {
panic(err)
}
@@ -165,11 +162,24 @@
// GetIP returns the current IP (and optionally waits for one to be assigned)
func (s *Service) GetIP(ctx context.Context, wait bool) (*net.IP, error) {
- status, err := s.dhcp.Status(ctx, wait)
- if err != nil {
- return nil, err
+ for {
+ var currentIP net.IP
+ s.ipLock.Lock()
+ currentIP = s.currentIPTmp
+ s.ipLock.Unlock()
+ if currentIP == nil {
+ if !wait {
+ return nil, errors.New("no IP available")
+ }
+ select {
+ case <-ctx.Done():
+ return nil, ctx.Err()
+ case <-time.After(1 * time.Second):
+ continue
+ }
+ }
+ return ¤tIP, nil
}
- return &status.Address.IP, nil
}
func (s *Service) Run(ctx context.Context) error {
@@ -178,6 +188,22 @@
supervisor.Run(ctx, "dns", dnsSvc.Run)
supervisor.Run(ctx, "interfaces", s.runInterfaces)
+ s.natTable = s.nftConn.AddTable(&nftables.Table{
+ Family: nftables.TableFamilyIPv4,
+ Name: "nat",
+ })
+
+ s.natPostroutingChain = s.nftConn.AddChain(&nftables.Chain{
+ Name: "postrouting",
+ Hooknum: nftables.ChainHookPostrouting,
+ Priority: nftables.ChainPriorityNATSource,
+ Table: s.natTable,
+ Type: nftables.ChainTypeNAT,
+ })
+ if err := s.nftConn.Flush(); err != nil {
+ logger.Fatalf("Failed to set up nftables base chains: %v", err)
+ }
+
if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil {
logger.Fatalf("Failed to enable IPv4 forwarding: %v", err)
}