fix(vpn): send subnet masks and prefix lengths from router (#16317)

These were somehow missed when I wrote the router.. Also updates `coder/tailscale` to bring in the DNS changes https://github.com/coder/tailscale/pull/64
2025-03-14 10:09:57 +00:00 · 2025-01-29 15:11:08 +11:00
parent d32a5e1a01
commit a658ccf362
5 changed files with 36 additions and 29 deletions
--- a/go.mod
+++ b/go.mod
@ -36,7 +36,7 @@ replace github.com/tcnksm/go-httpstat => github.com/coder/go-httpstat v0.0.0-202

 // There are a few minor changes we make to Tailscale that we're slowly upstreaming. Compare here:
 // https://github.com/tailscale/tailscale/compare/main...coder:tailscale:main
-replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20250121163848-c7962497b482
+replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20250129014916-8086c871eae6

 // This is replaced to include
 // 1. a fix for a data race: c.f. https://github.com/tailscale/wireguard-go/pull/25
--- a/go.sum
+++ b/go.sum
@ -240,8 +240,8 @@ github.com/coder/serpent v0.10.0 h1:ofVk9FJXSek+SmL3yVE3GoArP83M+1tX+H7S4t8BSuM=
 github.com/coder/serpent v0.10.0/go.mod h1:cZFW6/fP+kE9nd/oRkEHJpG6sXCtQ+AX7WMMEHv0Y3Q=
 github.com/coder/ssh v0.0.0-20231128192721-70855dedb788 h1:YoUSJ19E8AtuUFVYBpXuOD6a/zVP3rcxezNsoDseTUw=
 github.com/coder/ssh v0.0.0-20231128192721-70855dedb788/go.mod h1:aGQbuCLyhRLMzZF067xc84Lh7JDs1FKwCmF1Crl9dxQ=
-github.com/coder/tailscale v1.1.1-0.20250121163848-c7962497b482 h1:hCyBW9rsYwBmyAP+jnsmUnYC0dVlyLdOuMvyFpGOiIk=
-github.com/coder/tailscale v1.1.1-0.20250121163848-c7962497b482/go.mod h1:1ggFFdHTRjPRu9Yc1yA7nVHBYB50w9Ce7VIXNqcW6Ko=
+github.com/coder/tailscale v1.1.1-0.20250129014916-8086c871eae6 h1:prDIwUcsSEKbs1Rc5FfdvtSfz2XGpW3FnJtWR+Mc7MY=
+github.com/coder/tailscale v1.1.1-0.20250129014916-8086c871eae6/go.mod h1:1ggFFdHTRjPRu9Yc1yA7nVHBYB50w9Ce7VIXNqcW6Ko=
 github.com/coder/terraform-config-inspect v0.0.0-20250107175719-6d06d90c630e h1:JNLPDi2P73laR1oAclY6jWzAbucf70ASAvf5mh2cME0=
 github.com/coder/terraform-config-inspect v0.0.0-20250107175719-6d06d90c630e/go.mod h1:Gz/z9Hbn+4KSp8A2FBtNszfLSdT2Tn/uAKGuVqqWmDI=
 github.com/coder/terraform-provider-coder v1.0.4 h1:MJldCvykIQzzqBVUDjCJpPyqvKelAAHrtJKfIIx4Qxo=
--- a/vpn/router.go
+++ b/vpn/router.go
@ -36,12 +36,16 @@ func (*vpnRouter) Close() error {

 func convertRouterConfig(cfg router.Config) *NetworkSettingsRequest {
 	v4LocalAddrs := make([]string, 0)
+	v4SubnetMasks := make([]string, 0)
 	v6LocalAddrs := make([]string, 0)
+	v6PrefixLengths := make([]uint32, 0)
 	for _, addrs := range cfg.LocalAddrs {
 		if addrs.Addr().Is4() {
-			v4LocalAddrs = append(v4LocalAddrs, addrs.String())
+			v4LocalAddrs = append(v4LocalAddrs, addrs.Addr().String())
+			v4SubnetMasks = append(v4SubnetMasks, prefixToSubnetMask(addrs))
 		} else if addrs.Addr().Is6() {
-			v6LocalAddrs = append(v6LocalAddrs, addrs.String())
+			v6LocalAddrs = append(v6LocalAddrs, addrs.Addr().String())
+			v6PrefixLengths = append(v6PrefixLengths, uint32(addrs.Bits()))
 		} else {
 			continue
 		}
@ -69,18 +73,31 @@ func convertRouterConfig(cfg router.Config) *NetworkSettingsRequest {
 		}
 	}

-	return &NetworkSettingsRequest{
-		Mtu: uint32(cfg.NewMTU),
-		Ipv4Settings: &NetworkSettingsRequest_IPv4Settings{
+	var v4Settings *NetworkSettingsRequest_IPv4Settings
+	if len(v4LocalAddrs) > 0 || len(v4Routes) > 0 || len(v4ExcludedRoutes) > 0 {
+		v4Settings = &NetworkSettingsRequest_IPv4Settings{
 			Addrs:          v4LocalAddrs,
+			SubnetMasks:    v4SubnetMasks,
 			IncludedRoutes: v4Routes,
 			ExcludedRoutes: v4ExcludedRoutes,
-		},
-		Ipv6Settings: &NetworkSettingsRequest_IPv6Settings{
+			Router:         "", // NA
+		}
+	}
+
+	var v6Settings *NetworkSettingsRequest_IPv6Settings
+	if len(v6LocalAddrs) > 0 || len(v6Routes) > 0 || len(v6ExcludedRoutes) > 0 {
+		v6Settings = &NetworkSettingsRequest_IPv6Settings{
 			Addrs:          v6LocalAddrs,
+			PrefixLengths:  v6PrefixLengths,
 			IncludedRoutes: v6Routes,
 			ExcludedRoutes: v6ExcludedRoutes,
-		},
+		}
+	}
+
+	return &NetworkSettingsRequest{
+		Mtu:                 uint32(cfg.NewMTU),
+		Ipv4Settings:        v4Settings,
+		Ipv6Settings:        v6Settings,
 		TunnelOverheadBytes: 0,  // N/A
 		TunnelRemoteAddress: "", // N/A
 	}
--- a/vpn/router_internal_test.go
+++ b/vpn/router_internal_test.go
@ -27,7 +27,8 @@ func TestConvertRouterConfig(t *testing.T) {
 			expected: &NetworkSettingsRequest{
 				Mtu: 1500,
 				Ipv4Settings: &NetworkSettingsRequest_IPv4Settings{
-					Addrs: []string{"100.64.0.1/32"},
+					Addrs:       []string{"100.64.0.1"},
+					SubnetMasks: []string{"255.255.255.255"},
 					IncludedRoutes: []*NetworkSettingsRequest_IPv4Settings_IPv4Route{
 						{Destination: "192.168.0.0", Mask: "255.255.255.0", Router: ""},
 					},
@ -36,7 +37,8 @@ func TestConvertRouterConfig(t *testing.T) {
 					},
 				},
 				Ipv6Settings: &NetworkSettingsRequest_IPv6Settings{
-					Addrs: []string{"fd7a:115c:a1e0::1/128"},
+					Addrs:         []string{"fd7a:115c:a1e0::1"},
+					PrefixLengths: []uint32{128},
 					IncludedRoutes: []*NetworkSettingsRequest_IPv6Settings_IPv6Route{
 						{Destination: "fd00::", PrefixLength: 64, Router: ""},
 					},
@ -50,16 +52,8 @@ func TestConvertRouterConfig(t *testing.T) {
 			name: "Empty",
 			cfg:  router.Config{},
 			expected: &NetworkSettingsRequest{
-				Ipv4Settings: &NetworkSettingsRequest_IPv4Settings{
-					Addrs:          []string{},
-					IncludedRoutes: []*NetworkSettingsRequest_IPv4Settings_IPv4Route{},
-					ExcludedRoutes: []*NetworkSettingsRequest_IPv4Settings_IPv4Route{},
-				},
-				Ipv6Settings: &NetworkSettingsRequest_IPv6Settings{
-					Addrs:          []string{},
-					IncludedRoutes: []*NetworkSettingsRequest_IPv6Settings_IPv6Route{},
-					ExcludedRoutes: []*NetworkSettingsRequest_IPv6Settings_IPv6Route{},
-				},
+				Ipv4Settings: nil,
+				Ipv6Settings: nil,
 			},
 		},
 	}
--- a/vpn/tunnel_internal_test.go
+++ b/vpn/tunnel_internal_test.go
@ -317,12 +317,8 @@ func TestUpdater_createPeerUpdate(t *testing.T) {
 		},
 	})
 	require.Len(t, update.UpsertedAgents, 1)
-	slices.SortFunc(update.UpsertedAgents[0].Fqdn, func(a, b string) int {
-		return strings.Compare(a, b)
-	})
-	slices.SortFunc(update.DeletedAgents[0].Fqdn, func(a, b string) int {
-		return strings.Compare(a, b)
-	})
+	slices.SortFunc(update.UpsertedAgents[0].Fqdn, strings.Compare)
+	slices.SortFunc(update.DeletedAgents[0].Fqdn, strings.Compare)
 	require.Equal(t, update, &PeerUpdate{
 		UpsertedWorkspaces: []*Workspace{
 			{Id: w1ID[:], Name: "w1", Status: Workspace_Status(proto.Workspace_STARTING)},