maybeReconfigWireguardLocked reconfigures wireguard-go with the current full config, installing a PeerLookupFunc for on-demand peer creation. e.wgLock must be held.
()
| 702 | // |
| 703 | // e.wgLock must be held. |
| 704 | func (e *userspaceEngine) maybeReconfigWireguardLocked() error { |
| 705 | if hook := e.testMaybeReconfigHook; hook != nil { |
| 706 | hook() |
| 707 | return nil |
| 708 | } |
| 709 | |
| 710 | full := e.lastCfgFull |
| 711 | e.wgLogger.SetPeers(full.Peers) |
| 712 | |
| 713 | // Rebuild the prefix-match peer routing table from the current |
| 714 | // (wireguard-filtered) peer list and publish it atomically. |
| 715 | rt := &bart.Table[key.NodePublic]{} |
| 716 | for _, p := range full.Peers { |
| 717 | for _, pfx := range p.AllowedIPs { |
| 718 | rt.Insert(pfx, p.PublicKey) |
| 719 | } |
| 720 | } |
| 721 | e.peerByIPRoute.Store(rt) |
| 722 | |
| 723 | e.logf("wgengine: Reconfig: configuring userspace WireGuard config (with %d peers)", len(full.Peers)) |
| 724 | if err := wgcfg.ReconfigDevice(e.wgdev, &full, e.logf); err != nil { |
| 725 | e.logf("wgdev.Reconfig: %v", err) |
| 726 | return err |
| 727 | } |
| 728 | return nil |
| 729 | } |
| 730 | |
| 731 | // SetPeerByIPPacketFunc installs a callback used by wireguard-go to look up |
| 732 | // which peer should handle an outbound packet by destination IP. |