| 72 | const networkLoggerUploadTimeout = 5 * time.Second |
| 73 | |
| 74 | type userspaceEngine struct { |
| 75 | // eventBus will eventually become required, but for now may be nil. |
| 76 | eventBus *eventbus.Bus |
| 77 | eventClient *eventbus.Client |
| 78 | |
| 79 | linkChangeQueue execqueue.ExecQueue |
| 80 | |
| 81 | logf logger.Logf |
| 82 | wgLogger *wglog.Logger // a wireguard-go logging wrapper |
| 83 | reqCh chan struct{} |
| 84 | waitCh chan struct{} // chan is closed when first Close call completes; contrast with closing bool |
| 85 | timeNow func() mono.Time |
| 86 | tundev *tstun.Wrapper |
| 87 | wgdev *device.Device |
| 88 | router router.Router |
| 89 | dialer *tsdial.Dialer |
| 90 | confListenPort uint16 // original conf.ListenPort |
| 91 | dns *dns.Manager |
| 92 | magicConn *magicsock.Conn |
| 93 | netMon *netmon.Monitor |
| 94 | health *health.Tracker |
| 95 | netMonOwned bool // whether we created netMon (and thus need to close it) |
| 96 | birdClient BIRDClient // or nil |
| 97 | controlKnobs *controlknobs.Knobs // or nil |
| 98 | |
| 99 | testMaybeReconfigHook func() // for tests; if non-nil, fires if maybeReconfigWireguardLocked called |
| 100 | testDiscoChangedHook func(map[key.NodePublic]bool) // for tests; if non-nil, fires after assembling discoChanged map |
| 101 | |
| 102 | // isLocalAddr reports the whether an IP is assigned to the local |
| 103 | // tunnel interface. It's used to reflect local packets |
| 104 | // incorrectly sent to us. |
| 105 | isLocalAddr syncs.AtomicValue[func(netip.Addr) bool] |
| 106 | |
| 107 | // isDNSIPOverTailscale reports the whether a DNS resolver's IP |
| 108 | // is being routed over Tailscale. |
| 109 | isDNSIPOverTailscale syncs.AtomicValue[func(netip.Addr) bool] |
| 110 | |
| 111 | wgLock sync.Mutex // serializes all wgdev operations; see lock order comment below |
| 112 | |
| 113 | // peerByIPRoute is a longest-prefix-match table built from |
| 114 | // lastCfgFull.Peers AllowedIPs. It's the slow path for |
| 115 | // SetPeerByIPPacketFunc, used when LocalBackend's exact-IP fast path |
| 116 | // (nodeByAddr) misses — i.e. for subnet routes and exit-node default |
| 117 | // routes. Built from lastCfgFull (the wireguard-filtered peer list) |
| 118 | // rather than the netmap so that exit-node selection is honored: the |
| 119 | // netmap has 0.0.0.0/0 in AllowedIPs for every exit-capable peer, but |
| 120 | // lastCfgFull only has it for the currently-selected exit node. |
| 121 | // |
| 122 | // Replaced (not mutated) by maybeReconfigWireguardLocked. Read by |
| 123 | // the per-packet wgdev callback without locking. |
| 124 | peerByIPRoute atomic.Pointer[bart.Table[key.NodePublic]] |
| 125 | |
| 126 | lastCfgFull wgcfg.Config |
| 127 | lastRouter *router.Config |
| 128 | lastDNSConfig dns.ConfigView // or invalid if none |
| 129 | lastIsSubnetRouter bool // was the node a primary subnet router in the last run. |
| 130 | reconfigureVPN func() error // or nil |
| 131 | conn25PacketHooks Conn25PacketHooks // or nil |
nothing calls this directly
no outgoing calls
no test coverage detected