Skip to content

device: add API for on-demand configuration of peers #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bradfitz merged 2 commits into from
Nov 21, 2025
Merged

device: add API for on-demand configuration of peers #47

bradfitz merged 2 commits into from
Nov 21, 2025

Conversation

@bradfitz
Copy link
Member

@bradfitz bradfitz commented Nov 12, 2025

bradfitz added a commit to tailscale/tailscale that referenced this pull request Nov 12, 2025
@bradfitz
wgengine{,/wgcfg}: push down lazy config into wireguard-go
1f433a0 
Depends on tailscale/wireguard-go#47

Updates #17858

Change-Id: I3e38484bfc3e73b29cbe9e53f28f140c2cf85ae1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
@bradfitz bradfitz mentioned this pull request Nov 12, 2025
Draft
@bradfitz bradfitz requested a review from raggi November 17, 2025 19:12
bradfitz
bradfitz commented Nov 17, 2025
View reviewed changes
@bradfitz bradfitz marked this pull request as ready for review November 20, 2025 21:32
raggi
raggi reviewed Nov 20, 2025
View reviewed changes
device/timers.go
peer.SendHandshakeInitiation(false)
}

func expiredZeroKeyMaterial(peer *Peer) {
Copy link
Member

@raggi raggi Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should rename this "expirePeer" or similar

Copy link
Member Author

@bradfitz bradfitz Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well, I was trying to keep it closer to upstream

device/peer.go Outdated
if slices.Equal(p.state.allowedIPs, allowedIPs) {
return
}
p.device.allowedips.SetPeerPrefixes(p, allowedIPs)
Copy link
Member

@raggi raggi Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the clone and comment below seem sensible, but if that implies a dependence or leads to a future dependence, SetPeerPrefixes doesn't document the same behavior that this method relies on - if we need to preserve the behavior we should document it so future changes are less likely to accidentally change the semnatics.

@bradfitz
device: put AllowedIPs mutex before what it guards, unexport fields
696d497 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
raggi
raggi approved these changes Nov 21, 2025
View reviewed changes
Copy link
Member

@raggi raggi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

device/device.go Outdated
//
// If the peer does not exist and a [PeerLookupFunc] is set (via
// [Device.SetPeerLookupFunc]), then that function is used to create the peer
// before returning it. Peers created via this mechanism exist only their state
Copy link
Member

@raggi raggi Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only their

Copy link
Member Author

@bradfitz bradfitz Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added missing word "until"

@bradfitz
device: add API for on-demand configuration of peers
b8683a2 
Updates tailscale/tailscale#17858

Signed-off-by: Brad Fitzpatrick <brad@danga.com>
creachadair
creachadair reviewed Nov 21, 2025
View reviewed changes
device/device.go
return size
}

// LookupPeer looks up a peer by its public key.
Copy link
Member

@creachadair creachadair Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nonblocking API note: Rather than LookupPeer having a side-effect and LookupActivePeer skipping that side-effect, I'd have expected LookupPeer to have no side-effects and LookupOrCreatePeer (or something like that) to have the side-effect.

But if that causes too much churn for other code, I guess this is probably fine too.

Copy link
Member Author

@bradfitz bradfitz Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, but I'm trying to minimize API differences for now with the rest of wireguard-go & upstream.

But I'd be happy to rename these in the future during upstreaming.

@bradfitz bradfitz merged commit c6fd943 into tailscale Nov 21, 2025
13 checks passed
@shyamsoumya1991-dotcom

This comment was marked as off-topic.

Sign in to view
bradfitz added a commit to tailscale/tailscale that referenced this pull request Nov 23, 2025
@bradfitz
wgengine{,/wgcfg}: push down lazy config into wireguard-go
4d4cf8f 
Depends on tailscale/wireguard-go#47

Updates #17858

Change-Id: I3e38484bfc3e73b29cbe9e53f28f140c2cf85ae1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz added a commit to tailscale/tailscale that referenced this pull request Nov 26, 2025
@bradfitz
wgengine{,/wgcfg}: push down lazy config into wireguard-go
d1d12cc 
Depends on tailscale/wireguard-go#47

Updates #17858

Change-Id: I3e38484bfc3e73b29cbe9e53f28f140c2cf85ae1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raggi raggi raggi approved these changes

@creachadair creachadair creachadair approved these changes

+1 more reviewer

@zeeshanahmad3366-ctrl zeeshanahmad3366-ctrl zeeshanahmad3366-ctrl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@bradfitz @shyamsoumya1991-dotcom @raggi @creachadair @zeeshanahmad3366-ctrl