Skip to content

Commit

Permalink
ipn/proxies: make hop routing errs more explicit
Browse files Browse the repository at this point in the history
  • Loading branch information
@ignoramous
ignoramous committed Jan 29, 2025
1 parent 4a0ea5c commit f7f1e70
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 3 deletions.
4 changes: 3 additions & 1 deletion intra/ipn/proxies.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,9 @@ var (
errHopSelf = errors.New("proxy: hop looping back onto hop")
errHopWireGuard = errors.New("proxy: hop must be wireguard")
errHopMtuInsufficient = errors.New("proxy: hop mtu insufficient")
errHopGateway = errors.New("proxy: hop cannot route")
errHopProxyRoutes = errors.New("proxy: no routes to hop")
errHop4Gateway = errors.New("proxy: hop cannot route ip4")
errHop6Gateway = errors.New("proxy: hop cannot route ip6")
errHopGlobalProxy = errors.New("proxy: hop must be global proxy")
errNilAmzId = errors.New("proxy: amz id nil")
errNilProtonCfg = errors.New("proxy: proton cfg nil")
Expand Down
16 changes: 14 additions & 2 deletions intra/ipn/wgproxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1080,9 +1080,21 @@ func (h *wgproxy) Hop(p Proxy) (err error) {
return errHopWireGuard
}

pxCan4 := p.Router().IP4()
hopCan4 := h.Router().IP4()
pxCan6 := p.Router().IP6()
hopCan6 := h.Router().IP6()
// todo: check if all routes for p & h overlap
if h.Router().IP4() != p.Router().IP4() || h.Router().IP6() != p.Router().IP6() {
return errHopGateway
if pxCan4 { // suffices if px's ip4 is routable over hop
if !hopCan4 {
return errHop4Gateway
} // else: do not need to check for ip6 routes
} else if pxCan6 { // ip6 ok & px does not need ip4
if !hopCan6 {
return errHop6Gateway
} // else: can at least route ip6, which is enough for px
} else { // unlikely that px cannot do both ip4 & ip6
return errHopProxyRoutes
}

// mtu needed to tunnel this wg
Expand Down

0 comments on commit f7f1e70

Please sign in to comment.