[client] Add disable system flags (#3153)

client/internal/routemanager/manager.go

@@ -48,6 +48,21 @@ type Manager interface {
 	Stop(stateManager *statemanager.Manager)
 }
 
+type ManagerConfig struct {
+	Context             context.Context
+	PublicKey           string
+	DNSRouteInterval    time.Duration
+	WGInterface         iface.IWGIface
+	StatusRecorder      *peer.Status
+	RelayManager        *relayClient.Manager
+	InitialRoutes       []*route.Route
+	StateManager        *statemanager.Manager
+	DNSServer           dns.Server
+	PeerStore           *peerstore.Store
+	DisableClientRoutes bool
+	DisableServerRoutes bool
+}
+
 // DefaultManager is the default instance of a route manager
 type DefaultManager struct {
 	ctx                  context.Context
@@ -55,7 +70,7 @@ type DefaultManager struct {
 	mux                  sync.Mutex
 	clientNetworks       map[route.HAUniqueID]*clientNetwork
 	routeSelector        *routeselector.RouteSelector
-	serverRouter         serverRouter
+	serverRouter         *serverRouter
 	sysOps               *systemops.SysOps
 	statusRecorder       *peer.Status
 	relayMgr             *relayClient.Manager
@@ -67,48 +82,46 @@ type DefaultManager struct {
 	dnsRouteInterval     time.Duration
 	stateManager         *statemanager.Manager
 	// clientRoutes is the most recent list of clientRoutes received from the Management Service
-	clientRoutes   route.HAMap
-	dnsServer      dns.Server
-	peerStore      *peerstore.Store
-	useNewDNSRoute bool
+	clientRoutes        route.HAMap
+	dnsServer           dns.Server
+	peerStore           *peerstore.Store
+	useNewDNSRoute      bool
+	disableClientRoutes bool
+	disableServerRoutes bool
 }
 
-func NewManager(
-	ctx context.Context,
-	pubKey string,
-	dnsRouteInterval time.Duration,
-	wgInterface iface.IWGIface,
-	statusRecorder *peer.Status,
-	relayMgr *relayClient.Manager,
-	initialRoutes []*route.Route,
-	stateManager *statemanager.Manager,
-	dnsServer dns.Server,
-	peerStore *peerstore.Store,
-) *DefaultManager {
-	mCTX, cancel := context.WithCancel(ctx)
+func NewManager(config ManagerConfig) *DefaultManager {
+	mCTX, cancel := context.WithCancel(config.Context)
 	notifier := notifier.NewNotifier()
-	sysOps := systemops.NewSysOps(wgInterface, notifier)
+	sysOps := systemops.NewSysOps(config.WGInterface, notifier)
 
 	dm := &DefaultManager{
-		ctx:              mCTX,
-		stop:             cancel,
-		dnsRouteInterval: dnsRouteInterval,
-		clientNetworks:   make(map[route.HAUniqueID]*clientNetwork),
-		relayMgr:         relayMgr,
-		sysOps:           sysOps,
-		statusRecorder:   statusRecorder,
-		wgInterface:      wgInterface,
-		pubKey:           pubKey,
-		notifier:         notifier,
-		stateManager:     stateManager,
-		dnsServer:        dnsServer,
-		peerStore:        peerStore,
+		ctx:                 mCTX,
+		stop:                cancel,
+		dnsRouteInterval:    config.DNSRouteInterval,
+		clientNetworks:      make(map[route.HAUniqueID]*clientNetwork),
+		relayMgr:            config.RelayManager,
+		sysOps:              sysOps,
+		statusRecorder:      config.StatusRecorder,
+		wgInterface:         config.WGInterface,
+		pubKey:              config.PublicKey,
+		notifier:            notifier,
+		stateManager:        config.StateManager,
+		dnsServer:           config.DNSServer,
+		peerStore:           config.PeerStore,
+		disableClientRoutes: config.DisableClientRoutes,
+		disableServerRoutes: config.DisableServerRoutes,
+	}
+
+	// don't proceed with client routes if it is disabled
+	if config.DisableClientRoutes {
+		return dm
 	}
 
 	dm.setupRefCounters()
 
 	if runtime.GOOS == "android" {
-		cr := dm.initialClientRoutes(initialRoutes)
+		cr := dm.initialClientRoutes(config.InitialRoutes)
 		dm.notifier.SetInitialClientRoutes(cr)
 	}
 	return dm
@@ -156,7 +169,7 @@ func (m *DefaultManager) setupRefCounters() {
 func (m *DefaultManager) Init() (nbnet.AddHookFunc, nbnet.RemoveHookFunc, error) {
 	m.routeSelector = m.initSelector()
 
-	if nbnet.CustomRoutingDisabled() {
+	if nbnet.CustomRoutingDisabled() || m.disableClientRoutes {
 		return nil, nil, nil
 	}
 
@@ -202,6 +215,15 @@ func (m *DefaultManager) initSelector() *routeselector.RouteSelector {
 }
 
 func (m *DefaultManager) EnableServerRouter(firewall firewall.Manager) error {
+	if m.disableServerRoutes {
+		log.Info("server routes are disabled")
+		return nil
+	}
+
+	if firewall == nil {
+		return errors.New("firewall manager is not set")
+	}
+
 	var err error
 	m.serverRouter, err = newServerRouter(m.ctx, m.wgInterface, firewall, m.statusRecorder)
 	if err != nil {
@@ -228,7 +250,7 @@ func (m *DefaultManager) Stop(stateManager *statemanager.Manager) {
 		}
 	}
 
-	if !nbnet.CustomRoutingDisabled() {
+	if !nbnet.CustomRoutingDisabled() && !m.disableClientRoutes {
 		if err := m.sysOps.CleanupRouting(stateManager); err != nil {
 			log.Errorf("Error cleaning up routing: %v", err)
 		} else {
@@ -258,9 +280,11 @@ func (m *DefaultManager) UpdateRoutes(updateSerial uint64, newRoutes []*route.Ro
 
 	newServerRoutesMap, newClientRoutesIDMap := m.classifyRoutes(newRoutes)
 
-	filteredClientRoutes := m.routeSelector.FilterSelected(newClientRoutesIDMap)
-	m.updateClientNetworks(updateSerial, filteredClientRoutes)
-	m.notifier.OnNewRoutes(filteredClientRoutes)
+	if !m.disableClientRoutes {
+		filteredClientRoutes := m.routeSelector.FilterSelected(newClientRoutesIDMap)
+		m.updateClientNetworks(updateSerial, filteredClientRoutes)
+		m.notifier.OnNewRoutes(filteredClientRoutes)
+	}
 
 	if m.serverRouter != nil {
 		err := m.serverRouter.updateRoutes(newServerRoutesMap)

client/internal/routemanager/manager_test.go

@@ -424,7 +424,12 @@ func TestManagerUpdateRoutes(t *testing.T) {
 
 			statusRecorder := peer.NewRecorder("https://mgm")
 			ctx := context.TODO()
-			routeManager := NewManager(ctx, localPeerKey, 0, wgInterface, statusRecorder, nil, nil, nil, nil, nil)
+			routeManager := NewManager(ManagerConfig{
+				Context:        ctx,
+				PublicKey:      localPeerKey,
+				WGInterface:    wgInterface,
+				StatusRecorder: statusRecorder,
+			})
 
 			_, _, err = routeManager.Init()
 
@@ -450,8 +455,7 @@ func TestManagerUpdateRoutes(t *testing.T) {
 			require.Len(t, routeManager.clientNetworks, expectedWatchers, "client networks size should match")
 
 			if runtime.GOOS == "linux" && routeManager.serverRouter != nil {
-				sr := routeManager.serverRouter.(*defaultServerRouter)
-				require.Len(t, sr.routes, testCase.serverRoutesExpected, "server networks size should match")
+				require.Len(t, routeManager.serverRouter.routes, testCase.serverRoutesExpected, "server networks size should match")
 			}
 		})
 	}

client/internal/routemanager/server.go

@@ -1,9 +0,0 @@
-package routemanager
-
-import "github.com/netbirdio/netbird/route"
-
-type serverRouter interface {
-	updateRoutes(map[route.ID]*route.Route) error
-	removeFromServerNetwork(*route.Route) error
-	cleanUp()
-}

client/internal/routemanager/server_android.go

@@ -9,8 +9,19 @@ import (
 	firewall "github.com/netbirdio/netbird/client/firewall/manager"
 	"github.com/netbirdio/netbird/client/iface"
 	"github.com/netbirdio/netbird/client/internal/peer"
+	"github.com/netbirdio/netbird/route"
 )
 
-func newServerRouter(context.Context, iface.IWGIface, firewall.Manager, *peer.Status) (serverRouter, error) {
+type serverRouter struct {
+}
+
+func (r serverRouter) cleanUp() {
+}
+
+func (r serverRouter) updateRoutes(map[route.ID]*route.Route) error {
+	return nil
+}
+
+func newServerRouter(context.Context, iface.IWGIface, firewall.Manager, *peer.Status) (*serverRouter, error) {
 	return nil, fmt.Errorf("server route not supported on this os")
 }

client/internal/routemanager/server_nonandroid.go

@@ -17,7 +17,7 @@ import (
 	"github.com/netbirdio/netbird/route"
 )
 
-type defaultServerRouter struct {
+type serverRouter struct {
 	mux            sync.Mutex
 	ctx            context.Context
 	routes         map[route.ID]*route.Route
@@ -26,8 +26,8 @@ type defaultServerRouter struct {
 	statusRecorder *peer.Status
 }
 
-func newServerRouter(ctx context.Context, wgInterface iface.IWGIface, firewall firewall.Manager, statusRecorder *peer.Status) (serverRouter, error) {
-	return &defaultServerRouter{
+func newServerRouter(ctx context.Context, wgInterface iface.IWGIface, firewall firewall.Manager, statusRecorder *peer.Status) (*serverRouter, error) {
+	return &serverRouter{
 		ctx:            ctx,
 		routes:         make(map[route.ID]*route.Route),
 		firewall:       firewall,
@@ -36,7 +36,7 @@ func newServerRouter(ctx context.Context, wgInterface iface.IWGIface, firewall f
 	}, nil
 }
 
-func (m *defaultServerRouter) updateRoutes(routesMap map[route.ID]*route.Route) error {
+func (m *serverRouter) updateRoutes(routesMap map[route.ID]*route.Route) error {
 	serverRoutesToRemove := make([]route.ID, 0)
 
 	for routeID := range m.routes {
@@ -80,74 +80,72 @@ func (m *defaultServerRouter) updateRoutes(routesMap map[route.ID]*route.Route)
 	return nil
 }
 
-func (m *defaultServerRouter) removeFromServerNetwork(route *route.Route) error {
-	select {
-	case <-m.ctx.Done():
+func (m *serverRouter) removeFromServerNetwork(route *route.Route) error {
+	if m.ctx.Err() != nil {
 		log.Infof("Not removing from server network because context is done")
 		return m.ctx.Err()
-	default:
-		m.mux.Lock()
-		defer m.mux.Unlock()
-
-		routerPair, err := routeToRouterPair(route)
-		if err != nil {
-			return fmt.Errorf("parse prefix: %w", err)
-		}
-
-		err = m.firewall.RemoveNatRule(routerPair)
-		if err != nil {
-			return fmt.Errorf("remove routing rules: %w", err)
-		}
-
-		delete(m.routes, route.ID)
-
-		state := m.statusRecorder.GetLocalPeerState()
-		delete(state.Routes, route.Network.String())
-		m.statusRecorder.UpdateLocalPeerState(state)
-
-		return nil
 	}
+
+	m.mux.Lock()
+	defer m.mux.Unlock()
+
+	routerPair, err := routeToRouterPair(route)
+	if err != nil {
+		return fmt.Errorf("parse prefix: %w", err)
+	}
+
+	err = m.firewall.RemoveNatRule(routerPair)
+	if err != nil {
+		return fmt.Errorf("remove routing rules: %w", err)
+	}
+
+	delete(m.routes, route.ID)
+
+	state := m.statusRecorder.GetLocalPeerState()
+	delete(state.Routes, route.Network.String())
+	m.statusRecorder.UpdateLocalPeerState(state)
+
+	return nil
 }
 
-func (m *defaultServerRouter) addToServerNetwork(route *route.Route) error {
-	select {
-	case <-m.ctx.Done():
+func (m *serverRouter) addToServerNetwork(route *route.Route) error {
+	if m.ctx.Err() != nil {
 		log.Infof("Not adding to server network because context is done")
 		return m.ctx.Err()
-	default:
-		m.mux.Lock()
-		defer m.mux.Unlock()
-
-		routerPair, err := routeToRouterPair(route)
-		if err != nil {
-			return fmt.Errorf("parse prefix: %w", err)
-		}
-
-		err = m.firewall.AddNatRule(routerPair)
-		if err != nil {
-			return fmt.Errorf("insert routing rules: %w", err)
-		}
-
-		m.routes[route.ID] = route
-
-		state := m.statusRecorder.GetLocalPeerState()
-		if state.Routes == nil {
-			state.Routes = map[string]struct{}{}
-		}
-
-		routeStr := route.Network.String()
-		if route.IsDynamic() {
-			routeStr = route.Domains.SafeString()
-		}
-		state.Routes[routeStr] = struct{}{}
-
-		m.statusRecorder.UpdateLocalPeerState(state)
-
-		return nil
 	}
+
+	m.mux.Lock()
+	defer m.mux.Unlock()
+
+	routerPair, err := routeToRouterPair(route)
+	if err != nil {
+		return fmt.Errorf("parse prefix: %w", err)
+	}
+
+	err = m.firewall.AddNatRule(routerPair)
+	if err != nil {
+		return fmt.Errorf("insert routing rules: %w", err)
+	}
+
+	m.routes[route.ID] = route
+
+	state := m.statusRecorder.GetLocalPeerState()
+	if state.Routes == nil {
+		state.Routes = map[string]struct{}{}
+	}
+
+	routeStr := route.Network.String()
+	if route.IsDynamic() {
+		routeStr = route.Domains.SafeString()
+	}
+	state.Routes[routeStr] = struct{}{}
+
+	m.statusRecorder.UpdateLocalPeerState(state)
+
+	return nil
 }
 
-func (m *defaultServerRouter) cleanUp() {
+func (m *serverRouter) cleanUp() {
 	m.mux.Lock()
 	defer m.mux.Unlock()
 	for _, r := range m.routes {