[client] Use platform-native routing APIs for freeBSD, macOS and Windows

2026-04-18 08:16:39 +00:00 · 2025-06-04 16:28:58 +02:00
parent 87148c503f
commit ea4d13e96d
53 changed files with 1552 additions and 1046 deletions
--- a/client/internal/netflow/conntrack/conntrack.go
+++ b/client/internal/netflow/conntrack/conntrack.go
@@ -232,7 +232,7 @@ func (c *ConnTrack) relevantFlow(mark uint32, srcIP, dstIP netip.Addr) bool {

 	// fallback if mark rules are not in place
 	wgnet := c.iface.Address().Network
-	return wgnet.Contains(srcIP.AsSlice()) || wgnet.Contains(dstIP.AsSlice())
+	return wgnet.Contains(srcIP) || wgnet.Contains(dstIP)
 }

 // mapRxPackets maps packet counts to RX based on flow direction
@@ -293,17 +293,15 @@ func (c *ConnTrack) inferDirection(mark uint32, srcIP, dstIP netip.Addr) nftypes
 	// fallback if marks are not set
 	wgaddr := c.iface.Address().IP
 	wgnetwork := c.iface.Address().Network
-	src, dst := srcIP.AsSlice(), dstIP.AsSlice()
-
 	switch {
-	case wgaddr.Equal(src):
+	case wgaddr == srcIP:
 		return nftypes.Egress
-	case wgaddr.Equal(dst):
+	case wgaddr == dstIP:
 		return nftypes.Ingress
-	case wgnetwork.Contains(src):
+	case wgnetwork.Contains(srcIP):
 		// netbird network -> resource network
 		return nftypes.Ingress
-	case wgnetwork.Contains(dst):
+	case wgnetwork.Contains(dstIP):
 		// resource network -> netbird network
 		return nftypes.Egress
 	}
--- a/client/internal/netflow/logger/logger.go
+++ b/client/internal/netflow/logger/logger.go
@@ -2,7 +2,7 @@ package logger

 import (
 	"context"
-	"net"
+	"net/netip"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -23,17 +23,16 @@ type Logger struct {
 	rcvChan            atomic.Pointer[rcvChan]
 	cancel             context.CancelFunc
 	statusRecorder     *peer.Status
-	wgIfaceIPNet       net.IPNet
+	wgIfaceNet         netip.Prefix
 	dnsCollection      atomic.Bool
 	exitNodeCollection atomic.Bool
 	Store              types.Store
 }

-func New(statusRecorder *peer.Status, wgIfaceIPNet net.IPNet) *Logger {
-
+func New(statusRecorder *peer.Status, wgIfaceIPNet netip.Prefix) *Logger {
 	return &Logger{
 		statusRecorder: statusRecorder,
-		wgIfaceIPNet:   wgIfaceIPNet,
+		wgIfaceNet:     wgIfaceIPNet,
 		Store:          store.NewMemoryStore(),
 	}
 }
@@ -89,11 +88,11 @@ func (l *Logger) startReceiver() {
 			var isSrcExitNode bool
 			var isDestExitNode bool

-			if !l.wgIfaceIPNet.Contains(net.IP(event.SourceIP.AsSlice())) {
+			if !l.wgIfaceNet.Contains(event.SourceIP) {
 				event.SourceResourceID, isSrcExitNode = l.statusRecorder.CheckRoutes(event.SourceIP)
 			}

-			if !l.wgIfaceIPNet.Contains(net.IP(event.DestIP.AsSlice())) {
+			if !l.wgIfaceNet.Contains(event.DestIP) {
 				event.DestResourceID, isDestExitNode = l.statusRecorder.CheckRoutes(event.DestIP)
 			}

--- a/client/internal/netflow/logger/logger_test.go
+++ b/client/internal/netflow/logger/logger_test.go
@@ -1,7 +1,7 @@
 package logger_test

 import (
-	"net"
+	"net/netip"
 	"testing"
 	"time"

@@ -12,7 +12,7 @@ import (
 )

 func TestStore(t *testing.T) {
-	logger := logger.New(nil, net.IPNet{})
+	logger := logger.New(nil, netip.Prefix{})
 	logger.Enable()

 	event := types.EventFields{
--- a/client/internal/netflow/manager.go
+++ b/client/internal/netflow/manager.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"net"
+	"net/netip"
 	"runtime"
 	"sync"
 	"time"
@@ -34,11 +34,11 @@ type Manager struct {

 // NewManager creates a new netflow manager
 func NewManager(iface nftypes.IFaceMapper, publicKey []byte, statusRecorder *peer.Status) *Manager {
-	var ipNet net.IPNet
+	var prefix netip.Prefix
 	if iface != nil {
-		ipNet = *iface.Address().Network
+		prefix = iface.Address().Network
 	}
-	flowLogger := logger.New(statusRecorder, ipNet)
+	flowLogger := logger.New(statusRecorder, prefix)

 	var ct nftypes.ConnTracker
 	if runtime.GOOS == "linux" && iface != nil && !iface.IsUserspaceBind() {
--- a/client/internal/netflow/manager_test.go
+++ b/client/internal/netflow/manager_test.go
@@ -1,7 +1,7 @@
 package netflow

 import (
-	"net"
+	"net/netip"
 	"testing"
 	"time"

@@ -33,10 +33,7 @@ func (m *mockIFaceMapper) IsUserspaceBind() bool {
 func TestManager_Update(t *testing.T) {
 	mockIFace := &mockIFaceMapper{
 		address: wgaddr.Address{
-			Network: &net.IPNet{
-				IP:   net.ParseIP("192.168.1.1"),
-				Mask: net.CIDRMask(24, 32),
-			},
+			Network: netip.MustParsePrefix("192.168.1.1/32"),
 		},
 		isUserspaceBind: true,
 	}
@@ -102,10 +99,7 @@ func TestManager_Update(t *testing.T) {
 func TestManager_Update_TokenPreservation(t *testing.T) {
 	mockIFace := &mockIFaceMapper{
 		address: wgaddr.Address{
-			Network: &net.IPNet{
-				IP:   net.ParseIP("192.168.1.1"),
-				Mask: net.CIDRMask(24, 32),
-			},
+			Network: netip.MustParsePrefix("192.168.1.1/32"),
 		},
 		isUserspaceBind: true,
 	}