Reconfigure support for crypto-key routing

src/yggdrasil/ckr.go

@@ -45,25 +45,73 @@ func (c *cryptokey) init(core *Core) {
 		for {
 			select {
 			case e := <-c.reconfigure:
-				e <- nil
+				e <- c.configure()
 			}
 		}
 	}()
 
+	if err := c.configure(); err != nil {
+		c.core.log.Println("CKR configuration failed:", err)
+	}
+}
+
+// Configure the CKR routes
+func (c *cryptokey) configure() error {
+	c.core.configMutex.RLock()
+	defer c.core.configMutex.RUnlock()
+
+	// Set enabled/disabled state
+	c.setEnabled(c.core.config.TunnelRouting.Enable)
+
+	// Clear out existing routes
 	c.mutexroutes.Lock()
-	c.ipv4routes = make([]cryptokey_route, 0)
 	c.ipv6routes = make([]cryptokey_route, 0)
+	c.ipv4routes = make([]cryptokey_route, 0)
 	c.mutexroutes.Unlock()
 
+	// Add IPv6 routes
+	for ipv6, pubkey := range c.core.config.TunnelRouting.IPv6Destinations {
+		if err := c.addRoute(ipv6, pubkey); err != nil {
+			return err
+		}
+	}
+
+	// Add IPv4 routes
+	for ipv4, pubkey := range c.core.config.TunnelRouting.IPv4Destinations {
+		if err := c.addRoute(ipv4, pubkey); err != nil {
+			return err
+		}
+	}
+
+	// Clear out existing sources
+	c.mutexsources.Lock()
+	c.ipv6sources = make([]net.IPNet, 0)
+	c.ipv4sources = make([]net.IPNet, 0)
+	c.mutexsources.Unlock()
+
+	// Add IPv6 sources
+	c.ipv6sources = make([]net.IPNet, 0)
+	for _, source := range c.core.config.TunnelRouting.IPv6Sources {
+		if err := c.addSourceSubnet(source); err != nil {
+			return err
+		}
+	}
+
+	// Add IPv4 sources
+	c.ipv4sources = make([]net.IPNet, 0)
+	for _, source := range c.core.config.TunnelRouting.IPv4Sources {
+		if err := c.addSourceSubnet(source); err != nil {
+			return err
+		}
+	}
+
+	// Wipe the caches
 	c.mutexcache.Lock()
 	c.ipv4cache = make(map[address.Address]cryptokey_route, 0)
 	c.ipv6cache = make(map[address.Address]cryptokey_route, 0)
 	c.mutexcache.Unlock()
 
-	c.mutexsources.Lock()
+	return nil
-	c.ipv4sources = make([]net.IPNet, 0)
-	c.ipv6sources = make([]net.IPNet, 0)
-	c.mutexsources.Unlock()
 }
 
 // Enable or disable crypto-key routing.

src/yggdrasil/core.go

@@ -231,31 +231,6 @@ func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) error {
 		return err
 	}
 
-	c.router.cryptokey.setEnabled(nc.TunnelRouting.Enable)
-	if c.router.cryptokey.isEnabled() {
-		c.log.Println("Crypto-key routing enabled")
-		for ipv6, pubkey := range nc.TunnelRouting.IPv6Destinations {
-			if err := c.router.cryptokey.addRoute(ipv6, pubkey); err != nil {
-				panic(err)
-			}
-		}
-		for _, source := range nc.TunnelRouting.IPv6Sources {
-			if err := c.router.cryptokey.addSourceSubnet(source); err != nil {
-				panic(err)
-			}
-		}
-		for ipv4, pubkey := range nc.TunnelRouting.IPv4Destinations {
-			if err := c.router.cryptokey.addRoute(ipv4, pubkey); err != nil {
-				panic(err)
-			}
-		}
-		for _, source := range nc.TunnelRouting.IPv4Sources {
-			if err := c.router.cryptokey.addSourceSubnet(source); err != nil {
-				panic(err)
-			}
-		}
-	}
-
 	if err := c.admin.start(); err != nil {
 		c.log.Println("Failed to start admin socket")
 		return err

src/yggdrasil/router.go

@@ -127,6 +127,14 @@ func (r *router) mainLoop() {
 		case f := <-r.admin:
 			f()
 		case e := <-r.reconfigure:
+			// Send reconfigure notification to cryptokey
+			response := make(chan error)
+			r.cryptokey.reconfigure <- response
+			if err := <-response; err != nil {
+				e <- err
+			}
+
+			// Anything else to do?
 			e <- nil
 		}
 	}