From a9ea6336fa9648299b72fd4fbd9d835f596180ec Mon Sep 17 00:00:00 2001 From: Michael Ben-Ami Date: Fri, 12 Jun 2026 11:52:25 -0400 Subject: [PATCH] wgengine: delete Conn25 packet hooks Package features/conn25 wires up the hooks directly on the tun wrapper without needing to go through the userspace engine, so this codepath is unused and not needed. Updates #cleanup Signed-off-by: Michael Ben-Ami --- wgengine/userspace.go | 61 ++++++++++++------------------------------- 1 file changed, 16 insertions(+), 45 deletions(-) diff --git a/wgengine/userspace.go b/wgengine/userspace.go index 397096c0c..58a09a50f 100644 --- a/wgengine/userspace.go +++ b/wgengine/userspace.go @@ -125,10 +125,9 @@ type userspaceEngine struct { lastCfgFull wgcfg.Config lastRouter *router.Config - lastDNSConfig dns.ConfigView // or invalid if none - lastIsSubnetRouter bool // was the node a primary subnet router in the last run. - reconfigureVPN func() error // or nil - conn25PacketHooks Conn25PacketHooks // or nil + lastDNSConfig dns.ConfigView // or invalid if none + lastIsSubnetRouter bool // was the node a primary subnet router in the last run. + reconfigureVPN func() error // or nil // lastAppliedDisableTUNUDPGRO and lastAppliedDisableTUNTCPGRO cache the // controlknobs values that were last applied to the TUN device. They are @@ -171,19 +170,6 @@ type BIRDClient interface { Close() error } -// Conn25PacketHooks are hooks for Connectors 2025 app connectors. -// They are meant to be wired into to corresponding hooks in the -// [tstun.Wrapper]. They may modify the packet (e.g., NAT), or drop -// invalid app connector traffic. -type Conn25PacketHooks interface { - // HandlePacketsFromTunDevice sends packets originating from the tun device - // for further Connectors 2025 app connectors processing. - HandlePacketsFromTunDevice(*packet.Parsed) filter.Response - // HandlePacketsFromWireguard sends packets originating from WireGuard - // for further Connectors 2025 app connectors processing. - HandlePacketsFromWireGuard(*packet.Parsed) filter.Response -} - // Config is the engine configuration. type Config struct { // Tun is the device used by the Engine to exchange packets with @@ -261,10 +247,6 @@ type Config struct { // become required non-nil. EventBus *eventbus.Bus - // Conn25PacketHooks, if non-nil, is used to hook packets for Connectors 2025 - // app connector handling logic. - Conn25PacketHooks Conn25PacketHooks - // ForceDiscoKey, if non-zero, forces the use of a specific disco // private key. This should only be used for special cases and // experiments, not for production. The recommended normal path is to @@ -379,20 +361,19 @@ func NewUserspaceEngine(logf logger.Logf, conf Config) (_ Engine, reterr error) } e := &userspaceEngine{ - eventBus: conf.EventBus, - timeNow: mono.Now, - logf: logf, - reqCh: make(chan struct{}, 1), - waitCh: make(chan struct{}), - tundev: tsTUNDev, - router: rtr, - dialer: conf.Dialer, - confListenPort: conf.ListenPort, - birdClient: conf.BIRDClient, - controlKnobs: conf.ControlKnobs, - reconfigureVPN: conf.ReconfigureVPN, - health: conf.HealthTracker, - conn25PacketHooks: conf.Conn25PacketHooks, + eventBus: conf.EventBus, + timeNow: mono.Now, + logf: logf, + reqCh: make(chan struct{}, 1), + waitCh: make(chan struct{}), + tundev: tsTUNDev, + router: rtr, + dialer: conf.Dialer, + confListenPort: conf.ListenPort, + birdClient: conf.BIRDClient, + controlKnobs: conf.ControlKnobs, + reconfigureVPN: conf.ReconfigureVPN, + health: conf.HealthTracker, } if e.birdClient != nil { @@ -465,16 +446,6 @@ func NewUserspaceEngine(logf logger.Logf, conf Config) (_ Engine, reterr error) } e.tundev.PreFilterPacketOutboundToWireGuardEngineIntercept = e.handleLocalPackets - if e.conn25PacketHooks != nil { - e.tundev.PreFilterPacketOutboundToWireGuardAppConnectorIntercept = func(p *packet.Parsed, _ *tstun.Wrapper) filter.Response { - return e.conn25PacketHooks.HandlePacketsFromTunDevice(p) - } - - e.tundev.PostFilterPacketInboundFromWireGuardAppConnector = func(p *packet.Parsed, _ *tstun.Wrapper) filter.Response { - return e.conn25PacketHooks.HandlePacketsFromWireGuard(p) - } - } - if buildfeatures.HasDebug && envknob.BoolDefaultTrue("TS_DEBUG_CONNECT_FAILURES") { if e.tundev.PreFilterPacketInboundFromWireGuard != nil { return nil, errors.New("unexpected PreFilterIn already set")