ipn/wg: m refactor re-peering ipcset code block

ignoramous · ignoramous · commit 6ea740a1e96d · 2026-03-30T22:59:39.000+05:30
diff --git a/intra/ipn/wgproxy.go b/intra/ipn/wgproxy.go
@@ -422,13 +422,7 @@ func (w *wgproxy) Refresh() (err error) {
 			// Re-apply peer config so wireguard device uses freshly resolved endpoint IPs.
 			// remote.Refresh() above may have updated IPs; Device.Up() alone does not
 			// re-call ParseEndpoint, so peers would keep sending handshakes to stale IPs.
-			if cfg := w.wgtun.uapicfg.Load(); len(cfg) > 0 {
-				cpcfg := cfg                      // copies string
-				_, _ = wgIfConfigOf(w.id, &cpcfg) // removes non-uapi fields
-				if ipcerr := w.Device.IpcSet(cpcfg); ipcerr != nil {
-					log.W("proxy: wg: %s: refresh: re-apply ipcset failed; err %v", w.tag(), ipcerr)
-				}
-			}
+			w.redoPeers()
 		}
 	}
 	// not required since wgconn:NewBind() is namespace aware
@@ -438,6 +432,16 @@ func (w *wgproxy) Refresh() (err error) {
 	return
 }
 
+func (w *wgproxy) redoPeers() {
+	if cfg := w.wgtun.uapicfg.Load(); len(cfg) > 0 {
+		cpcfg := cfg                      // copies string
+		_, _ = wgIfConfigOf(w.id, &cpcfg) // removes non-uapi fields
+		if ipcerr := w.Device.IpcSet(cpcfg); ipcerr != nil {
+			log.W("proxy: wg: %s: refresh: re-apply ipcset failed; err %v", w.tag(), ipcerr)
+		}
+	}
+}
+
 func (h *wgproxy) Dialer() protect.RDialer {
 	return h
 }
@@ -1753,6 +1757,7 @@ func (h *wgtun) listener(op wg.PktDir, err error) {
 			log.I("wg: %s listener: %s, state: %s; refreshed %d dns / %d peers; why: %s",
 				h.tag(), op, pxstatus(s), m, n, why)
 		}
+		// TODO: h.redoPeers()
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -422,13 +422,7 @@ func (w *wgproxy) Refresh() (err error) {`
`422`	`422`	`// Re-apply peer config so wireguard device uses freshly resolved endpoint IPs.`
`423`	`423`	`// remote.Refresh() above may have updated IPs; Device.Up() alone does not`
`424`	`424`	`// re-call ParseEndpoint, so peers would keep sending handshakes to stale IPs.`
`425`		`- if cfg := w.wgtun.uapicfg.Load(); len(cfg) > 0 {`
`426`		`- cpcfg := cfg // copies string`
`427`		`- _, _ = wgIfConfigOf(w.id, &cpcfg) // removes non-uapi fields`
`428`		`- if ipcerr := w.Device.IpcSet(cpcfg); ipcerr != nil {`
`429`		`- log.W("proxy: wg: %s: refresh: re-apply ipcset failed; err %v", w.tag(), ipcerr)`
`430`		`- }`
`431`		`- }`
	`425`	`+ w.redoPeers()`
`432`	`426`	`}`
`433`	`427`	`}`
`434`	`428`	`// not required since wgconn:NewBind() is namespace aware`
`@@ -438,6 +432,16 @@ func (w *wgproxy) Refresh() (err error) {`
`438`	`432`	`return`
`439`	`433`	`}`
`440`	`434`
	`435`	`+func (w *wgproxy) redoPeers() {`
	`436`	`+ if cfg := w.wgtun.uapicfg.Load(); len(cfg) > 0 {`
	`437`	`+ cpcfg := cfg // copies string`
	`438`	`+ _, _ = wgIfConfigOf(w.id, &cpcfg) // removes non-uapi fields`
	`439`	`+ if ipcerr := w.Device.IpcSet(cpcfg); ipcerr != nil {`
	`440`	`+ log.W("proxy: wg: %s: refresh: re-apply ipcset failed; err %v", w.tag(), ipcerr)`
	`441`	`+ }`
	`442`	`+ }`
	`443`	`+}`
	`444`	`+`
`441`	`445`	`func (h *wgproxy) Dialer() protect.RDialer {`
`442`	`446`	`return h`
`443`	`447`	`}`
`@@ -1753,6 +1757,7 @@ func (h *wgtun) listener(op wg.PktDir, err error) {`
`1753`	`1757`	`log.I("wg: %s listener: %s, state: %s; refreshed %d dns / %d peers; why: %s",`
`1754`	`1758`	`h.tag(), op, pxstatus(s), m, n, why)`
`1755`	`1759`	`}`
	`1760`	`+ // TODO: h.redoPeers()`
`1756`	`1761`	`}`
`1757`	`1762`	`}`
`1758`	`1763`