go/daemon/children/nebula.go

@@ -6,7 +6,6 @@ import (
 	"io"
 	"isle/bootstrap"
 	"isle/daemon/daecommon"
-	"isle/nebula"
 	"isle/toolkit"
 	"net"
 	"path/filepath"
@@ -117,7 +116,7 @@ func nebulaConfig(
 			"respond": true,
 		},
 		"tun": map[string]any{
-			"dev": nebula.GetDeviceName(hostBootstrap.NetworkCreationParams.ID),
+			"dev": networkConfig.VPN.Tun.Device,
 		},
 		"firewall": firewall,
 	}

go/daemon/daecommon/config.go

@@ -24,6 +24,10 @@ const (
 //go:embed daemon.yml
 var defaultConfigB []byte
 
+type ConfigTun struct {
+	Device string `yaml:"device"`
+}
+
 type ConfigFirewall struct {
 	Outbound []ConfigFirewallRule `yaml:"outbound"`
 	Inbound  []ConfigFirewallRule `yaml:"inbound"`
@@ -70,6 +74,7 @@ type NetworkConfig struct {
 	VPN struct {
 		PublicAddr string         `yaml:"public_addr"`
 		Firewall   ConfigFirewall `yaml:"firewall"`
+		Tun        ConfigTun      `yaml:"tun"`
 	} `yaml:"vpn"`
 	Storage struct {
 		Allocations []ConfigStorageAllocation `yaml:"allocations"`
@@ -116,6 +121,12 @@ func (c *NetworkConfig) fillDefaults() {
 		}
 	}
 
+	if c.VPN.Tun.Device == "" {
+		// TODO if there are multiple Networks then each one needs a unique
+		// device name.
+		c.VPN.Tun.Device = "isle-tun"
+	}
+
 	nextRPCPort := 3900
 
 	for i := range c.Storage.Allocations {

go/daemon/daecommon/daemon.yml

@@ -47,6 +47,10 @@
         #  # If any storage allocations are declared below, the ports used will be
         #  # allowed here automatically.
 
+      #tun:
+        # Name of the tun network device which will route VPN traffic.
+        #device: isle-tun
+
     #storage:
 
       # Allocations defined here are used to store data in the distributed storage

go/daemon/daemon_test.go

@@ -127,7 +127,7 @@ func TestNew(t *testing.T) {
 			})
 
 			networkConfigB = daecommon.NewNetworkConfig(func(c *daecommon.NetworkConfig) {
-				c.VPN.PublicAddr = "1.2.3.4:5"
+				c.VPN.Tun.Device = "bar"
 			})
 
 			networkConfigC = daecommon.NewNetworkConfig(func(c *daecommon.NetworkConfig) {
@@ -189,7 +189,7 @@ func TestDaemon_SetConfig(t *testing.T) {
 			})
 
 			networkConfig = daecommon.NewNetworkConfig(func(c *daecommon.NetworkConfig) {
-				c.VPN.PublicAddr = "1.2.3.4:5"
+				c.VPN.Tun.Device = "foo"
 			})
 		)
 
@@ -220,7 +220,7 @@ func TestDaemon_SetConfig(t *testing.T) {
 			})
 		)
 
-		networkConfig.VPN.PublicAddr = "1.2.3.4:5"
+		networkConfig.VPN.Tun.Device = "foo"
 		err := h.daemon.SetConfig(h.ctx, networkConfig)
 		assert.ErrorIs(t, err, ErrManagedNetworkConfig)
 	})

go/daemon/network/network_it_util_test.go

@@ -30,19 +30,16 @@ var (
 		return filepath.Join(appDirPath, "bin")
 	})
 
-	ipNetCounter          = new(atomic.Uint64)
+	ipNetCounter          uint64 = 0
-	publicAddrPortCounter = func() *atomic.Uint64 {
+	publicAddrPortCounter uint64 = 1024
-		i := new(atomic.Uint64)
+	tunDeviceCounter      uint64 = 0
-		i.Store(1024)
-		return i
-	}()
 )
 
 func newIPNet() nebula.IPNet {
 	var (
 		ipNet    nebula.IPNet
 		ipNetStr = fmt.Sprintf(
-			"172.16.%d.0/24", ipNetCounter.Add(1)-1,
+			"172.16.%d.0/24", atomic.AddUint64(&ipNetCounter, 1),
 		)
 	)
 
@@ -55,15 +52,19 @@ func newIPNet() nebula.IPNet {
 
 func newPublicAddr() string {
 	return fmt.Sprintf(
-		"127.0.0.200:%d", publicAddrPortCounter.Add(1)-1,
+		"127.0.0.200:%d", atomic.AddUint64(&publicAddrPortCounter, 1),
 	)
 }
 
+func newTunDevice() string {
+	return fmt.Sprintf("isle-test-%d", atomic.AddUint64(&tunDeviceCounter, 1))
+}
+
 type integrationHarness struct {
 	ctx        context.Context
 	logger     *mlog.Logger
 	rootDir    toolkit.Dir
-	dirCounter atomic.Uint64
+	dirCounter uint64
 }
 
 func newIntegrationHarness(t *testing.T) *integrationHarness {
@@ -93,7 +94,7 @@ func newIntegrationHarness(t *testing.T) *integrationHarness {
 }
 
 func (h *integrationHarness) mkDir(t *testing.T, name string) toolkit.Dir {
-	fullName := fmt.Sprintf("%s-%d", name, h.dirCounter.Add(1)-1)
+	fullName := fmt.Sprintf("%s-%d", name, atomic.AddUint64(&h.dirCounter, 1))
 
 	t.Logf("Creating directory %q", fullName)
 	d, err := h.rootDir.MkChildDir(fullName, false)
@@ -128,6 +129,8 @@ func (h *integrationHarness) mkNetworkConfig(
 			c.VPN.PublicAddr = newPublicAddr()
 		}
 
+		c.VPN.Tun.Device = newTunDevice()
+
 		c.Storage.Allocations = make(
 			[]daecommon.ConfigStorageAllocation, opts.numStorageAllocs,
 		)

go/nebula/device.go

@@ -1,18 +0,0 @@
-package nebula
-
-import (
-	"fmt"
-	"sync/atomic"
-)
-
-var deviceCounter = new(atomic.Uint64)
-
-// GetDeviceName returns the network device name to use for a particular
-// network. Each returns name is gauranteed to be unique for the lifetime of the
-// process.
-func GetDeviceName(networkID string) string {
-	i := deviceCounter.Add(1) - 1
-	// the returned string will be too long for linux, but it will get
-	// automatically truncated.
-	return fmt.Sprintf("isle%d-%s", i, networkID)
-}