ipn/wg: unexpose IpcSet api

Author: ignoramous

intra/ipn/proxy.go

@@ -162,24 +162,6 @@ func (pxr *proxifier) addProxy(id, txt string) (p Proxy, err error) {
 		pxr.Unlock()
 		if p, _ = pxr.ProxyFor(id); p != nil {
 			if wgp, ok := p.(WgProxy); ok && wgp.update(id, txt) {
-				opts, err0 := wgIfConfigOf(id, &txt) // removes wg ifconfig from txt
-
-				logev(err0)("proxy: updating wg(%s); ifaddrs(%v), dns(%v), mtu(%d); err? %v",
-					id, opts.ifaddrs, opts.dns, opts.mtu, err)
-
-				if err0 != nil {
-					return nil, err0
-				}
-
-				err1 := wgp.IpcSet(txt)
-				if err1 != nil {
-					log.W("proxy: err1 updating wg(%s); %v", id, err1)
-					return nil, err1
-				} else {
-					// sensitive log: peercfg contains private key
-					log.P("proxy: updating wg(%s) len(peercfg(%d))", id, len(txt))
-				}
-
 				newcfg, readd := wgp.OnProtoChange(lp)
 				if readd || len(newcfg) > 0 {
 					log.W("proxy: cannot update wg(%s); readd it!", id)

intra/ipn/wgproxy.go

@@ -153,7 +153,6 @@ type WgProxy interface {
 	Proxy
 	tun.Device
 	update(id, txt string) bool
-	IpcSet(txt string) error
 }
 
 // Handle implements Proxy.
@@ -359,8 +358,8 @@ func stripPrefixIfNeeded(id string) string {
 // that is, incoming interface config is compatible with the existing tunnel,
 // regardless of whether peer config has changed (which can be updated in-place).
 func (w *wgproxy) update(id, txt string) bool {
-	const reuse = true // can update in-place; reuse existing tunnel
-	const anew = false // cannot update in-place; create new tunnel
+	const reused = true // can update in-place; reuse existing tunnel
+	const anew = false  // cannot update in-place; create new tunnel
 	if w.status.Load() == END {
 		log.W("proxy: wg: update(%s<>%s): END; status(%d)", id, w.id, w.status)
 		return anew
@@ -411,7 +410,13 @@ func (w *wgproxy) update(id, txt string) bool {
 	w.amnezia.Store(opts.amnezia)
 	w.resetMtu(w.getVia())
 
-	return reuse
+	ipcerr := w.IpcSet(cptxt)
+	if ipcerr != nil {
+		log.W("proxy: updating wg(%s) ipcset; err %v", id, ipcerr)
+		return anew
+	}
+
+	return reused
 }
 
 func (w *wgtun) allowedIPs(allowed []netip.Prefix) {