Merge pull request #1037 from gravitl/bugfix_v0.13.0_nil_pointers

Bugfix v0.13.0 nil pointers

logic/ips/ips_test.go

@@ -45,6 +45,6 @@ func TestIp4(t *testing.T) {
 	t.Run("First IPv6", func(t *testing.T) {
 		first, err := ips.GetFirstAddr6(ipv6Cidr)
 		assert.Nil(t, err)
-		assert.Equal(t, first.GetNetIPAddr().IP.String(), "fde6:be04:fa5e:d076::")
+		assert.Equal(t, first.GetNetIPAddr().IP.String(), "fde6:be04:fa5e:d076::1")
 	})
 }

logic/wireguard.go

@@ -150,9 +150,22 @@ func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 			logger.Log(0, "failed to get network"+err.Error())
 			return err
 		}
-		net := strings.Split(network.AddressRange, "/")
-		mask := net[len(net)-1]
-		setKernelDevice(ifacename, node.Address, mask)
+		var address4 string
+		var address6 string
+		var mask4 string
+		var mask6 string
+		if network.AddressRange != "" {
+			net := strings.Split(network.AddressRange, "/")
+			mask4 = net[len(net)-1]
+			address4 = node.Address
+		}
+		if network.AddressRange6 != "" {
+			net := strings.Split(network.AddressRange6, "/")
+			mask6 = net[len(net)-1]
+			address6 = node.Address
+		}
+
+		setKernelDevice(ifacename, address4, mask4, address6, mask6)
 	}
 
 	nodeport := int(node.ListenPort)
@@ -233,9 +246,13 @@ func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 				_, _ = ncutils.RunCmd(ipExec+" -4 route add "+gateway+" dev "+ifacename, true)
 			}
 		}
+		if node.Address != "" {
+			logger.Log(1, "adding address:", node.Address)
+			_, _ = ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+node.Address+"/32", true)
+		}
 		if node.Address6 != "" {
-			logger.Log(1, "adding address:", node.Address6)
-			_, _ = ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+node.Address6+"/64", true)
+			logger.Log(1, "adding address6:", node.Address6)
+			_, _ = ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+node.Address6+"/128", true)
 		}
 		wireguard.SetPeers(ifacename, node, peers)
 	}
@@ -243,7 +260,7 @@ func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 	return err
 }
 
-func setKernelDevice(ifacename, address, mask string) error {
+func setKernelDevice(ifacename, address4, mask4, address6, mask6 string) error {
 	ipExec, err := exec.LookPath("ip")
 	if err != nil {
 		return err
@@ -252,7 +269,12 @@ func setKernelDevice(ifacename, address, mask string) error {
 	// == best effort ==
 	ncutils.RunCmd("ip link delete dev "+ifacename, false)
 	ncutils.RunCmd(ipExec+" link add dev "+ifacename+" type wireguard", true)
-	ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+address+"/"+mask, true) // this was a bug waiting to happen
+	if address4 != "" {
+		ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+address4+"/"+mask4, true)
+	}
+	if address6 != "" {
+		ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+address6+"/"+mask6, true)
+	}
 
 	return nil
 }

main.go

@@ -201,7 +201,7 @@ func genCerts() error {
 	} else if err != nil {
 		return err
 	}
-	ca, err := tls.ReadCert(functions.GetNetmakerPath() + "/root.pem")
+	ca, err := tls.ReadCert(functions.GetNetmakerPath() + ncutils.GetSeparator() + "root.pem")
 	//if cert doesn't exist or will expire within 10 days --- but can't do this as clients won't be able to connect
 	//if errors.Is(err, os.ErrNotExist) || cert.NotAfter.Before(time.Now().Add(time.Hour*24*10)) {
 	if errors.Is(err, os.ErrNotExist) {
@@ -215,7 +215,7 @@ func genCerts() error {
 		if err != nil {
 			return err
 		}
-		if err := tls.SaveCert(functions.GetNetmakerPath(), "/root.pem", rootCA); err != nil {
+		if err := tls.SaveCert(functions.GetNetmakerPath(), ncutils.GetSeparator()+"root.pem", rootCA); err != nil {
 			return err
 		}
 		ca = rootCA

mq/handlers.go

@@ -48,7 +48,7 @@ func Ping(client mqtt.Client, msg mqtt.Message) {
 			return
 		}
 
-		logger.Log(3, "ping processed for node", node.ID)
+		logger.Log(3, "ping processed for node", node.Name, node.ID)
 		// --TODO --set client version once feature is implemented.
 		//node.SetClientVersion(msg.Payload())
 	}()

netclient/command/commands.go

@@ -93,8 +93,8 @@ func Pull(cfg *config.ClientConfig) error {
 
 		_, err = functions.Pull(cfg.Network, true)
 		_, newKey, kerr := ed25519.GenerateKey(rand.Reader)
-		if kerr == nil {
-			if kerr := tls.SaveKey(ncutils.GetNetclientPath(), "/client.key", newKey); err != nil {
+		if kerr == nil && err == nil {
+			if kerr := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); kerr != nil {
 				logger.Log(0, "error saving key", kerr.Error())
 			} else {
 				if kerr = functions.RegisterWithServer(&newKey, cfg); err != nil {

netclient/functions/common.go

@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net"
 	"net/http"
@@ -169,7 +169,7 @@ func LeaveNetwork(network string, force bool) error {
 		if response.StatusCode == http.StatusOK {
 			logger.Log(0, "deleted node", cfg.Node.Name, " on network ", cfg.Network)
 		} else {
-			bodybytes, _ := ioutil.ReadAll(response.Body)
+			bodybytes, _ := io.ReadAll(response.Body)
 			defer response.Body.Close()
 			return fmt.Errorf("error deleting node on server %s %s", response.Status, string(bodybytes))
 		}
@@ -355,7 +355,7 @@ func Authenticate(cfg *config.ClientConfig) (string, error) {
 	}
 	defer response.Body.Close()
 	if response.StatusCode != http.StatusOK {
-		bodybytes, _ := ioutil.ReadAll(response.Body)
+		bodybytes, _ := io.ReadAll(response.Body)
 		return "", fmt.Errorf("failed to authenticate %s %s", response.Status, string(bodybytes))
 	}
 	resp := models.SuccessResponse{}

netclient/functions/daemon.go

@@ -178,7 +178,7 @@ func messageQueue(ctx context.Context, server string) {
 
 // NewTLSConf sets up tls configuration to connect to broker securely
 func NewTLSConfig(server string) *tls.Config {
-	file := ncutils.GetNetclientServerPath(server) + "/root.pem"
+	file := ncutils.GetNetclientServerPath(server) + ncutils.GetSeparator() + "root.pem"
 	certpool := x509.NewCertPool()
 	ca, err := os.ReadFile(file)
 	if err != nil {
@@ -188,7 +188,7 @@ func NewTLSConfig(server string) *tls.Config {
 	if !ok {
 		logger.Log(0, "failed to append cert")
 	}
-	clientKeyPair, err := tls.LoadX509KeyPair(ncutils.GetNetclientServerPath(server)+"/client.pem", ncutils.GetNetclientPath()+"/client.key")
+	clientKeyPair, err := tls.LoadX509KeyPair(ncutils.GetNetclientServerPath(server)+ncutils.GetSeparator()+"client.pem", ncutils.GetNetclientPath()+ncutils.GetSeparator()+"client.key")
 	if err != nil {
 		log.Fatalf("could not read client cert/key %v \n", err)
 	}

netclient/functions/join.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"runtime"
@@ -141,10 +140,13 @@ func JoinNetwork(cfg *config.ClientConfig, privateKey string) error {
 	var nodeGET models.NodeGet
 	if err := json.NewDecoder(response.Body).Decode(&nodeGET); err != nil {
 		//not sure the next line will work as response.Body probably needs to be reset before it can be read again
-		bodybytes, _ := ioutil.ReadAll(response.Body)
+		bodybytes, _ := io.ReadAll(response.Body)
 		return fmt.Errorf("error decoding node from server %w %s", err, string(bodybytes))
 	}
 	node := nodeGET.Node
+	if nodeGET.Peers == nil {
+		nodeGET.Peers = []wgtypes.PeerConfig{}
+	}
 	// safety check. If returned node from server is local, but not currently configured as local, set to local addr
 	if cfg.Node.IsLocal != "yes" && node.IsLocal == "yes" && node.LocalRange != "" {
 		node.LocalAddress, err = ncutils.GetLocalIP(node.LocalRange)

netclient/functions/mqpublish.go

@@ -143,10 +143,10 @@ func publish(nodeCfg *config.ClientConfig, dest string, msg []byte, qos byte) er
 }
 
 func checkCertExpiry(cfg *config.ClientConfig) error {
-	cert, err := tls.ReadCert(ncutils.GetNetclientServerPath(cfg.Server.Server) + "/client.pem")
+	cert, err := tls.ReadCert(ncutils.GetNetclientServerPath(cfg.Server.Server) + ncutils.GetSeparator() + "client.pem")
 	//if cert doesn't exist or will expire within 10 days
 	if errors.Is(err, os.ErrNotExist) || cert.NotAfter.Before(time.Now().Add(time.Hour*24*10)) {
-		key, err := tls.ReadKey(ncutils.GetNetclientPath() + "/client.key")
+		key, err := tls.ReadKey(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key")
 		if err != nil {
 			return err
 		}

netclient/functions/pull.go

@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"os"
 	"runtime"
@@ -15,6 +15,7 @@ import (
 	"github.com/gravitl/netmaker/netclient/local"
 	"github.com/gravitl/netmaker/netclient/ncutils"
 	"github.com/gravitl/netmaker/netclient/wireguard"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	//homedir "github.com/mitchellh/go-homedir"
 )
 
@@ -39,7 +40,7 @@ func Pull(network string, iface bool) (*models.Node, error) {
 		return nil, err
 	}
 	if response.StatusCode != http.StatusOK {
-		bytes, err := ioutil.ReadAll(response.Body)
+		bytes, err := io.ReadAll(response.Body)
 		if err != nil {
 			fmt.Println(err)
 		}
@@ -53,6 +54,10 @@ func Pull(network string, iface bool) (*models.Node, error) {
 	resNode := nodeGET.Node
 	// ensure that the OS never changes
 	resNode.OS = runtime.GOOS
+	if nodeGET.Peers == nil {
+		nodeGET.Peers = []wgtypes.PeerConfig{}
+	}
+
 	if iface {
 		if err = config.ModConfig(&resNode); err != nil {
 			return nil, err

netclient/functions/register.go

@@ -25,19 +25,19 @@ func Register(cfg *config.ClientConfig, key string) error {
 	//generate new key if one doesn' exist
 	var private *ed25519.PrivateKey
 	var err error
-	private, err = tls.ReadKey(ncutils.GetNetclientPath() + "/client.key")
+	private, err = tls.ReadKey(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key")
 	if err != nil {
 		_, newKey, err := ed25519.GenerateKey(rand.Reader)
 		if err != nil {
 			return err
 		}
-		if err := tls.SaveKey(ncutils.GetNetclientPath(), "/client.key", newKey); err != nil {
+		if err := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); err != nil {
 			return err
 		}
 		private = &newKey
 	}
 	//check if cert exists
-	_, err = tls.ReadCert(ncutils.GetNetclientServerPath(cfg.Server.Server) + "/client.pem")
+	_, err = tls.ReadCert(ncutils.GetNetclientServerPath(cfg.Server.Server) + ncutils.GetSeparator() + "client.pem")
 	if errors.Is(err, os.ErrNotExist) {
 		if err := RegisterWithServer(private, cfg); err != nil {
 			return err
@@ -50,6 +50,10 @@ func Register(cfg *config.ClientConfig, key string) error {
 
 // RegisterWithServer calls the register endpoint with privatekey and commonname - api returns ca and client certificate
 func RegisterWithServer(private *ed25519.PrivateKey, cfg *config.ClientConfig) error {
+	cfg, err := config.ReadConfig(cfg.Network)
+	if err != nil {
+		return err
+	}
 	data := config.RegisterRequest{
 		Key:        *private,
 		CommonName: tls.NewCName(cfg.Node.Name),
@@ -76,10 +80,10 @@ func RegisterWithServer(private *ed25519.PrivateKey, cfg *config.ClientConfig) e
 	//the pubkeys are included in the response so the values in the certificate can be updated appropriately
 	resp.CA.PublicKey = resp.CAPubKey
 	resp.Cert.PublicKey = resp.CertPubKey
-	if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+"/", "root.pem", &resp.CA); err != nil {
+	if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+ncutils.GetSeparator(), "root.pem", &resp.CA); err != nil {
 		return err
 	}
-	if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+"/", "client.pem", &resp.Cert); err != nil {
+	if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+ncutils.GetSeparator(), "client.pem", &resp.Cert); err != nil {
 		return err
 	}
 	logger.Log(0, "certificates/key saved ")

netclient/ncutils/netclientutils.go

@@ -298,6 +298,15 @@ func GetNetclientPath() string {
 	}
 }
 
+// GetSeparator - gets the separator for OS
+func GetSeparator() string {
+	if IsWindows() {
+		return "\\"
+	} else {
+		return "/"
+	}
+}
+
 // GetFileWithRetry - retry getting file X number of times before failing
 func GetFileWithRetry(path string, retryCount int) ([]byte, error) {
 	var data []byte

netclient/wireguard/common.go

@@ -328,12 +328,14 @@ func WriteWgConfig(node *models.Node, privateKey string, peers []wgtypes.PeerCon
 	if node.ListenPort > 0 && node.UDPHolePunch != "yes" {
 		wireguard.Section(section_interface).Key("ListenPort").SetValue(strconv.Itoa(int(node.ListenPort)))
 	}
-	if node.Address != "" {
-		wireguard.Section(section_interface).Key("Address").SetValue(node.Address)
-	}
+	addrString := node.Address
 	if node.Address6 != "" {
-		wireguard.Section(section_interface).Key("Address").SetValue(node.Address6)
+		if addrString != "" {
+			addrString += ","
+		}
+		addrString += node.Address6
 	}
+	wireguard.Section(section_interface).Key("Address").SetValue(addrString)
 	// need to figure out DNS
 	//if node.DNSOn == "yes" {
 	//	wireguard.Section(section_interface).Key("DNS").SetValue(cfg.Server.CoreDNSAddr)
@@ -433,12 +435,14 @@ func UpdateWgInterface(file, privateKey, nameserver string, node models.Node) er
 	}
 	wireguard.Section(section_interface).Key("PrivateKey").SetValue(privateKey)
 	wireguard.Section(section_interface).Key("ListenPort").SetValue(strconv.Itoa(int(node.ListenPort)))
-	if node.Address != "" {
-		wireguard.Section(section_interface).Key("Address").SetValue(node.Address)
-	}
+	addrString := node.Address
 	if node.Address6 != "" {
-		wireguard.Section(section_interface).Key("Address").SetValue(node.Address6)
+		if addrString != "" {
+			addrString += ","
+		}
+		addrString += node.Address6
 	}
+	wireguard.Section(section_interface).Key("Address").SetValue(addrString)
 	//if node.DNSOn == "yes" {
 	//	wireguard.Section(section_interface).Key("DNS").SetValue(nameserver)
 	//}

netclient/wireguard/noquick.go

@@ -51,14 +51,18 @@ func ApplyWithoutWGQuick(node *models.Node, ifacename string, confPath string) e
 			ListenPort: &nodeport,
 		}
 	}
-
+	var address4 string
+	var address6 string
+	var mask4 string
+	var mask6 string
 	if node.Address != "" {
 		netmaskArr := strings.Split(node.NetworkSettings.AddressRange, "/")
 		var netmask = "32"
 		if len(netmaskArr) == 2 {
 			netmask = netmaskArr[1]
 		}
-		setKernelDevice(ifacename, node.Address, netmask)
+		mask4 = netmask
+		address4 = node.Address
 	}
 	if node.Address6 != "" {
 		netmaskArr := strings.Split(node.NetworkSettings.AddressRange6, "/")
@@ -66,8 +70,11 @@ func ApplyWithoutWGQuick(node *models.Node, ifacename string, confPath string) e
 		if len(netmaskArr) == 2 {
 			netmask = netmaskArr[1]
 		}
-		setKernelDevice(ifacename, node.Address6, netmask)
+		mask6 = netmask
+		address6 = node.Address
 	}
+	setKernelDevice(ifacename, address4, mask4, address6, mask6)
+
 	_, err = wgclient.Device(ifacename)
 	if err != nil {
 		if !os.IsNotExist(err) {
@@ -134,7 +141,7 @@ func RemoveWithoutWGQuick(ifacename string) error {
 	return err
 }
 
-func setKernelDevice(ifacename, address, mask string) error {
+func setKernelDevice(ifacename, address4, mask4, address6, mask6 string) error {
 	ipExec, err := exec.LookPath("ip")
 	if err != nil {
 		return err
@@ -143,7 +150,11 @@ func setKernelDevice(ifacename, address, mask string) error {
 	// == best effort ==
 	ncutils.RunCmd("ip link delete dev "+ifacename, false)
 	ncutils.RunCmd(ipExec+" link add dev "+ifacename+" type wireguard", true)
-	ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+address+"/"+mask, true) // this was a bug waiting to happen
-
+	if address4 != "" {
+		ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+address4+"/"+mask4, true)
+	}
+	if address6 != "" {
+		ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+address6+"/"+mask6, true)
+	}
 	return nil
 }