optimise egress calls

controllers/acls.go

@@ -176,6 +176,7 @@ func aclDebug(w http.ResponseWriter, r *http.Request) {
 		Policies      []models.Acl
 		IngressRules  []models.FwRule
 		NodeAllPolicy bool
+		EgressNets    map[string]models.Node
 	}
 
 	allowed, ps := logic.IsNodeAllowedToCommunicate(node, peer, true)
@@ -184,6 +185,7 @@ func aclDebug(w http.ResponseWriter, r *http.Request) {
 		IsNodeAllowed: allowed,
 		IsPeerAllowed: isallowed,
 		Policies:      ps,
+		EgressNets:    logic.GetNetworkEgressInfo(models.NetworkID(node.Network)),
 	}
 	if peerIsStatic == "true" {
 		ingress, err := logic.GetNodeByID(peer.StaticNode.IngressGatewayID)

logic/egress.go

@@ -70,13 +70,14 @@ func DoesNodeHaveAccessToEgress(node *models.Node, e *schema.Egress) bool {
 	if !e.IsInetGw {
 		nodeTags[models.TagID("*")] = struct{}{}
 	}
-	acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
+
 	if !e.IsInetGw {
 		defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
 		if defaultDevicePolicy.Enabled {
 			return true
 		}
 	}
+	acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
 	for _, acl := range acls {
 		if !acl.Enabled {
 			continue
@@ -120,7 +121,7 @@ func DoesNodeHaveAccessToEgress(node *models.Node, e *schema.Egress) bool {
 	return false
 }
 
-func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egress) {
+func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egress, isDefaultPolicyActive bool) {
 
 	req := models.EgressGatewayRequest{
 		NodeID: targetNode.ID.String(),
@@ -139,16 +140,19 @@ func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egr
 		if !e.Status || e.Network != targetNode.Network {
 			continue
 		}
-		if !DoesNodeHaveAccessToEgress(node, &e) {
-			if node.IsRelayed && node.RelayedBy == targetNode.ID.String() {
-				if !DoesNodeHaveAccessToEgress(targetNode, &e) {
+		if !isDefaultPolicyActive {
+			if !DoesNodeHaveAccessToEgress(node, &e) {
+				if node.IsRelayed && node.RelayedBy == targetNode.ID.String() {
+					if !DoesNodeHaveAccessToEgress(targetNode, &e) {
+						continue
+					}
+				} else {
 					continue
 				}
-			} else {
-				continue
-			}
 
+			}
 		}
+
 		if metric, ok := e.Nodes[targetNode.ID.String()]; ok {
 			if e.IsInetGw {
 				targetNode.EgressDetails.IsInternetGateway = true
@@ -200,6 +204,82 @@ func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egr
 	}
 }
 
+// TODO
+func GetNetworkEgressInfo(network models.NetworkID) (egressNodes map[string]models.Node) {
+	eli, _ := (&schema.Egress{Network: network.String()}).ListByNetwork(db.WithContext(context.TODO()))
+	egressNodes = make(map[string]models.Node)
+	var err error
+	for _, e := range eli {
+		if !e.Status || e.Nodes == nil {
+			continue
+		}
+
+		for nodeID, metric := range e.Nodes {
+
+			targetNode, ok := egressNodes[nodeID]
+			if !ok {
+				targetNode, err = GetNodeByID(nodeID)
+				if err != nil {
+					continue
+				}
+			}
+			req := models.EgressGatewayRequest{
+				NodeID: targetNode.ID.String(),
+				NetID:  targetNode.Network,
+			}
+			IsNodeUsingInternetGw(&targetNode)
+			if e.IsInetGw {
+				targetNode.EgressDetails.IsInternetGateway = true
+				targetNode.EgressDetails.InetNodeReq = models.InetNodeReq{
+					InetNodeClientIDs: GetInetClientsFromAclPolicies(e.ID),
+				}
+				req.Ranges = append(req.Ranges, "0.0.0.0/0")
+				req.RangesWithMetric = append(req.RangesWithMetric, models.EgressRangeMetric{
+					Network:     "0.0.0.0/0",
+					Nat:         true,
+					RouteMetric: 256,
+				})
+				req.Ranges = append(req.Ranges, "::/0")
+				req.RangesWithMetric = append(req.RangesWithMetric, models.EgressRangeMetric{
+					Network:     "::/0",
+					Nat:         true,
+					RouteMetric: 256,
+				})
+			} else {
+				m64, err := metric.(json.Number).Int64()
+				if err != nil {
+					m64 = 256
+				}
+				m := uint32(m64)
+				req.Ranges = append(req.Ranges, e.Range)
+				req.RangesWithMetric = append(req.RangesWithMetric, models.EgressRangeMetric{
+					Network:     e.Range,
+					Nat:         e.Nat,
+					RouteMetric: m,
+				})
+			}
+			if targetNode.Mutex != nil {
+				targetNode.Mutex.Lock()
+			}
+			if len(req.Ranges) > 0 {
+				targetNode.EgressDetails.IsEgressGateway = true
+				targetNode.EgressDetails.EgressGatewayRanges = append(targetNode.EgressDetails.EgressGatewayRanges, req.Ranges...)
+				targetNode.EgressDetails.EgressGatewayRequest.Ranges = append(targetNode.EgressDetails.EgressGatewayRequest.Ranges, req.Ranges...)
+				targetNode.EgressDetails.EgressGatewayRequest.RangesWithMetric = append(targetNode.EgressDetails.EgressGatewayRequest.RangesWithMetric,
+					req.RangesWithMetric...)
+				targetNode.EgressDetails.EgressGatewayRequest = req
+				egressNodes[targetNode.ID.String()] = targetNode
+			}
+			if targetNode.Mutex != nil {
+				targetNode.Mutex.Unlock()
+			}
+
+		}
+
+	}
+	return
+}
+
 func GetNodeEgressInfo(targetNode *models.Node, eli []schema.Egress) {
 
 	req := models.EgressGatewayRequest{

logic/peers.go

@@ -241,7 +241,10 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 				PersistentKeepaliveInterval: &peerHost.PersistentKeepalive,
 				ReplaceAllowedIPs:           true,
 			}
-			AddEgressInfoToPeerByAccess(&node, &peer, eli)
+			GetNodeEgressInfo(&peer, eli)
+			if peer.EgressDetails.IsEgressGateway {
+				AddEgressInfoToPeerByAccess(&node, &peer, eli, defaultDevicePolicy.Enabled)
+			}
 			_, isFailOverPeer := node.FailOverPeers[peer.ID.String()]
 			if peer.EgressDetails.IsEgressGateway {
 				peerKey := peerHost.PublicKey.String()