Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

add egress range check with netmaker network address

Max Ma 1 year ago
parent
595e05756f
commit
268107a166
2 changed files with 42 additions and 0 deletions
Unified View Show Diff Stats
  1. 6 0
      controllers/node.go
  2. 36 0
      logic/nodes.go

+ 6 - 0
controllers/node.go
View File 

@@ -415,6 +415,12 @@ func createEgressGateway(w http.ResponseWriter, r *http.Request) {
 
 	}
 
 	}
 
 	gateway.NetID = params["network"]
 
 	gateway.NetID = params["network"]
 
 	gateway.NodeID = params["nodeid"]
 
 	gateway.NodeID = params["nodeid"]
 
+	err = logic.ValidateEgressRange(gateway)
 
+	if err != nil {
 
+		logger.Log(0, r.Header.Get("user"), "error validating egress range: ", err.Error())
 
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 
+		return
 
+	}
 
 	node, err = logic.CreateEgressGateway(gateway)
 
 	node, err = logic.CreateEgressGateway(gateway)
 
 	if err != nil {
 
 	if err != nil {
 
 		logger.Log(0, r.Header.Get("user"),
 
 		logger.Log(0, r.Header.Get("user"),

+ 36 - 0
logic/nodes.go
View File 

@@ -626,6 +626,42 @@ func ValidateParams(nodeid, netid string) (models.Node, error) {
 
 	return node, nil
 
 	return node, nil
 
 }
 
 }
 
 
 
+func ValidateEgressRange(gateway models.EgressGatewayRequest) error {
 
+	network, err := GetNetworkSettings(gateway.NetID)
 
+	if err != nil {
 
+		slog.Error("error getting network with netid", "error", gateway.NetID, err.Error)
 
+		return errors.New("error getting network with netid:  " + gateway.NetID + " " + err.Error())
 
+	}
 
+	_, ipv4Net, _ := net.ParseCIDR(network.AddressRange)
 
+	_, ipv6Net, _ := net.ParseCIDR(network.AddressRange6)
 
+
 
+	for _, v := range gateway.Ranges {
 
+
 
+		_, cidr, _ := net.ParseCIDR(v)
 
+		if ipv4Net != nil {
 
+
 
+			if ContainsCIDR(ipv4Net, cidr) || ContainsCIDR(cidr, ipv4Net) {
 
+				slog.Error("egress range should not be the same as or contained in the netmaker network address", "error", cidr.String(), ipv4Net.String())
 
+				return errors.New("egress range should not be the same as or contained in the netmaker network address" + cidr.String() + " " + ipv4Net.String())
 
+			}
 
+		}
 
+		if ipv6Net != nil {
 
+			if ContainsCIDR(ipv6Net, cidr) || ContainsCIDR(cidr, ipv6Net) {
 
+				slog.Error("egress range should not be the same as or contained in the netmaker network address", "error", cidr.String(), ipv6Net.String())
 
+				return errors.New("egress range should not be the same as or contained in the netmaker network address" + cidr.String() + " " + ipv6Net.String())
 
+			}
 
+		}
 
+	}
 
+
 
+	return nil
 
+}
 
+
 
+func ContainsCIDR(net1, net2 *net.IPNet) bool {
 
+	net1Size, _ := net1.Mask.Size()
 
+	net2Size, _ := net2.Mask.Size()
 
+	return net1Size <= net2Size && net1.Contains(net2.IP)
 
+}
 
+
 
 // GetAllFailOvers - gets all the nodes that are failovers
 
 // GetAllFailOvers - gets all the nodes that are failovers
 
 func GetAllFailOvers() ([]models.Node, error) {
 
 func GetAllFailOvers() ([]models.Node, error) {
 
 	nodes, err := GetAllNodes()
 
 	nodes, err := GetAllNodes()