fix multi-inet issue

controllers/acls.go

@@ -181,11 +181,12 @@ func aclDebug(w http.ResponseWriter, r *http.Request) {
 
 	allowed, ps := logic.IsNodeAllowedToCommunicate(node, peer, true)
 	isallowed := logic.IsPeerAllowed(node, peer, true)
+	acls, _ := logic.ListAclsByNetwork(models.NetworkID(node.Network))
 	re := resp{
 		IsNodeAllowed: allowed,
 		IsPeerAllowed: isallowed,
 		Policies:      ps,
-		EgressNets:    logic.GetNetworkEgressInfo(models.NetworkID(node.Network)),
+		EgressNets:    logic.GetNetworkEgressInfo(models.NetworkID(node.Network), acls),
 	}
 	if peerIsStatic == "true" {
 		ingress, err := logic.GetNodeByID(peer.StaticNode.IngressGatewayID)

controllers/ext_client.go

@@ -178,7 +178,8 @@ func getExtClientConf(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	eli, _ := (&schema.Egress{Network: gwnode.Network}).ListByNetwork(db.WithContext(context.TODO()))
-	logic.GetNodeEgressInfo(&gwnode, eli)
+	acls, _ := logic.ListAclsByNetwork(models.NetworkID(client.Network))
+	logic.GetNodeEgressInfo(&gwnode, eli, acls)
 	host, err := logic.GetHost(gwnode.HostID.String())
 	if err != nil {
 		logger.Log(

logic/acls.go

@@ -846,7 +846,7 @@ var GetInetClientsFromAclPolicies = func(eID string) (inetClientIDs []string) {
 	return
 
 }
-var IsNodeUsingInternetGw = func(node *models.Node) {
+var IsNodeUsingInternetGw = func(node *models.Node, acls []models.Acl) {
 	host, err := GetHost(node.HostID.String())
 	if err != nil {
 		return
@@ -854,7 +854,6 @@ var IsNodeUsingInternetGw = func(node *models.Node) {
 	if host.IsDefault || node.IsFailOver {
 		return
 	}
-	acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
 	var isUsing bool
 	for _, acl := range acls {
 		if !acl.Enabled {

logic/egress.go

@@ -36,6 +36,7 @@ func ValidateEgressReq(e *schema.Egress) error {
 		if len(e.Nodes) > 1 {
 			return errors.New("can only set one internet routing node")
 		}
+		acls, _ := ListAclsByNetwork(models.NetworkID(e.Network))
 		req := models.InetNodeReq{}
 		eli, _ := (&schema.Egress{Network: e.Network}).ListByNetwork(db.WithContext(context.TODO()))
 		for k := range e.Nodes {
@@ -45,7 +46,7 @@ func ValidateEgressReq(e *schema.Egress) error {
 			}
 			// check if node is acting as egress gw already
 
-			GetNodeEgressInfo(&inetNode, eli)
+			GetNodeEgressInfo(&inetNode, eli, acls)
 			if err := ValidateInetGwReq(inetNode, req, false); err != nil {
 				return err
 			}
@@ -130,7 +131,7 @@ func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egr
 		if targetNode.Mutex != nil {
 			targetNode.Mutex.Lock()
 		}
-		IsNodeUsingInternetGw(targetNode)
+		IsNodeUsingInternetGw(targetNode, acls)
 		if targetNode.Mutex != nil {
 			targetNode.Mutex.Unlock()
 		}
@@ -140,7 +141,7 @@ func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egr
 		if !e.Status || e.Network != targetNode.Network {
 			continue
 		}
-		if !isDefaultPolicyActive && !e.IsInetGw {
+		if !isDefaultPolicyActive || e.IsInetGw {
 			if !DoesNodeHaveAccessToEgress(node, &e, acls) {
 				if node.IsRelayed && node.RelayedBy == targetNode.ID.String() {
 					if !DoesNodeHaveAccessToEgress(targetNode, &e, acls) {
@@ -205,7 +206,7 @@ func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egr
 }
 
 // TODO
-func GetNetworkEgressInfo(network models.NetworkID) (egressNodes map[string]models.Node) {
+func GetNetworkEgressInfo(network models.NetworkID, acls []models.Acl) (egressNodes map[string]models.Node) {
 	eli, _ := (&schema.Egress{Network: network.String()}).ListByNetwork(db.WithContext(context.TODO()))
 	egressNodes = make(map[string]models.Node)
 	var err error
@@ -227,7 +228,7 @@ func GetNetworkEgressInfo(network models.NetworkID) (egressNodes map[string]mode
 				NodeID: targetNode.ID.String(),
 				NetID:  targetNode.Network,
 			}
-			IsNodeUsingInternetGw(&targetNode)
+			IsNodeUsingInternetGw(&targetNode, acls)
 			if e.IsInetGw {
 				targetNode.EgressDetails.IsInternetGateway = true
 				targetNode.EgressDetails.InetNodeReq = models.InetNodeReq{
@@ -280,7 +281,7 @@ func GetNetworkEgressInfo(network models.NetworkID) (egressNodes map[string]mode
 	return
 }
 
-func GetNodeEgressInfo(targetNode *models.Node, eli []schema.Egress) {
+func GetNodeEgressInfo(targetNode *models.Node, eli []schema.Egress, acls []models.Acl) {
 
 	req := models.EgressGatewayRequest{
 		NodeID: targetNode.ID.String(),
@@ -290,7 +291,7 @@ func GetNodeEgressInfo(targetNode *models.Node, eli []schema.Egress) {
 		if targetNode.Mutex != nil {
 			targetNode.Mutex.Lock()
 		}
-		IsNodeUsingInternetGw(targetNode)
+		IsNodeUsingInternetGw(targetNode, acls)
 		if targetNode.Mutex != nil {
 			targetNode.Mutex.Unlock()
 		}

logic/extpeers.go

@@ -75,12 +75,13 @@ func GetEgressRangesOnNetwork(client *models.ExtClient) ([]string, error) {
 		return []string{}, err
 	}
 	eli, _ := (&schema.Egress{Network: client.Network}).ListByNetwork(db.WithContext(context.TODO()))
+	acls, _ := ListAclsByNetwork(models.NetworkID(client.Network))
 	// clientNode := client.ConvertToStaticNode()
 	for _, currentNode := range networkNodes {
 		if currentNode.Network != client.Network {
 			continue
 		}
-		GetNodeEgressInfo(&currentNode, eli)
+		GetNodeEgressInfo(&currentNode, eli, acls)
 		if currentNode.EgressDetails.IsEgressGateway { // add the egress gateway range(s) to the result
 			if len(currentNode.EgressDetails.EgressGatewayRanges) > 0 {
 				if currentNode.EgressDetails.IsInternetGateway && client.IngressGatewayID != currentNode.ID.String() {

logic/peers.go

@@ -178,15 +178,15 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		if !node.Connected || node.PendingDelete || node.Action == models.NODE_DELETE || time.Since(node.LastCheckIn) > time.Hour {
 			continue
 		}
+		acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
 		eli, _ := (&schema.Egress{Network: node.Network}).ListByNetwork(db.WithContext(context.TODO()))
-		GetNodeEgressInfo(&node, eli)
+		GetNodeEgressInfo(&node, eli, acls)
 		hostPeerUpdate = SetDefaultGw(node, hostPeerUpdate)
 		if !hostPeerUpdate.IsInternetGw {
 			hostPeerUpdate.IsInternetGw = IsInternetGw(node)
 		}
 		defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
 		defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
-		acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
 		if (defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled) ||
 			(!CheckIfAnyPolicyisUniDirectional(node, acls) && !CheckIfAnyActiveEgressPolicy(node, acls)) ||
 			CheckIfNodeHasAccessToAllResources(&node, acls) {
@@ -239,7 +239,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 				PersistentKeepaliveInterval: &peerHost.PersistentKeepalive,
 				ReplaceAllowedIPs:           true,
 			}
-			GetNodeEgressInfo(&peer, eli)
+			GetNodeEgressInfo(&peer, eli, acls)
 			if peer.EgressDetails.IsEgressGateway {
 				AddEgressInfoToPeerByAccess(&node, &peer, eli, acls, defaultDevicePolicy.Enabled)
 			}

logic/relay.go

@@ -113,12 +113,13 @@ func ValidateRelay(relay models.RelayRequest, update bool) error {
 		return errors.New("node is already acting as a relay")
 	}
 	eli, _ := (&schema.Egress{Network: node.Network}).ListByNetwork(db.WithContext(context.TODO()))
+	acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
 	for _, relayedNodeID := range relay.RelayedNodes {
 		relayedNode, err := GetNodeByID(relayedNodeID)
 		if err != nil {
 			return err
 		}
-		GetNodeEgressInfo(&relayedNode, eli)
+		GetNodeEgressInfo(&relayedNode, eli, acls)
 		if relayedNode.IsIngressGateway {
 			return errors.New("cannot relay an ingress gateway (" + relayedNodeID + ")")
 		}
@@ -191,6 +192,7 @@ func DeleteRelay(network, nodeid string) ([]models.Node, models.Node, error) {
 func RelayedAllowedIPs(peer, node *models.Node) []net.IPNet {
 	var allowedIPs = []net.IPNet{}
 	eli, _ := (&schema.Egress{Network: node.Network}).ListByNetwork(db.WithContext(context.TODO()))
+	acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
 	for _, relayedNodeID := range peer.RelayedNodes {
 		if node.ID.String() == relayedNodeID {
 			continue
@@ -199,7 +201,7 @@ func RelayedAllowedIPs(peer, node *models.Node) []net.IPNet {
 		if err != nil {
 			continue
 		}
-		GetNodeEgressInfo(&relayedNode, eli)
+		GetNodeEgressInfo(&relayedNode, eli, acls)
 		allowed := getRelayedAddresses(relayedNodeID)
 		if relayedNode.EgressDetails.IsEgressGateway {
 			allowed = append(allowed, GetEgressIPs(&relayedNode)...)

pro/controllers/failover.go

@@ -209,9 +209,10 @@ func failOverME(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	eli, _ := (&schema.Egress{Network: node.Network}).ListByNetwork(db.WithContext(context.TODO()))
-	logic.GetNodeEgressInfo(&node, eli)
-	logic.GetNodeEgressInfo(&peerNode, eli)
-	logic.GetNodeEgressInfo(&failOverNode, eli)
+	acls, _ := logic.ListAclsByNetwork(models.NetworkID(node.Network))
+	logic.GetNodeEgressInfo(&node, eli, acls)
+	logic.GetNodeEgressInfo(&peerNode, eli, acls)
+	logic.GetNodeEgressInfo(&failOverNode, eli, acls)
 	if peerNode.IsFailOver {
 		logic.ReturnErrorResponse(
 			w,
@@ -369,9 +370,10 @@ func checkfailOverCtx(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	eli, _ := (&schema.Egress{Network: node.Network}).ListByNetwork(db.WithContext(context.TODO()))
-	logic.GetNodeEgressInfo(&node, eli)
-	logic.GetNodeEgressInfo(&peerNode, eli)
-	logic.GetNodeEgressInfo(&failOverNode, eli)
+	acls, _ := logic.ListAclsByNetwork(models.NetworkID(node.Network))
+	logic.GetNodeEgressInfo(&node, eli, acls)
+	logic.GetNodeEgressInfo(&peerNode, eli, acls)
+	logic.GetNodeEgressInfo(&failOverNode, eli, acls)
 	if peerNode.IsFailOver {
 		logic.ReturnErrorResponse(
 			w,

pro/logic/acls.go

@@ -1769,7 +1769,7 @@ func GetInetClientsFromAclPolicies(eID string) (inetClientIDs []string) {
 	return
 }
 
-func IsNodeUsingInternetGw(node *models.Node) {
+func IsNodeUsingInternetGw(node *models.Node, acls []models.Acl) {
 	host, err := logic.GetHost(node.HostID.String())
 	if err != nil {
 		return
@@ -1782,7 +1782,6 @@ func IsNodeUsingInternetGw(node *models.Node) {
 		nodeTags = make(map[models.TagID]struct{})
 	}
 	nodeTags[models.TagID(node.ID.String())] = struct{}{}
-	acls, _ := logic.ListAclsByNetwork(models.NetworkID(node.Network))
 	var isUsing bool
 	for _, acl := range acls {
 		if !acl.Enabled {

pro/logic/failover.go

@@ -166,10 +166,11 @@ func ResetFailOver(failOverNode *models.Node) error {
 func GetFailOverPeerIps(peer, node *models.Node) []net.IPNet {
 	allowedips := []net.IPNet{}
 	eli, _ := (&schema.Egress{Network: node.Network}).ListByNetwork(db.WithContext(context.TODO()))
+	acls, _ := logic.ListAclsByNetwork(models.NetworkID(node.Network))
 	for failOverpeerID := range node.FailOverPeers {
 		failOverpeer, err := logic.GetNodeByID(failOverpeerID)
 		if err == nil && failOverpeer.FailedOverBy == peer.ID {
-			logic.GetNodeEgressInfo(&failOverpeer, eli)
+			logic.GetNodeEgressInfo(&failOverpeer, eli, acls)
 			if failOverpeer.Address.IP != nil {
 				allowed := net.IPNet{
 					IP:   failOverpeer.Address.IP,