ホーム エクスプローラ ヘルプ
サインイン
golang
/
netmaker
同期ミラー https://github.com/gravitl/netmaker
2
0
フォーク 0
ファイル 課題 0 Wiki
ソースを参照

Net 1990 (#3385)

* add peerkey to network egress routes model

* add peerkey to network egress routes model

* filter out conflicting routes from node

* add support for egress HA on relay

* add support for egress HA on relay

* add support for egress HA on relay

* skip if curr node is relay node of the peer

* skip if curr node is relay node of the peer

* fix failover egress HA

* add network to egress route model

* clone before modifying

* check for user policies on uni direction check

* add all network fwd rule
Abhishek K 5 ヶ月 前
8c19fc602d
コミット
5e1ef5e366
3 ファイル変更35 行追加6 行削除
分割表示 差分情報を表示
  1. 21 1
      controllers/ext_client.go
  2. 8 5
      logic/acls.go
  3. 6 0
      logic/peers.go

+ 21 - 1
controllers/ext_client.go
ファイルの表示 

@@ -288,6 +288,16 @@ func getExtClientConf(w http.ResponseWriter, r *http.Request) {
 
 	} else if gwnode.IngressDNS != "" {
 
 		defaultDNS = "DNS = " + gwnode.IngressDNS
 
 	}
 
+	if client.DNS == "" {
 
+		if len(network.NameServers) > 0 {
 
+			if defaultDNS == "" {
 
+				defaultDNS = "DNS = " + strings.Join(network.NameServers, ",")
 
+			} else {
 
+				defaultDNS += "," + strings.Join(network.NameServers, ",")
 
+			}
 
+
 
+		}
 
+	}
 
 	// if servercfg.GetManageDNS() {
 
 	// 	if gwnode.Address6.IP != nil {
 
 	// 		if defaultDNS == "" {
 
@@ -731,7 +741,17 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 
 	// 	models.RemoteAccessTagName))] = struct{}{}
 
 	// set extclient dns to ingressdns if extclient dns is not explicitly set
 
 	if (extclient.DNS == "") && (node.IngressDNS != "") {
 
-		extclient.DNS = node.IngressDNS
 
+		network, _ := logic.GetNetwork(node.Network)
 
+		dns := node.IngressDNS
 
+		if len(network.NameServers) > 0 {
 
+			if dns == "" {
 
+				dns = strings.Join(network.NameServers, ",")
 
+			} else {
 
+				dns += "," + strings.Join(network.NameServers, ",")
 
+			}
 
+
 
+		}
 
+		extclient.DNS = dns
 
 	}
 
 	host, err := logic.GetHost(node.HostID.String())
 
 	if err != nil {

+ 8 - 5
logic/acls.go
ファイルの表示 

@@ -1504,12 +1504,15 @@ func checkIfAnyPolicyisUniDirectional(targetNode models.Node) bool {
 
 		srcTags := convAclTagToValueMap(acl.Src)
 
 		dstTags := convAclTagToValueMap(acl.Dst)
 
 		for nodeTag := range targetNodeTags {
 
-			if _, ok := srcTags[nodeTag.String()]; ok {
 
-				return true
 
-			}
 
-			if _, ok := srcTags[targetNode.ID.String()]; ok {
 
-				return true
 
+			if acl.RuleType == models.DevicePolicy {
 
+				if _, ok := srcTags[nodeTag.String()]; ok {
 
+					return true
 
+				}
 
+				if _, ok := srcTags[targetNode.ID.String()]; ok {
 
+					return true
 
+				}
 
 			}
 
+
 
 			if _, ok := dstTags[nodeTag.String()]; ok {
 
 				return true
 
 			}

+ 6 - 0
logic/peers.go
ファイルの表示 

@@ -175,6 +175,12 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 
 				}
 
 			}
 
 			hostPeerUpdate.FwUpdate.AclRules["allowed-network-rules"] = aclRule
 
+			hostPeerUpdate.FwUpdate.EgressInfo["allowed-network-rules"] = models.EgressInfo{
 
+				EgressID: "allowed-network-rules",
 
+				EgressFwRules: map[string]models.AclRule{
 
+					"allowed-network-rules": aclRule,
 
+				},
 
+			}
 
 		}
 
 	}()