Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add egress ranges to acl rules

abhishek9686 6 months ago
parent
1668574829
commit
6ff0c92f07
2 changed files with 20 additions and 18 deletions
Unified View Show Diff Stats
  1. 18 17
      logic/acls.go
  2. 2 1
      logic/peers.go

+ 18 - 17
logic/acls.go
View File 

@@ -5,7 +5,6 @@ import (
 
 	"errors"
 
 	"errors"
 
 	"fmt"
 
 	"fmt"
 
 	"maps"
 
 	"maps"
 
-	"net"
 
 	"sort"
 
 	"sort"
 
 	"sync"
 
 	"sync"
 
 	"time"
 
 	"time"
 
@@ -1340,7 +1339,6 @@ func getUserAclRulesForNode(targetnode *models.Node,
 
 			if !acl.Enabled {
 
 			if !acl.Enabled {
 
 				continue
 
 				continue
 
 			}
 
 			}
 
-
 
 			r := models.AclRule{
 
 			r := models.AclRule{
 
 				ID:              acl.ID,
 
 				ID:              acl.ID,
 
 				AllowedProtocol: acl.Proto,
 
 				AllowedProtocol: acl.Proto,
 
@@ -1424,7 +1422,16 @@ func GetAclRulesForNode(targetnodeI *models.Node) (rules map[string]models.AclRu
 
 		targetNodeTags = maps.Clone(targetnode.Tags)
 
 		targetNodeTags = maps.Clone(targetnode.Tags)
 
 	}
 
 	}
 
 	targetNodeTags["*"] = struct{}{}
 
 	targetNodeTags["*"] = struct{}{}
 
-
 
+	/*
 
+		 if target node is egress gateway
 
+			if acl policy has egress route and it is present in target node egress ranges
 
+			fetches all the nodes in that policy and add rules
 
+	*/
 
+	if targetnode.IsEgressGateway {
 
+		for _, rangeI := range targetnode.EgressGatewayRanges {
 
+			targetNodeTags[models.TagID(rangeI)] = struct{}{}
 
+		}
 
+	}
 
 	for _, acl := range acls {
 
 	for _, acl := range acls {
 
 		if !acl.Enabled {
 
 		if !acl.Enabled {
 
 			continue
 
 			continue
 
@@ -1607,24 +1614,18 @@ func GetAclRulesForNode(targetnodeI *models.Node) (rules map[string]models.AclRu
 
 			}
 
 			}
 
 
 
 		}
 
 		}
 
-		if targetnode.IsEgressGateway && len(targetnode.EgressGatewayRanges) > 0 {
 
-			for _, egressRangeI := range targetnode.EgressGatewayRanges {
 
-				_, egressCidr, err := net.ParseCIDR(egressRangeI)
 
-				if err != nil {
 
-					continue
 
-				}
 
-				_, all := dstTags["*"]
 
-				if _, ok := dstTags[egressRangeI]; ok || all {
 
-					// get all src tags
 
-					aclRule.EgressRanges = append(aclRule.EgressRanges, *egressCidr)
 
 
 
-				}
 
-			}
 
-
 
-		}
 
 		if len(aclRule.IPList) > 0 || len(aclRule.IP6List) > 0 {
 
 		if len(aclRule.IPList) > 0 || len(aclRule.IP6List) > 0 {
 
 			rules[acl.ID] = aclRule
 
 			rules[acl.ID] = aclRule
 
 		}
 
 		}
 
 	}
 
 	}
 
 	return rules
 
 	return rules
 
 }
 
 }
 
+
 
+func GetFwRulesForEgressGw(node models.Node) (rules map[string]models.FwRule) {
 
+	if !node.IsEgressGateway {
 
+		return
 
+	}
 
+	rules = make(map[string]models.FwRule)
 
+	return
 
+}

+ 2 - 1
logic/peers.go
View File 

@@ -472,7 +472,8 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 
 					IP:   node.Address6.IP,
 
 					IP:   node.Address6.IP,
 
 					Mask: getCIDRMaskFromAddr(node.Address6.IP.String()),
 
 					Mask: getCIDRMaskFromAddr(node.Address6.IP.String()),
 
 				},
 
 				},
 
-				EgressGWCfg: node.EgressGatewayRequest,
 
+				EgressGWCfg:   node.EgressGatewayRequest,
 
+				EgressFwRules: make(map[string]models.FwRule),
 
 			}
 
 			}
 
 
 
 		}
 
 		}