Sākums Izpētīt Palīdzība
Pierakstīties
golang
/
netmaker
spogulis no https://github.com/gravitl/netmaker
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

add all egress ranges for all resources

abhishek9686 2 dienas atpakaļ
vecāks
06b9c244cf
revīzija
83a62fb4e4
2 mainītis faili ar 111 papildinājumiem un 22 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 61 11
      logic/acls.go
  2. 50 11
      pro/logic/acls.go

+ 61 - 11
logic/acls.go
Parādīt failu 

@@ -417,6 +417,33 @@ func GetAclRulesForNode(targetnodeI *models.Node) (rules map[string]models.AclRu
 
 			Dst:             []net.IPNet{targetnode.AddressIPNet4()},
 
 			Dst6:            []net.IPNet{targetnode.AddressIPNet6()},
 
 		}
 
+		e := schema.Egress{Network: targetnode.Network}
 
+		egressRanges4 := []net.IPNet{}
 
+		egressRanges6 := []net.IPNet{}
 
+		eli, _ := e.ListByNetwork(db.WithContext(context.Background()))
 
+		for _, eI := range eli {
 
+			if !eI.Status || len(eI.Nodes) == 0 {
 
+				continue
 
+			}
 
+			if _, ok := eI.Nodes[targetnode.ID.String()]; ok {
 
+				if eI.Range != "" {
 
+					_, cidr, err := net.ParseCIDR(eI.Range)
 
+					if err == nil {
 
+						if cidr.IP.To4() != nil {
 
+							egressRanges4 = append(egressRanges4, *cidr)
 
+						} else {
 
+							egressRanges6 = append(egressRanges6, *cidr)
 
+						}
 
+					}
 
+				}
 
+			}
 
+		}
 
+		if len(egressRanges4) > 0 {
 
+			aclRule.Dst = append(aclRule.Dst, egressRanges4...)
 
+		}
 
+		if len(egressRanges6) > 0 {
 
+			aclRule.Dst6 = append(aclRule.Dst6, egressRanges6...)
 
+		}
 
 		rules[aclRule.ID] = aclRule
 
 		return
 
 	}
 
@@ -449,25 +476,48 @@ func GetAclRulesForNode(targetnodeI *models.Node) (rules map[string]models.AclRu
 
 		egressRanges4 := []net.IPNet{}
 
 		egressRanges6 := []net.IPNet{}
 
 		for _, dst := range acl.Dst {
 
+			if dst.Value == "*" {
 
+				e := schema.Egress{Network: targetnode.Network}
 
+				eli, _ := e.ListByNetwork(db.WithContext(context.Background()))
 
+				for _, eI := range eli {
 
+					if !eI.Status || len(eI.Nodes) == 0 {
 
+						continue
 
+					}
 
+					if _, ok := eI.Nodes[targetnode.ID.String()]; ok {
 
+						if eI.Range != "" {
 
+							_, cidr, err := net.ParseCIDR(eI.Range)
 
+							if err == nil {
 
+								if cidr.IP.To4() != nil {
 
+									egressRanges4 = append(egressRanges4, *cidr)
 
+								} else {
 
+									egressRanges6 = append(egressRanges6, *cidr)
 
+								}
 
+							}
 
+						}
 
+					}
 
+				}
 
+				break
 
+			}
 
 			if dst.ID == models.EgressID {
 
 				e := schema.Egress{ID: dst.Value}
 
 				err := e.Get(db.WithContext(context.TODO()))
 
-				if err == nil && e.Status {
 
-					if e.Range != "" {
 
-						_, cidr, err := net.ParseCIDR(e.Range)
 
-						if err == nil {
 
-							if cidr.IP.To4() != nil {
 
-								egressRanges4 = append(egressRanges4, *cidr)
 
-							} else {
 
-								egressRanges6 = append(egressRanges6, *cidr)
 
+				if err == nil && e.Status && len(e.Nodes) > 0 {
 
+					if _, ok := e.Nodes[targetnode.ID.String()]; ok {
 
+						if e.Range != "" {
 
+							_, cidr, err := net.ParseCIDR(e.Range)
 
+							if err == nil {
 
+								if cidr.IP.To4() != nil {
 
+									egressRanges4 = append(egressRanges4, *cidr)
 
+								} else {
 
+									egressRanges6 = append(egressRanges6, *cidr)
 
+								}
 
 							}
 
 						}
 
 					}
 
-					for nodeID := range e.Nodes {
 
-						dstTags[nodeID] = struct{}{}
 
-					}
 
+
 
 				}
 
 			}
 
+
 
 		}
 
 		_, srcAll := srcTags["*"]
 
 		_, dstAll := dstTags["*"]

+ 50 - 11
pro/logic/acls.go
Parādīt failu 

@@ -972,9 +972,9 @@ func GetUserAclRulesForNode(targetnode *models.Node,
 
 					if dst.ID == models.EgressID {
 
 						e := schema.Egress{ID: dst.Value}
 
 						err := e.Get(db.WithContext(context.TODO()))
 
-						if err == nil && e.Status {
 
-							for nodeID := range e.Nodes {
 
-								dstTags[nodeID] = struct{}{}
 
+						if err == nil && e.Status && len(e.Nodes) > 0 {
 
+							if _, ok := e.Nodes[targetnode.ID.String()]; ok {
 
+								dstTags[targetnode.ID.String()] = struct{}{}
 
 							}
 
 						}
 
 					}
 
@@ -1045,23 +1045,50 @@ func GetUserAclRulesForNode(targetnode *models.Node,
 
 				}
 
 				egressRanges4 := []net.IPNet{}
 
 				egressRanges6 := []net.IPNet{}
 
+
 
 				for _, dst := range acl.Dst {
 
+					if dst.Value == "*" {
 
+						e := schema.Egress{Network: targetnode.Network}
 
+						eli, _ := e.ListByNetwork(db.WithContext(context.Background()))
 
+						for _, eI := range eli {
 
+							if !eI.Status || len(eI.Nodes) == 0 {
 
+								continue
 
+							}
 
+							if _, ok := eI.Nodes[targetnode.ID.String()]; ok {
 
+								if eI.Range != "" {
 
+									_, cidr, err := net.ParseCIDR(eI.Range)
 
+									if err == nil {
 
+										if cidr.IP.To4() != nil {
 
+											egressRanges4 = append(egressRanges4, *cidr)
 
+										} else {
 
+											egressRanges6 = append(egressRanges6, *cidr)
 
+										}
 
+									}
 
+								}
 
+							}
 
+						}
 
+						break
 
+					}
 
 					if dst.ID == models.EgressID {
 
 						e := schema.Egress{ID: dst.Value}
 
 						err := e.Get(db.WithContext(context.TODO()))
 
-						if err == nil && e.Status {
 
-							if e.Range != "" {
 
-								_, cidr, err := net.ParseCIDR(e.Range)
 
-								if err == nil {
 
-									if cidr.IP.To4() != nil {
 
-										egressRanges4 = append(egressRanges4, *cidr)
 
-									} else {
 
-										egressRanges6 = append(egressRanges6, *cidr)
 
+						if err == nil && e.Status && len(e.Nodes) > 0 {
 
+							if _, ok := e.Nodes[targetnode.ID.String()]; ok {
 
+								if e.Range != "" {
 
+									_, cidr, err := net.ParseCIDR(e.Range)
 
+									if err == nil {
 
+										if cidr.IP.To4() != nil {
 
+											egressRanges4 = append(egressRanges4, *cidr)
 
+										} else {
 
+											egressRanges6 = append(egressRanges6, *cidr)
 
+										}
 
 									}
 
 								}
 
 							}
 
+
 
 						}
 
 					}
 
+
 
 				}
 
 				r := models.AclRule{
 
 					ID:              acl.ID,
 
@@ -1086,14 +1113,26 @@ func GetUserAclRulesForNode(targetnode *models.Node,
 
 					r.IP6List = append(r.IP6List, userNode.StaticNode.AddressIPNet6())
 
 				}
 
 				if aclRule, ok := rules[acl.ID]; ok {
 
+
 
 					aclRule.IPList = append(aclRule.IPList, r.IPList...)
 
 					aclRule.IP6List = append(aclRule.IP6List, r.IP6List...)
 
+
 
+					aclRule.Dst = append(aclRule.Dst, r.Dst...)
 
+					aclRule.Dst6 = append(aclRule.Dst6, r.Dst6...)
 
+
 
 					aclRule.IPList = logic.UniqueIPNetList(aclRule.IPList)
 
 					aclRule.IP6List = logic.UniqueIPNetList(aclRule.IP6List)
 
+
 
+					aclRule.Dst = logic.UniqueIPNetList(aclRule.Dst)
 
+					aclRule.Dst6 = logic.UniqueIPNetList(aclRule.Dst6)
 
+
 
 					rules[acl.ID] = aclRule
 
 				} else {
 
 					r.IPList = logic.UniqueIPNetList(r.IPList)
 
 					r.IP6List = logic.UniqueIPNetList(r.IP6List)
 
+
 
+					r.Dst = logic.UniqueIPNetList(r.Dst)
 
+					r.Dst6 = logic.UniqueIPNetList(r.Dst6)
 
 					rules[acl.ID] = r
 
 				}
 
 			}