Merge pull request #1979 from gravitl/rm_proxy

remove proxy from server

nm-proxy/common/common.go

@@ -1,44 +0,0 @@
-package common
-
-import (
-	"log"
-	"os/exec"
-	"strings"
-
-	"github.com/gravitl/netmaker/nm-proxy/models"
-)
-
-var IsRelay bool
-var IsIngressGateway bool
-var IsRelayed bool
-var IsServer bool
-var InterfaceName string
-var BehindNAT bool
-
-var WgIfaceMap = models.WgIfaceConf{
-	Iface:   nil,
-	PeerMap: make(map[string]*models.Conn),
-}
-
-var PeerKeyHashMap = make(map[string]models.RemotePeer)
-
-//var WgIfaceKeyMap = make(map[string]models.RemotePeer)
-
-var RelayPeerMap = make(map[string]map[string]models.RemotePeer)
-
-var ExtClientsWaitTh = make(map[string]models.ExtClientPeer)
-
-var ExtSourceIpMap = make(map[string]models.RemotePeer)
-
-// RunCmd - runs a local command
-func RunCmd(command string, printerr bool) (string, error) {
-	args := strings.Fields(command)
-	cmd := exec.Command(args[0], args[1:]...)
-	cmd.Wait()
-	out, err := cmd.CombinedOutput()
-	if err != nil && printerr {
-		log.Println("error running command: ", command)
-		log.Println(strings.TrimSuffix(string(out), "\n"))
-	}
-	return string(out), err
-}

nm-proxy/common/functions.go

@@ -1,22 +0,0 @@
-package common
-
-import (
-	"github.com/gravitl/netmaker/nm-proxy/models"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-func GetPeer(peerKey wgtypes.Key) (*models.Conn, bool) {
-	var peerInfo *models.Conn
-	var found bool
-	peerInfo, found = WgIfaceMap.PeerMap[peerKey.String()]
-	peerInfo.Mutex.RLock()
-	defer peerInfo.Mutex.RUnlock()
-	return peerInfo, found
-
-}
-
-func UpdatePeer(peer *models.Conn) {
-	peer.Mutex.Lock()
-	defer peer.Mutex.Unlock()
-	WgIfaceMap.PeerMap[peer.Key.String()] = peer
-}

nm-proxy/manager/manager.go

@@ -1,417 +0,0 @@
-package manager
-
-import (
-	"context"
-	"crypto/md5"
-	"errors"
-	"fmt"
-	"log"
-	"net"
-	"reflect"
-	"runtime"
-
-	"github.com/gravitl/netmaker/nm-proxy/common"
-	"github.com/gravitl/netmaker/nm-proxy/models"
-	peerpkg "github.com/gravitl/netmaker/nm-proxy/peer"
-	"github.com/gravitl/netmaker/nm-proxy/wg"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-/*
-TODO:-
-	1. ON Ingress node
-		--> for attached ext clients
-			-> start sniffer (will recieve pkts from ext clients (add ebf filter to listen on only ext traffic) if not intended to the interface forward it.)
-			-> start remote conn after endpoint is updated
-		-->
-*/
-
-type ProxyAction string
-
-type ManagerPayload struct {
-	InterfaceName   string                 `json:"interface_name"`
-	WgAddr          string                 `json:"wg_addr"`
-	Peers           []wgtypes.PeerConfig   `json:"peers"`
-	PeerMap         map[string]PeerConf    `json:"peer_map"`
-	IsRelayed       bool                   `json:"is_relayed"`
-	IsIngress       bool                   `json:"is_ingress"`
-	RelayedTo       *net.UDPAddr           `json:"relayed_to"`
-	IsRelay         bool                   `json:"is_relay"`
-	RelayedPeerConf map[string]RelayedConf `json:"relayed_conf"`
-}
-
-type RelayedConf struct {
-	RelayedPeerEndpoint *net.UDPAddr         `json:"relayed_peer_endpoint"`
-	RelayedPeerPubKey   string               `json:"relayed_peer_pub_key"`
-	Peers               []wgtypes.PeerConfig `json:"relayed_peers"`
-}
-
-type PeerConf struct {
-	IsExtClient            bool         `json:"is_ext_client"`
-	Address                string       `json:"address"`
-	IsAttachedExtClient    bool         `json:"is_attached_ext_client"`
-	IngressGatewayEndPoint *net.UDPAddr `json:"ingress_gateway_endpoint"`
-	IsRelayed              bool         `json:"is_relayed"`
-	RelayedTo              *net.UDPAddr `json:"relayed_to"`
-	Proxy                  bool         `json:"proxy"`
-}
-
-const (
-	AddInterface    ProxyAction = "ADD_INTERFACE"
-	DeleteInterface ProxyAction = "DELETE_INTERFACE"
-)
-
-type ManagerAction struct {
-	Action  ProxyAction
-	Payload ManagerPayload
-}
-
-func StartProxyManager(manageChan chan *ManagerAction) {
-	for mI := range manageChan {
-		log.Printf("-------> PROXY-MANAGER: %+v\n", mI)
-		switch mI.Action {
-		case AddInterface:
-			mI.SetIngressGateway()
-			err := mI.AddInterfaceToProxy()
-			if err != nil {
-				log.Printf("failed to add interface: [%s] to proxy: %v\n  ", mI.Payload.InterfaceName, err)
-			}
-		case DeleteInterface:
-			mI.DeleteInterface()
-		}
-	}
-}
-
-func (m *ManagerAction) DeleteInterface() {
-	var err error
-	if runtime.GOOS == "darwin" {
-		m.Payload.InterfaceName, err = wg.GetRealIface(m.Payload.InterfaceName)
-		if err != nil {
-			log.Println("failed to get real iface: ", err)
-			return
-		}
-	}
-	if common.WgIfaceMap.Iface.Name == m.Payload.InterfaceName {
-		cleanUpInterface()
-	}
-
-}
-
-func (m *ManagerAction) RelayUpdate() {
-	common.IsRelay = m.Payload.IsRelay
-}
-
-func (m *ManagerAction) SetIngressGateway() {
-	common.IsIngressGateway = m.Payload.IsIngress
-
-}
-
-func (m *ManagerAction) RelayPeers() {
-	common.IsRelay = true
-	for relayedNodePubKey, relayedNodeConf := range m.Payload.RelayedPeerConf {
-		relayedNodePubKeyHash := fmt.Sprintf("%x", md5.Sum([]byte(relayedNodePubKey)))
-		if _, ok := common.RelayPeerMap[relayedNodePubKeyHash]; !ok {
-			common.RelayPeerMap[relayedNodePubKeyHash] = make(map[string]models.RemotePeer)
-		}
-		for _, peer := range relayedNodeConf.Peers {
-			if peer.Endpoint != nil {
-				peer.Endpoint.Port = models.NmProxyPort
-				remotePeerKeyHash := fmt.Sprintf("%x", md5.Sum([]byte(peer.PublicKey.String())))
-				common.RelayPeerMap[relayedNodePubKeyHash][remotePeerKeyHash] = models.RemotePeer{
-					Endpoint: peer.Endpoint,
-				}
-			}
-
-		}
-		relayedNodeConf.RelayedPeerEndpoint.Port = models.NmProxyPort
-		common.RelayPeerMap[relayedNodePubKeyHash][relayedNodePubKeyHash] = models.RemotePeer{
-			Endpoint: relayedNodeConf.RelayedPeerEndpoint,
-		}
-
-	}
-}
-
-func cleanUpInterface() {
-	log.Println("########------------>  CLEANING UP: ", common.WgIfaceMap.Iface.Name)
-	for _, peerI := range common.WgIfaceMap.PeerMap {
-		peerI.Mutex.Lock()
-		peerI.StopConn()
-		peerI.Mutex.Unlock()
-		delete(common.WgIfaceMap.PeerMap, peerI.Key.String())
-	}
-	common.WgIfaceMap.PeerMap = make(map[string]*models.Conn)
-}
-
-func (m *ManagerAction) processPayload() (*wg.WGIface, error) {
-	var err error
-	var wgIface *wg.WGIface
-	if m.Payload.InterfaceName == "" {
-		return nil, errors.New("interface cannot be empty")
-	}
-	if len(m.Payload.Peers) == 0 {
-		return nil, errors.New("no peers to add")
-	}
-
-	if runtime.GOOS == "darwin" {
-		m.Payload.InterfaceName, err = wg.GetRealIface(m.Payload.InterfaceName)
-		if err != nil {
-			log.Println("failed to get real iface: ", err)
-		}
-	}
-	common.InterfaceName = m.Payload.InterfaceName
-	wgIface, err = wg.NewWGIFace(m.Payload.InterfaceName, "127.0.0.1/32", wg.DefaultMTU)
-	if err != nil {
-		log.Println("Failed init new interface: ", err)
-		return nil, err
-	}
-
-	if common.WgIfaceMap.Iface == nil {
-		for i := len(m.Payload.Peers) - 1; i >= 0; i-- {
-			if !m.Payload.PeerMap[m.Payload.Peers[i].PublicKey.String()].Proxy {
-				log.Println("-----------> skipping peer, proxy is off: ", m.Payload.Peers[i].PublicKey)
-				if err := wgIface.Update(m.Payload.Peers[i], false); err != nil {
-					log.Println("falied to update peer: ", err)
-				}
-				m.Payload.Peers = append(m.Payload.Peers[:i], m.Payload.Peers[i+1:]...)
-				continue
-			}
-		}
-		common.WgIfaceMap.Iface = wgIface.Device
-		common.WgIfaceMap.IfaceKeyHash = fmt.Sprintf("%x", md5.Sum([]byte(wgIface.Device.PublicKey.String())))
-		return wgIface, nil
-	}
-	wgProxyConf := common.WgIfaceMap
-	if m.Payload.IsRelay {
-		m.RelayPeers()
-	}
-	common.IsRelay = m.Payload.IsRelay
-	// check if node is getting relayed
-	if common.IsRelayed != m.Payload.IsRelayed {
-		common.IsRelayed = m.Payload.IsRelayed
-		cleanUpInterface()
-		return wgIface, nil
-	}
-
-	// sync map with wg device config
-	// check if listen port has changed
-	if wgIface.Device.ListenPort != wgProxyConf.Iface.ListenPort {
-		// reset proxy for this interface
-		cleanUpInterface()
-		return wgIface, nil
-	}
-	// check device conf different from proxy
-	wgProxyConf.Iface = wgIface.Device
-	// sync peer map with new update
-	for _, currPeerI := range wgProxyConf.Iface.Peers {
-		if _, ok := m.Payload.PeerMap[currPeerI.PublicKey.String()]; !ok {
-			if val, ok := wgProxyConf.PeerMap[currPeerI.PublicKey.String()]; ok {
-				val.Mutex.Lock()
-				if val.IsAttachedExtClient {
-					log.Println("------> Deleting ExtClient Watch Thread: ", currPeerI.PublicKey.String())
-					if val, ok := common.ExtClientsWaitTh[currPeerI.PublicKey.String()]; ok {
-						val.CancelFunc()
-						delete(common.ExtClientsWaitTh, currPeerI.PublicKey.String())
-					}
-					log.Println("-----> Deleting Ext Client from Src Ip Map: ", currPeerI.PublicKey.String())
-					delete(common.ExtSourceIpMap, val.Config.PeerConf.Endpoint.String())
-				}
-				val.StopConn()
-				val.Mutex.Unlock()
-				delete(wgProxyConf.PeerMap, currPeerI.PublicKey.String())
-			}
-
-			// delete peer from interface
-			log.Println("CurrPeer Not Found, Deleting Peer from Interface: ", currPeerI.PublicKey.String())
-			if err := wgIface.RemovePeer(currPeerI.PublicKey.String()); err != nil {
-				log.Println("failed to remove peer: ", currPeerI.PublicKey.String(), err)
-			}
-
-			delete(common.PeerKeyHashMap, fmt.Sprintf("%x", md5.Sum([]byte(currPeerI.PublicKey.String()))))
-
-		}
-	}
-	for i := len(m.Payload.Peers) - 1; i >= 0; i-- {
-
-		if currentPeer, ok := wgProxyConf.PeerMap[m.Payload.Peers[i].PublicKey.String()]; ok {
-			currentPeer.Mutex.Lock()
-			if currentPeer.IsAttachedExtClient {
-				m.Payload.Peers = append(m.Payload.Peers[:i], m.Payload.Peers[i+1:]...)
-				continue
-			}
-			// check if proxy is off for the peer
-			if !m.Payload.PeerMap[m.Payload.Peers[i].PublicKey.String()].Proxy {
-
-				// cleanup proxy connections for the peer
-				currentPeer.StopConn()
-				delete(wgProxyConf.PeerMap, currentPeer.Key.String())
-				// update the peer with actual endpoint
-				if err := wgIface.Update(m.Payload.Peers[i], false); err != nil {
-					log.Println("falied to update peer: ", err)
-				}
-				m.Payload.Peers = append(m.Payload.Peers[:i], m.Payload.Peers[i+1:]...)
-				continue
-
-			}
-			// check if peer is not connected to proxy
-			devPeer, err := wg.GetPeer(m.Payload.InterfaceName, currentPeer.Key.String())
-			if err == nil {
-				log.Printf("---------> COMAPRING ENDPOINT: DEV: %s, Proxy: %s", devPeer.Endpoint.String(), currentPeer.Config.LocalConnAddr.String())
-				if devPeer.Endpoint.String() != currentPeer.Config.LocalConnAddr.String() {
-					log.Println("---------> endpoint is not set to proxy: ", currentPeer.Key)
-					currentPeer.StopConn()
-					delete(wgProxyConf.PeerMap, currentPeer.Key.String())
-					continue
-				}
-			}
-			//check if peer is being relayed
-			if currentPeer.IsRelayed != m.Payload.PeerMap[m.Payload.Peers[i].PublicKey.String()].IsRelayed {
-				log.Println("---------> peer relay status has been changed: ", currentPeer.Key)
-				currentPeer.StopConn()
-				delete(wgProxyConf.PeerMap, currentPeer.Key.String())
-				continue
-			}
-			// check if relay endpoint has been changed
-			if currentPeer.RelayedEndpoint != nil &&
-				m.Payload.PeerMap[m.Payload.Peers[i].PublicKey.String()].RelayedTo != nil &&
-				currentPeer.RelayedEndpoint.String() != m.Payload.PeerMap[m.Payload.Peers[i].PublicKey.String()].RelayedTo.String() {
-				log.Println("---------> peer relay endpoint has been changed: ", currentPeer.Key)
-				currentPeer.StopConn()
-				delete(wgProxyConf.PeerMap, currentPeer.Key.String())
-				continue
-			}
-			if !reflect.DeepEqual(m.Payload.Peers[i], *currentPeer.Config.PeerConf) {
-				if currentPeer.Config.RemoteConnAddr.IP.String() != m.Payload.Peers[i].Endpoint.IP.String() {
-					log.Println("----------> Resetting proxy for Peer: ", currentPeer.Key, m.Payload.InterfaceName)
-					currentPeer.StopConn()
-					currentPeer.Mutex.Unlock()
-					delete(wgProxyConf.PeerMap, currentPeer.Key.String())
-					continue
-				} else {
-
-					log.Println("----->##### Updating Peer on Interface: ", m.Payload.InterfaceName, currentPeer.Key)
-					updatePeerConf := m.Payload.Peers[i]
-					localUdpAddr, err := net.ResolveUDPAddr("udp", currentPeer.Config.LocalConnAddr.String())
-					if err == nil {
-						updatePeerConf.Endpoint = localUdpAddr
-					}
-					if err := wgIface.Update(updatePeerConf, true); err != nil {
-						log.Println("failed to update peer: ", currentPeer.Key, err)
-					}
-					currentPeer.Config.PeerConf = &m.Payload.Peers[i]
-					wgProxyConf.PeerMap[currentPeer.Key.String()] = currentPeer
-					// delete the peer from the list
-					log.Println("-----------> deleting peer from list: ", m.Payload.Peers[i].PublicKey)
-					m.Payload.Peers = append(m.Payload.Peers[:i], m.Payload.Peers[i+1:]...)
-
-				}
-
-			} else {
-				// delete the peer from the list
-				log.Println("-----------> No updates observed so deleting peer: ", m.Payload.Peers[i].PublicKey)
-				m.Payload.Peers = append(m.Payload.Peers[:i], m.Payload.Peers[i+1:]...)
-			}
-			currentPeer.Mutex.Unlock()
-
-		} else if !m.Payload.PeerMap[m.Payload.Peers[i].PublicKey.String()].Proxy && !m.Payload.PeerMap[m.Payload.Peers[i].PublicKey.String()].IsAttachedExtClient {
-			log.Println("-----------> skipping peer, proxy is off: ", m.Payload.Peers[i].PublicKey)
-			if err := wgIface.Update(m.Payload.Peers[i], false); err != nil {
-				log.Println("falied to update peer: ", err)
-			}
-			m.Payload.Peers = append(m.Payload.Peers[:i], m.Payload.Peers[i+1:]...)
-		}
-	}
-
-	// sync dev peers with new update
-
-	common.WgIfaceMap = wgProxyConf
-
-	log.Println("CLEANED UP..........")
-	return wgIface, nil
-}
-
-func (m *ManagerAction) AddInterfaceToProxy() error {
-	var err error
-
-	wgInterface, err := m.processPayload()
-	if err != nil {
-		return err
-	}
-
-	log.Printf("wg: %+v\n", wgInterface)
-	for _, peerI := range m.Payload.Peers {
-
-		peerConf := m.Payload.PeerMap[peerI.PublicKey.String()]
-		if peerI.Endpoint == nil && !(peerConf.IsAttachedExtClient || peerConf.IsExtClient) {
-			log.Println("Endpoint nil for peer: ", peerI.PublicKey.String())
-			continue
-		}
-
-		if peerConf.IsExtClient && !peerConf.IsAttachedExtClient {
-			peerI.Endpoint = peerConf.IngressGatewayEndPoint
-		}
-
-		var isRelayed bool
-		var relayedTo *net.UDPAddr
-		if m.Payload.IsRelayed {
-			isRelayed = true
-			relayedTo = m.Payload.RelayedTo
-		} else {
-
-			isRelayed = peerConf.IsRelayed
-			relayedTo = peerConf.RelayedTo
-
-		}
-		if peerConf.IsAttachedExtClient {
-			log.Println("Extclient Thread...")
-			go func(wgInterface *wg.WGIface, peer *wgtypes.PeerConfig,
-				isRelayed bool, relayTo *net.UDPAddr, peerConf PeerConf, ingGwAddr string) {
-				addExtClient := false
-				commChan := make(chan *net.UDPAddr, 100)
-				ctx, cancel := context.WithCancel(context.Background())
-				common.ExtClientsWaitTh[peerI.PublicKey.String()] = models.ExtClientPeer{
-					CancelFunc: cancel,
-					CommChan:   commChan,
-				}
-				defer func() {
-					if addExtClient {
-						log.Println("GOT ENDPOINT for Extclient adding peer...")
-
-						common.ExtSourceIpMap[peer.Endpoint.String()] = models.RemotePeer{
-							Interface:           wgInterface.Name,
-							PeerKey:             peer.PublicKey.String(),
-							IsExtClient:         peerConf.IsExtClient,
-							IsAttachedExtClient: peerConf.IsAttachedExtClient,
-							Endpoint:            peer.Endpoint,
-						}
-
-						peerpkg.AddNewPeer(wgInterface, peer, peerConf.Address, isRelayed,
-							peerConf.IsExtClient, peerConf.IsAttachedExtClient, relayedTo)
-
-					}
-					log.Println("Exiting extclient watch Thread for: ", peer.PublicKey.String())
-				}()
-				for {
-					select {
-					case <-ctx.Done():
-						return
-					case endpoint := <-commChan:
-						if endpoint != nil {
-							addExtClient = true
-							peer.Endpoint = endpoint
-							delete(common.ExtClientsWaitTh, peer.PublicKey.String())
-							return
-						}
-					}
-
-				}
-
-			}(wgInterface, &peerI, isRelayed, relayedTo, peerConf, m.Payload.WgAddr)
-			continue
-		}
-
-		peerpkg.AddNewPeer(wgInterface, &peerI, peerConf.Address, isRelayed,
-			peerConf.IsExtClient, peerConf.IsAttachedExtClient, relayedTo)
-
-	}
-	return nil
-}

nm-proxy/metrics/metrics.go

@@ -1,56 +0,0 @@
-package metrics
-
-import (
-	"encoding/json"
-	"os"
-	"sync"
-	"time"
-)
-
-/*
-1. Create metrics packet--> packet with identifier to track latency, errors.
-
-*/
-
-type Metric struct {
-	LastRecordedLatency uint64
-	ConnectionStatus    bool
-	TrafficSent         float64
-	TrafficRecieved     float64
-}
-
-type MetricsPayload struct {
-	MetricType MetricsUpdateType
-	Value      interface{}
-}
-
-type MetricsUpdateType uint32
-
-const (
-	LatencyUpdate         MetricsUpdateType = 1
-	TrafficSentUpdate     MetricsUpdateType = 2
-	TrafficRecievedUpdate MetricsUpdateType = 3
-)
-
-var MetricsMapLock = &sync.RWMutex{}
-
-var MetricsMap = make(map[string]Metric)
-
-func init() {
-	go func() {
-		for {
-			time.Sleep(1 * time.Minute)
-			PrintMetrics()
-		}
-	}()
-}
-
-func PrintMetrics() {
-
-	data, err := json.MarshalIndent(MetricsMap, "", " ")
-	if err != nil {
-		return
-	}
-	os.WriteFile("/tmp/metrics.json", data, 0755)
-
-}

nm-proxy/models/models.go

@@ -1,65 +0,0 @@
-package models
-
-import (
-	"context"
-	"net"
-	"sync"
-	"time"
-
-	"github.com/gravitl/netmaker/nm-proxy/wg"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-const (
-	NmProxyPort = 51722
-	DefaultCIDR = "127.0.0.1/8"
-)
-
-type ProxyConfig struct {
-	RemoteKey           wgtypes.Key
-	LocalKey            wgtypes.Key
-	WgInterface         *wg.WGIface
-	IsExtClient         bool
-	PersistentKeepalive *time.Duration
-	RecieverChan        chan []byte
-	PeerConf            *wgtypes.PeerConfig
-	PeerEndpoint        *net.UDPAddr
-	RemoteConnAddr      *net.UDPAddr
-	LocalConnAddr       *net.UDPAddr
-}
-
-// Conn is a peer Connection configuration
-type Conn struct {
-
-	// Key is a public key of a remote peer
-	Key                 wgtypes.Key
-	IsExtClient         bool
-	IsRelayed           bool
-	RelayedEndpoint     *net.UDPAddr
-	IsAttachedExtClient bool
-	Config              ProxyConfig
-	StopConn            func()
-	ResetConn           func()
-	LocalConn           net.Conn
-	Mutex               *sync.RWMutex
-}
-
-type RemotePeer struct {
-	PeerKey             string
-	Interface           string
-	Endpoint            *net.UDPAddr
-	IsExtClient         bool
-	IsAttachedExtClient bool
-	LocalConn           net.Conn
-}
-
-type ExtClientPeer struct {
-	CancelFunc context.CancelFunc
-	CommChan   chan *net.UDPAddr
-}
-
-type WgIfaceConf struct {
-	Iface        *wgtypes.Device
-	IfaceKeyHash string
-	PeerMap      map[string]*Conn
-}

nm-proxy/nm-proxy.go

@@ -1,44 +0,0 @@
-package nmproxy
-
-import (
-	"context"
-	"log"
-	"net"
-
-	"github.com/gravitl/netmaker/nm-proxy/manager"
-	"github.com/gravitl/netmaker/nm-proxy/server"
-	"github.com/gravitl/netmaker/nm-proxy/stun"
-)
-
-/*
-	TODO:
-		1. Mutex locks for maps
-		2. CRUD funcs on Maps
-		3. Comments
-*/
-
-func Start(ctx context.Context, mgmChan chan *manager.ManagerAction, apiServerAddr string) {
-	log.Println("Starting Proxy...")
-	hInfo := stun.GetHostInfo(apiServerAddr)
-	stun.Host = hInfo
-	log.Printf("HOSTINFO: %+v", hInfo)
-	if IsPublicIP(hInfo.PrivIp) {
-		log.Println("Host is public facing!!!")
-	}
-	// start the netclient proxy server
-	err := server.NmProxyServer.CreateProxyServer(0, 0, hInfo.PrivIp.String())
-	if err != nil {
-		log.Fatal("failed to create proxy: ", err)
-	}
-	go manager.StartProxyManager(mgmChan)
-	server.NmProxyServer.Listen(ctx)
-
-}
-
-// IsPublicIP indicates whether IP is public or not.
-func IsPublicIP(ip net.IP) bool {
-	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() || ip.IsPrivate() {
-		return false
-	}
-	return true
-}

nm-proxy/packet/packet.go

@@ -1,174 +0,0 @@
-package packet
-
-import (
-	"bytes"
-	"crypto/md5"
-	"encoding/base64"
-	"encoding/binary"
-	"errors"
-	"fmt"
-	"log"
-	"net"
-	"time"
-
-	"github.com/gravitl/netmaker/nm-proxy/common"
-	"golang.org/x/crypto/blake2s"
-	"golang.org/x/crypto/chacha20poly1305"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-func ConsumeHandshakeInitiationMsg(initiator bool, buf []byte, src *net.UDPAddr, devicePubKey NoisePublicKey, devicePrivKey NoisePrivateKey) error {
-
-	var (
-		hash     [blake2s.Size]byte
-		chainKey [blake2s.Size]byte
-	)
-	var err error
-	var msg MessageInitiation
-	reader := bytes.NewReader(buf[:])
-	err = binary.Read(reader, binary.LittleEndian, &msg)
-	if err != nil {
-		log.Println("Failed to decode initiation message")
-		return err
-	}
-
-	if msg.Type != MessageInitiationType {
-		return errors.New("not handshake initiation message")
-	}
-	log.Println("-----> ConsumeHandshakeInitiationMsg, Intitator:  ", initiator)
-	mixHash(&hash, &InitialHash, devicePubKey[:])
-	mixHash(&hash, &hash, msg.Ephemeral[:])
-	mixKey(&chainKey, &InitialChainKey, msg.Ephemeral[:])
-
-	// decrypt static key
-	var peerPK NoisePublicKey
-	var key [chacha20poly1305.KeySize]byte
-	ss := sharedSecret(&devicePrivKey, msg.Ephemeral)
-	if isZero(ss[:]) {
-		return errors.New("no secret")
-	}
-	KDF2(&chainKey, &key, chainKey[:], ss[:])
-	aead, _ := chacha20poly1305.New(key[:])
-	_, err = aead.Open(peerPK[:0], ZeroNonce[:], msg.Static[:], hash[:])
-	if err != nil {
-		return err
-	}
-	log.Println("--------> Got HandShake from peer: ", base64.StdEncoding.EncodeToString(peerPK[:]), src)
-	if val, ok := common.ExtClientsWaitTh[base64.StdEncoding.EncodeToString(peerPK[:])]; ok {
-		val.CommChan <- src
-		time.Sleep(time.Second * 3)
-	}
-
-	setZero(hash[:])
-	setZero(chainKey[:])
-	return nil
-}
-
-func CreateProxyUpdatePacket(msg *ProxyUpdateMessage) ([]byte, error) {
-	var buff [MessageProxyUpdateSize]byte
-	writer := bytes.NewBuffer(buff[:0])
-	err := binary.Write(writer, binary.LittleEndian, msg)
-	if err != nil {
-		return nil, err
-	}
-	packet := writer.Bytes()
-	return packet, nil
-
-}
-
-func ConsumeProxyUpdateMsg(buf []byte) (*ProxyUpdateMessage, error) {
-	var msg ProxyUpdateMessage
-	reader := bytes.NewReader(buf[:])
-	err := binary.Read(reader, binary.LittleEndian, &msg)
-	if err != nil {
-		log.Println("Failed to decode proxy update message")
-		return nil, err
-	}
-
-	if msg.Type != MessageProxyUpdateType {
-		return nil, errors.New("not proxy update message")
-	}
-	return &msg, nil
-}
-
-func CreateMetricPacket(id uint32, sender, reciever wgtypes.Key) ([]byte, error) {
-	msg := MetricMessage{
-		Type:      MessageMetricsType,
-		ID:        id,
-		Sender:    sender,
-		Reciever:  reciever,
-		TimeStamp: time.Now().UnixMilli(),
-	}
-	log.Printf("----------> $$$$$$ CREATED PACKET: %+v\n", msg)
-	var buff [MessageMetricSize]byte
-	writer := bytes.NewBuffer(buff[:0])
-	err := binary.Write(writer, binary.LittleEndian, msg)
-	if err != nil {
-		return nil, err
-	}
-	packet := writer.Bytes()
-	return packet, nil
-}
-
-func ConsumeMetricPacket(buf []byte) (*MetricMessage, error) {
-	var msg MetricMessage
-	var err error
-	reader := bytes.NewReader(buf[:])
-	err = binary.Read(reader, binary.LittleEndian, &msg)
-	if err != nil {
-		log.Println("Failed to decode metric message")
-		return nil, err
-	}
-
-	if msg.Type != MessageMetricsType {
-		return nil, errors.New("not  metric message")
-	}
-	return &msg, nil
-}
-
-func ProcessPacketBeforeSending(buf []byte, n int, srckey, dstKey string) ([]byte, int, string, string) {
-
-	srcKeymd5 := md5.Sum([]byte(srckey))
-	dstKeymd5 := md5.Sum([]byte(dstKey))
-	m := ProxyMessage{
-		Type:     MessageProxyType,
-		Sender:   srcKeymd5,
-		Reciever: dstKeymd5,
-	}
-	var msgBuffer [MessageProxySize]byte
-	writer := bytes.NewBuffer(msgBuffer[:0])
-	err := binary.Write(writer, binary.LittleEndian, m)
-	if err != nil {
-		log.Println(err)
-	}
-	if n > len(buf)-MessageProxySize {
-		buf = append(buf, msgBuffer[:]...)
-
-	} else {
-		copy(buf[n:n+MessageProxySize], msgBuffer[:])
-	}
-	n += MessageProxySize
-
-	return buf, n, fmt.Sprintf("%x", srcKeymd5), fmt.Sprintf("%x", dstKeymd5)
-}
-
-func ExtractInfo(buffer []byte, n int) (int, string, string, error) {
-	data := buffer[:n]
-	if len(data) < MessageProxySize {
-		return n, "", "", errors.New("proxy message not found")
-	}
-	var msg ProxyMessage
-	var err error
-	reader := bytes.NewReader(buffer[n-MessageProxySize:])
-	err = binary.Read(reader, binary.LittleEndian, &msg)
-	if err != nil {
-		log.Println("Failed to decode proxy message")
-		return n, "", "", err
-	}
-
-	if msg.Type != MessageProxyType {
-		return n, "", "", errors.New("not a proxy message")
-	}
-	n -= MessageProxySize
-	return n, fmt.Sprintf("%x", msg.Sender), fmt.Sprintf("%x", msg.Reciever), nil
-}

nm-proxy/packet/packet_helper.go

@@ -1,53 +0,0 @@
-package packet
-
-import (
-	"golang.org/x/crypto/blake2s"
-	"golang.org/x/crypto/chacha20poly1305"
-	"golang.zx2c4.com/wireguard/tai64n"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-const poly1305TagSize = 16
-
-var (
-	InitialChainKey [blake2s.Size]byte
-	InitialHash     [blake2s.Size]byte
-	ZeroNonce       [chacha20poly1305.NonceSize]byte
-)
-
-func init() {
-	InitialChainKey = blake2s.Sum256([]byte(NoiseConstruction))
-	mixHash(&InitialHash, &InitialChainKey, []byte(WGIdentifier))
-}
-
-type MessageInitiation struct {
-	Type      MessageType
-	Sender    uint32
-	Ephemeral NoisePublicKey
-	Static    [NoisePublicKeySize + poly1305TagSize]byte
-	Timestamp [tai64n.TimestampSize + poly1305TagSize]byte
-	MAC1      [blake2s.Size128]byte
-	MAC2      [blake2s.Size128]byte
-}
-
-type MetricMessage struct {
-	Type      MessageType
-	ID        uint32
-	Sender    wgtypes.Key
-	Reciever  wgtypes.Key
-	TimeStamp int64
-}
-
-type ProxyMessage struct {
-	Type     MessageType
-	Sender   [16]byte
-	Reciever [16]byte
-}
-
-type ProxyUpdateMessage struct {
-	Type       MessageType
-	Action     ProxyActionType
-	Sender     wgtypes.Key
-	Reciever   wgtypes.Key
-	ListenPort uint32
-}

nm-proxy/packet/utils.go

@@ -1,114 +0,0 @@
-package packet
-
-import (
-	"crypto/hmac"
-	"crypto/subtle"
-	"hash"
-
-	"github.com/gravitl/netmaker/nm-proxy/wg"
-	"golang.org/x/crypto/blake2s"
-	"golang.org/x/crypto/curve25519"
-)
-
-type MessageType uint32
-type ProxyActionType uint32
-
-const (
-	MessageInitiationType  MessageType = 1
-	MessageMetricsType     MessageType = 5
-	MessageProxyType       MessageType = 6
-	MessageProxyUpdateType MessageType = 7
-)
-
-const (
-	UpdateListenPort ProxyActionType = 1
-)
-const (
-	NoisePublicKeySize  = 32
-	NoisePrivateKeySize = 32
-
-	MessageMetricSize      = 148
-	MessageProxyUpdateSize = 148
-	MessageProxySize       = 36
-
-	NoiseConstruction = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s"
-	WGIdentifier      = "WireGuard v1 zx2c4 [email protected]"
-	WGLabelMAC1       = "mac1----"
-	WGLabelCookie     = "cookie--"
-)
-
-func mixKey(dst, c *[blake2s.Size]byte, data []byte) {
-	KDF1(dst, c[:], data)
-}
-
-func mixHash(dst, h *[blake2s.Size]byte, data []byte) {
-	hash, _ := blake2s.New256(nil)
-	hash.Write(h[:])
-	hash.Write(data)
-	hash.Sum(dst[:0])
-	hash.Reset()
-}
-func HMAC1(sum *[blake2s.Size]byte, key, in0 []byte) {
-	mac := hmac.New(func() hash.Hash {
-		h, _ := blake2s.New256(nil)
-		return h
-	}, key)
-	mac.Write(in0)
-	mac.Sum(sum[:0])
-}
-
-func HMAC2(sum *[blake2s.Size]byte, key, in0, in1 []byte) {
-	mac := hmac.New(func() hash.Hash {
-		h, _ := blake2s.New256(nil)
-		return h
-	}, key)
-	mac.Write(in0)
-	mac.Write(in1)
-	mac.Sum(sum[:0])
-}
-
-func KDF1(t0 *[blake2s.Size]byte, key, input []byte) {
-	HMAC1(t0, key, input)
-	HMAC1(t0, t0[:], []byte{0x1})
-}
-
-func KDF2(t0, t1 *[blake2s.Size]byte, key, input []byte) {
-	var prk [blake2s.Size]byte
-	HMAC1(&prk, key, input)
-	HMAC1(t0, prk[:], []byte{0x1})
-	HMAC2(t1, prk[:], t0[:], []byte{0x2})
-	setZero(prk[:])
-}
-
-func setZero(arr []byte) {
-	for i := range arr {
-		arr[i] = 0
-	}
-}
-func isZero(val []byte) bool {
-	acc := 1
-	for _, b := range val {
-		acc &= subtle.ConstantTimeByteEq(b, 0)
-	}
-	return acc == 1
-}
-
-func GetDeviceKeys(ifaceName string) (NoisePrivateKey, NoisePublicKey, error) {
-	wgPrivKey := wg.GetWgIfacePrivKey(ifaceName)
-	wgPubKey := wg.GetWgIfacePubKey(ifaceName)
-
-	return wgPrivKey, wgPubKey, nil
-}
-
-type (
-	NoisePublicKey  [NoisePublicKeySize]byte
-	NoisePrivateKey [NoisePrivateKeySize]byte
-)
-
-func sharedSecret(sk *NoisePrivateKey, pk NoisePublicKey) (ss [NoisePublicKeySize]byte) {
-	apk := (*[NoisePublicKeySize]byte)(&pk)
-	ask := (*[NoisePrivateKeySize]byte)(sk)
-	//lint:ignore SA1019 no need of back and forth conversion between arrays and slices required by curve25519.X25519 function
-	curve25519.ScalarMult(&ss, ask, apk)
-	return ss
-}

nm-proxy/peer/peer.go

@@ -1,83 +0,0 @@
-package peer
-
-import (
-	"crypto/md5"
-	"errors"
-	"fmt"
-	"log"
-	"net"
-	"sync"
-	"time"
-
-	"github.com/gravitl/netmaker/nm-proxy/common"
-	"github.com/gravitl/netmaker/nm-proxy/models"
-	"github.com/gravitl/netmaker/nm-proxy/proxy"
-	"github.com/gravitl/netmaker/nm-proxy/wg"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-func AddNewPeer(wgInterface *wg.WGIface, peer *wgtypes.PeerConfig, peerAddr string,
-	isRelayed, isExtClient, isAttachedExtClient bool, relayTo *net.UDPAddr) error {
-	if peer.PersistentKeepaliveInterval == nil {
-		d := time.Second * 25
-		peer.PersistentKeepaliveInterval = &d
-	}
-	c := models.ProxyConfig{
-		LocalKey:            wgInterface.Device.PublicKey,
-		RemoteKey:           peer.PublicKey,
-		WgInterface:         wgInterface,
-		IsExtClient:         isExtClient,
-		PeerConf:            peer,
-		PersistentKeepalive: peer.PersistentKeepaliveInterval,
-		RecieverChan:        make(chan []byte, 1000),
-	}
-	p := proxy.NewProxy(c)
-	peerPort := models.NmProxyPort
-	if isExtClient && isAttachedExtClient {
-		peerPort = peer.Endpoint.Port
-
-	}
-	peerEndpointIP := peer.Endpoint.IP
-	if isRelayed {
-		//go server.NmProxyServer.KeepAlive(peer.Endpoint.IP.String(), common.NmProxyPort)
-		if relayTo == nil {
-			return errors.New("relay endpoint is nil")
-		}
-		peerEndpointIP = relayTo.IP
-	}
-	peerEndpoint, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", peerEndpointIP, peerPort))
-	if err != nil {
-		return err
-	}
-	p.Config.PeerEndpoint = peerEndpoint
-
-	log.Printf("Starting proxy for Peer: %s\n", peer.PublicKey.String())
-	err = p.Start()
-	if err != nil {
-		return err
-	}
-
-	connConf := models.Conn{
-		Mutex:               &sync.RWMutex{},
-		Key:                 peer.PublicKey,
-		IsRelayed:           isRelayed,
-		RelayedEndpoint:     relayTo,
-		IsAttachedExtClient: isAttachedExtClient,
-		Config:              p.Config,
-		StopConn:            p.Close,
-		ResetConn:           p.Reset,
-		LocalConn:           p.LocalConn,
-	}
-
-	common.WgIfaceMap.PeerMap[peer.PublicKey.String()] = &connConf
-
-	common.PeerKeyHashMap[fmt.Sprintf("%x", md5.Sum([]byte(peer.PublicKey.String())))] = models.RemotePeer{
-		Interface:           wgInterface.Name,
-		PeerKey:             peer.PublicKey.String(),
-		IsExtClient:         isExtClient,
-		Endpoint:            peerEndpoint,
-		IsAttachedExtClient: isAttachedExtClient,
-		LocalConn:           p.LocalConn,
-	}
-	return nil
-}

nm-proxy/proxy/proxy.go

@@ -1,231 +0,0 @@
-package proxy
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"net"
-	"runtime"
-
-	"github.com/gravitl/netmaker/nm-proxy/common"
-	"github.com/gravitl/netmaker/nm-proxy/models"
-)
-
-// Proxy -  WireguardProxy proxies
-type Proxy struct {
-	Ctx        context.Context
-	Cancel     context.CancelFunc
-	Config     models.ProxyConfig
-	RemoteConn *net.UDPAddr
-	LocalConn  net.Conn
-}
-
-func (p *Proxy) Start() error {
-
-	var err error
-	p.RemoteConn = p.Config.PeerEndpoint
-	log.Printf("----> Established Remote Conn with RPeer: %s, ----> RAddr: %s", p.Config.RemoteKey.String(), p.RemoteConn.String())
-	addr, err := GetFreeIp(models.DefaultCIDR, p.Config.WgInterface.Port)
-	if err != nil {
-		log.Println("Failed to get freeIp: ", err)
-		return err
-	}
-	wgListenAddr, err := GetInterfaceListenAddr(p.Config.WgInterface.Port)
-	if err != nil {
-		log.Println("failed to get wg listen addr: ", err)
-		return err
-	}
-	if runtime.GOOS == "darwin" {
-		wgListenAddr.IP = net.ParseIP(addr)
-	}
-	p.LocalConn, err = net.DialUDP("udp", &net.UDPAddr{
-		IP:   net.ParseIP(addr),
-		Port: models.NmProxyPort,
-	}, wgListenAddr)
-	if err != nil {
-		log.Printf("failed dialing to local Wireguard port,Err: %v\n", err)
-		return err
-	}
-
-	log.Printf("Dialing to local Wireguard port %s --> %s\n", p.LocalConn.LocalAddr().String(), p.LocalConn.RemoteAddr().String())
-	err = p.updateEndpoint()
-	if err != nil {
-		log.Printf("error while updating Wireguard peer endpoint [%s] %v\n", p.Config.RemoteKey, err)
-		return err
-	}
-	localAddr, err := net.ResolveUDPAddr("udp", p.LocalConn.LocalAddr().String())
-	if err != nil {
-		log.Println("failed to resolve local addr: ", err)
-		return err
-	}
-	p.Config.LocalConnAddr = localAddr
-	p.Config.RemoteConnAddr = p.RemoteConn
-	go p.ProxyPeer()
-
-	return nil
-}
-
-func (p *Proxy) Close() {
-	log.Println("------> Closing Proxy for ", p.Config.RemoteKey.String())
-	p.Cancel()
-	p.LocalConn.Close()
-	if runtime.GOOS == "darwin" {
-		host, _, err := net.SplitHostPort(p.LocalConn.LocalAddr().String())
-		if err != nil {
-			log.Println("Failed to split host: ", p.LocalConn.LocalAddr().String(), err)
-			return
-		}
-
-		if host != "127.0.0.1" {
-			_, err = common.RunCmd(fmt.Sprintf("ifconfig lo0 -alias %s 255.255.255.255", host), true)
-			if err != nil {
-				log.Println("Failed to add alias: ", err)
-			}
-		}
-
-	}
-	close(p.Config.RecieverChan)
-}
-
-func GetInterfaceListenAddr(port int) (*net.UDPAddr, error) {
-	locallistenAddr := "127.0.0.1"
-	udpAddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", locallistenAddr, port))
-	if err != nil {
-		return udpAddr, err
-	}
-	return udpAddr, nil
-}
-
-// func StartSniffer(ctx context.Context, ifaceName, ingGwAddr, extClientAddr string, port int) {
-// 	log.Println("Starting Packet Sniffer for iface: ", ifaceName)
-// 	var (
-// 		snapshotLen int32 = 1024
-// 		promiscuous bool  = false
-// 		err         error
-// 		timeout     time.Duration = 1 * time.Microsecond
-// 		handle      *pcap.Handle
-// 	)
-// 	// Open device
-// 	handle, err = pcap.OpenLive(ifaceName, snapshotLen, promiscuous, timeout)
-// 	if err != nil {
-// 		log.Println("failed to start sniffer for iface: ", ifaceName, err)
-// 		return
-// 	}
-// 	// if err := handle.SetBPFFilter(fmt.Sprintf("src %s and port %d", extClientAddr, port)); err != nil {
-// 	// 	log.Println("failed to set bpf filter: ", err)
-// 	// 	return
-// 	// }
-// 	defer handle.Close()
-
-// 	// var tcp layers.TCP
-// 	// var icmp layers.ICMPv4
-// 	// var udp layers.UDP
-// 	// parser := gopacket.NewDecodingLayerParser(layers.LayerTypeIPv4, &udp, &tcp, &icmp)
-
-// 	packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
-// 	for {
-// 		select {
-// 		case <-ctx.Done():
-// 			log.Println("Stopping packet sniffer for iface: ", ifaceName, " port: ", port)
-// 			return
-// 		default:
-// 			packet, err := packetSource.NextPacket()
-// 			if err == nil {
-// 				//processPkt(ifaceName, packet)
-// 				ipLayer := packet.Layer(layers.LayerTypeIPv4)
-// 				if ipLayer != nil {
-// 					fmt.Println("IPv4 layer detected.")
-// 					ip, _ := ipLayer.(*layers.IPv4)
-
-// 					// IP layer variables:
-// 					// Version (Either 4 or 6)
-// 					// IHL (IP Header Length in 32-bit words)
-// 					// TOS, Length, Id, Flags, FragOffset, TTL, Protocol (TCP?),
-// 					// Checksum, SrcIP, DstIP
-// 					fmt.Println("#########################")
-// 					fmt.Printf("From %s to %s\n", ip.SrcIP, ip.DstIP)
-// 					fmt.Println("Protocol: ", ip.Protocol.String())
-// 					if (ip.SrcIP.String() == extClientAddr && ip.DstIP.String() != ingGwAddr) ||
-// 						(ip.DstIP.String() == extClientAddr && ip.SrcIP.String() != ingGwAddr) {
-
-// 						log.Println("-----> Fowarding PKT From: ", ip.SrcIP, " to: ", ip.DstIP)
-// 						c, err := net.Dial("ip", ip.DstIP.String())
-// 						if err == nil {
-// 							c.Write(ip.Payload)
-// 							c.Close()
-// 						} else {
-// 							log.Println("------> Failed to forward packet from sniffer: ", err)
-
-// 						}
-// 					}
-
-// 					fmt.Println("#########################")
-// 				}
-// 			}
-// 		}
-
-// 	}
-// }
-
-// func processPkt(iface string, packet gopacket.Packet) {
-// 	// Let's see if the packet is an ethernet packet
-// 	// ethernetLayer := packet.Layer(layers.LayerTypeEthernet)
-// 	// if ethernetLayer != nil {
-// 	// 	fmt.Println("Ethernet layer detected.")
-// 	// 	ethernetPacket, _ := ethernetLayer.(*layers.Ethernet)
-// 	// 	fmt.Println("Source MAC: ", ethernetPacket.SrcMAC)
-// 	// 	fmt.Println("Destination MAC: ", ethernetPacket.DstMAC)
-// 	// 	// Ethernet type is typically IPv4 but could be ARP or other
-// 	// 	fmt.Println("Ethernet type: ", ethernetPacket.EthernetType)
-// 	// 	fmt.Println()
-// 	// }
-
-// 	// Let's see if the packet is IP (even though the ether type told us)
-// 	ipLayer := packet.Layer(layers.LayerTypeIPv4)
-// 	if ipLayer != nil {
-// 		fmt.Println("IPv4 layer detected.")
-// 		ip, _ := ipLayer.(*layers.IPv4)
-
-// 		// IP layer variables:
-// 		// Version (Either 4 or 6)
-// 		// IHL (IP Header Length in 32-bit words)
-// 		// TOS, Length, Id, Flags, FragOffset, TTL, Protocol (TCP?),
-// 		// Checksum, SrcIP, DstIP
-// 		fmt.Printf("From %s to %s\n", ip.SrcIP, ip.DstIP)
-// 		fmt.Println("Protocol: ", ip.Protocol)
-// 		fmt.Println()
-
-// 	}
-
-// 	// udpLayer := packet.Layer(layers.LayerTypeUDP)
-// 	// if udpLayer != nil {
-// 	// 	udp, _ := udpLayer.(*layers.UDP)
-// 	// 	fmt.Printf("UDP: From port %d to %d\n", udp.SrcPort, udp.DstPort)
-// 	// 	fmt.Println()
-// 	// }
-
-// 	// // Iterate over all layers, printing out each layer type
-// 	// fmt.Println("All packet layers:")
-// 	// for _, layer := range packet.Layers() {
-// 	// 	fmt.Println("- ", layer.LayerType())
-// 	// }
-
-// 	// When iterating through packet.Layers() above,
-// 	// if it lists Payload layer then that is the same as
-// 	// this applicationLayer. applicationLayer contains the payload
-// 	// applicationLayer := packet.ApplicationLayer()
-// 	// if applicationLayer != nil {
-// 	// 	fmt.Println("Application layer/Payload found.")
-// 	// 	fmt.Printf("%s\n", applicationLayer.Payload())
-
-// 	// 	// Search for a string inside the payload
-// 	// 	if strings.Contains(string(applicationLayer.Payload()), "HTTP") {
-// 	// 		fmt.Println("HTTP found!")
-// 	// 	}
-// 	// }
-
-// 	// Check for errors
-// 	if err := packet.ErrorLayer(); err != nil {
-// 		fmt.Println("Error decoding some part of the packet:", err)
-// 	}
-// }

nm-proxy/proxy/proxy_helper.go

@@ -1,239 +0,0 @@
-package proxy
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"log"
-	"net"
-	"runtime"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/c-robinson/iplib"
-	"github.com/google/uuid"
-	"github.com/gravitl/netmaker/nm-proxy/common"
-	"github.com/gravitl/netmaker/nm-proxy/metrics"
-	"github.com/gravitl/netmaker/nm-proxy/models"
-	"github.com/gravitl/netmaker/nm-proxy/packet"
-	"github.com/gravitl/netmaker/nm-proxy/server"
-	"github.com/gravitl/netmaker/nm-proxy/stun"
-	"github.com/gravitl/netmaker/nm-proxy/wg"
-)
-
-func NewProxy(config models.ProxyConfig) *Proxy {
-	p := &Proxy{Config: config}
-	p.Ctx, p.Cancel = context.WithCancel(context.Background())
-	return p
-}
-
-func (p *Proxy) proxyToRemote(wg *sync.WaitGroup) {
-	ticker := time.NewTicker(time.Minute)
-	defer ticker.Stop()
-	buf := make([]byte, 65000)
-	defer wg.Done()
-	for {
-		select {
-		case <-p.Ctx.Done():
-			return
-		default:
-
-			n, err := p.LocalConn.Read(buf)
-			if err != nil {
-				log.Println("ERRR READ: ", err)
-				continue
-			}
-
-			// if _, found := common.GetPeer(p.Config.RemoteKey); !found {
-			// 	log.Printf("Peer: %s not found in config\n", p.Config.RemoteKey)
-			// 	p.Close()
-			// 	return
-			// }
-			go func(n int, peerKey string) {
-				metrics.MetricsMapLock.Lock()
-				metric := metrics.MetricsMap[peerKey]
-				metric.TrafficSent += float64(n) / (1 << 20)
-				metrics.MetricsMap[peerKey] = metric
-				metrics.MetricsMapLock.Unlock()
-			}(n, p.Config.RemoteKey.String())
-
-			//var srcPeerKeyHash, dstPeerKeyHash string
-			if !p.Config.IsExtClient {
-				buf, n, _, _ = packet.ProcessPacketBeforeSending(buf, n, p.Config.WgInterface.Device.PublicKey.String(), p.Config.RemoteKey.String())
-				if err != nil {
-					log.Println("failed to process pkt before sending: ", err)
-				}
-			}
-
-			// log.Printf("PROXING TO REMOTE!!!---> %s >>>>> %s >>>>> %s [[ SrcPeerHash: %s, DstPeerHash: %s ]]\n",
-			// 	p.LocalConn.LocalAddr(), server.NmProxyServer.Server.LocalAddr().String(), p.RemoteConn.String(), srcPeerKeyHash, dstPeerKeyHash)
-
-			_, err = server.NmProxyServer.Server.WriteToUDP(buf[:n], p.RemoteConn)
-			if err != nil {
-				log.Println("Failed to send to remote: ", err)
-			}
-
-		}
-	}
-
-}
-
-func (p *Proxy) Reset() {
-	p.Close()
-	if err := p.pullLatestConfig(); err != nil {
-		log.Println("couldn't perform reset: ", err)
-		return
-	}
-	p.Start()
-
-}
-
-func (p *Proxy) pullLatestConfig() error {
-	peer, found := common.GetPeer(p.Config.RemoteKey)
-	if found {
-		p.Config.PeerEndpoint.Port = peer.Config.PeerEndpoint.Port
-	} else {
-		return errors.New("peer not found")
-	}
-	return nil
-
-}
-
-func (p *Proxy) startMetricsThread(wg *sync.WaitGroup, rTicker *time.Ticker) {
-	ticker := time.NewTicker(time.Minute)
-	defer ticker.Stop()
-	defer wg.Done()
-	for {
-		select {
-		case <-p.Ctx.Done():
-			return
-		case <-ticker.C:
-			metrics.MetricsMapLock.Lock()
-			metric := metrics.MetricsMap[p.Config.RemoteKey.String()]
-			if metric.ConnectionStatus {
-				rTicker.Reset(*p.Config.PersistentKeepalive)
-			}
-			metric.ConnectionStatus = false
-			metrics.MetricsMap[p.Config.RemoteKey.String()] = metric
-			metrics.MetricsMapLock.Unlock()
-			pkt, err := packet.CreateMetricPacket(uuid.New().ID(), p.Config.LocalKey, p.Config.RemoteKey)
-			if err == nil {
-				log.Printf("-----------> ##### $$$$$ SENDING METRIC PACKET TO: %s\n", p.RemoteConn.String())
-				_, err = server.NmProxyServer.Server.WriteToUDP(pkt, p.RemoteConn)
-				if err != nil {
-					log.Println("Failed to send to metric pkt: ", err)
-				}
-
-			}
-		}
-	}
-}
-
-func (p *Proxy) peerUpdates(wg *sync.WaitGroup, ticker *time.Ticker) {
-	defer wg.Done()
-	for {
-		select {
-		case <-p.Ctx.Done():
-			return
-		case <-ticker.C:
-			// send listen port packet
-			m := &packet.ProxyUpdateMessage{
-				Type:       packet.MessageProxyType,
-				Action:     packet.UpdateListenPort,
-				Sender:     p.Config.LocalKey,
-				Reciever:   p.Config.RemoteKey,
-				ListenPort: uint32(stun.Host.PrivPort),
-			}
-			pkt, err := packet.CreateProxyUpdatePacket(m)
-			if err == nil {
-				log.Printf("-----------> ##### $$$$$ SENDING Proxy Update PACKET TO: %s\n", p.RemoteConn.String())
-				_, err = server.NmProxyServer.Server.WriteToUDP(pkt, p.RemoteConn)
-				if err != nil {
-					log.Println("Failed to send to metric pkt: ", err)
-				}
-
-			}
-		}
-	}
-}
-
-// ProxyPeer proxies everything from Wireguard to the RemoteKey peer and vice-versa
-func (p *Proxy) ProxyPeer() {
-	ticker := time.NewTicker(*p.Config.PersistentKeepalive)
-	defer ticker.Stop()
-	wg := &sync.WaitGroup{}
-	wg.Add(1)
-	go p.proxyToRemote(wg)
-	// if common.BehindNAT {
-	wg.Add(1)
-	go p.startMetricsThread(wg, ticker)
-	wg.Add(1)
-	go p.peerUpdates(wg, ticker)
-	// }
-	wg.Wait()
-
-}
-
-func (p *Proxy) updateEndpoint() error {
-	udpAddr, err := net.ResolveUDPAddr("udp", p.LocalConn.LocalAddr().String())
-	if err != nil {
-		return err
-	}
-	// add local proxy connection as a Wireguard peer
-	log.Printf("---> ####### Updating Peer:  %+v\n", p.Config.PeerConf)
-	err = p.Config.WgInterface.UpdatePeer(p.Config.RemoteKey.String(), p.Config.PeerConf.AllowedIPs, wg.DefaultWgKeepAlive,
-		udpAddr, p.Config.PeerConf.PresharedKey)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func GetFreeIp(cidrAddr string, dstPort int) (string, error) {
-	//ensure AddressRange is valid
-	if dstPort == 0 {
-		return "", errors.New("dst port should be set")
-	}
-	if _, _, err := net.ParseCIDR(cidrAddr); err != nil {
-		log.Println("UniqueAddress encountered  an error")
-		return "", err
-	}
-	net4 := iplib.Net4FromStr(cidrAddr)
-	newAddrs := net4.FirstAddress()
-	for {
-		if runtime.GOOS == "darwin" {
-			_, err := common.RunCmd(fmt.Sprintf("ifconfig lo0 alias %s 255.255.255.255", newAddrs.String()), true)
-			if err != nil {
-				log.Println("Failed to add alias: ", err)
-			}
-		}
-
-		conn, err := net.DialUDP("udp", &net.UDPAddr{
-			IP:   net.ParseIP(newAddrs.String()),
-			Port: models.NmProxyPort,
-		}, &net.UDPAddr{
-			IP:   net.ParseIP("127.0.0.1"),
-			Port: dstPort,
-		})
-		if err != nil {
-			log.Println("----> GetFreeIP ERR: ", err)
-			if strings.Contains(err.Error(), "can't assign requested address") ||
-				strings.Contains(err.Error(), "address already in use") || strings.Contains(err.Error(), "cannot assign requested address") {
-				var nErr error
-				newAddrs, nErr = net4.NextIP(newAddrs)
-				if nErr != nil {
-					return "", nErr
-				}
-			} else {
-				return "", err
-			}
-		}
-		if err == nil {
-			conn.Close()
-			return newAddrs.String(), nil
-		}
-
-	}
-}

nm-proxy/server/server.go

@@ -1,285 +0,0 @@
-package server
-
-import (
-	"context"
-	"encoding/binary"
-	"fmt"
-	"log"
-	"net"
-	"time"
-
-	"github.com/gravitl/netmaker/nm-proxy/common"
-	"github.com/gravitl/netmaker/nm-proxy/metrics"
-	"github.com/gravitl/netmaker/nm-proxy/models"
-	"github.com/gravitl/netmaker/nm-proxy/packet"
-)
-
-var (
-	NmProxyServer = &ProxyServer{}
-)
-
-const (
-	defaultBodySize = 10000
-	defaultPort     = models.NmProxyPort
-)
-
-type Config struct {
-	Port     int
-	BodySize int
-	IsRelay  bool
-	Addr     net.Addr
-}
-
-type ProxyServer struct {
-	Config Config
-	Server *net.UDPConn
-}
-
-func (p *ProxyServer) Close() {
-	log.Println("--------->### Shutting down Proxy.....")
-	// clean up proxy connections
-	for _, peerI := range common.WgIfaceMap.PeerMap {
-		peerI.Mutex.Lock()
-		peerI.StopConn()
-		peerI.Mutex.Unlock()
-	}
-	// close server connection
-	NmProxyServer.Server.Close()
-}
-
-// Proxy.Listen - begins listening for packets
-func (p *ProxyServer) Listen(ctx context.Context) {
-
-	// Buffer with indicated body size
-	buffer := make([]byte, 65036)
-	for {
-
-		select {
-		case <-ctx.Done():
-			p.Close()
-			return
-		default:
-			// Read Packet
-
-			n, source, err := p.Server.ReadFromUDP(buffer)
-			if err != nil || source == nil { // in future log errors?
-				log.Println("RECV ERROR: ", err)
-				continue
-			}
-			//go func(buffer []byte, source *net.UDPAddr, n int) {
-			proxyTransportMsg := true
-			var srcPeerKeyHash, dstPeerKeyHash string
-			n, srcPeerKeyHash, dstPeerKeyHash, err = packet.ExtractInfo(buffer, n)
-			if err != nil {
-				log.Println("proxy transport message not found: ", err)
-				proxyTransportMsg = false
-			}
-			if proxyTransportMsg {
-				p.proxyIncomingPacket(buffer[:], source, n, srcPeerKeyHash, dstPeerKeyHash)
-				continue
-			} else {
-				// unknown peer to proxy -> check if extclient and handle it
-				if handleExtClients(buffer[:], n, source) {
-					continue
-				}
-
-			}
-			handleMsgs(buffer, n, source)
-
-		}
-	}
-}
-
-func handleMsgs(buffer []byte, n int, source *net.UDPAddr) {
-
-	msgType := binary.LittleEndian.Uint32(buffer[:4])
-	switch packet.MessageType(msgType) {
-	case packet.MessageMetricsType:
-		metricMsg, err := packet.ConsumeMetricPacket(buffer[:n])
-		// calc latency
-		if err == nil {
-			log.Printf("------->$$$$$ Recieved Metric Pkt: %+v, FROM:%s\n", metricMsg, source.String())
-			if metricMsg.Sender == common.WgIfaceMap.Iface.PublicKey {
-				latency := time.Now().UnixMilli() - metricMsg.TimeStamp
-				metrics.MetricsMapLock.Lock()
-				metric := metrics.MetricsMap[metricMsg.Reciever.String()]
-				metric.LastRecordedLatency = uint64(latency)
-				metric.ConnectionStatus = true
-				metric.TrafficRecieved += float64(n) / (1 << 20)
-				metrics.MetricsMap[metricMsg.Reciever.String()] = metric
-				metrics.MetricsMapLock.Unlock()
-			} else if metricMsg.Reciever == common.WgIfaceMap.Iface.PublicKey {
-				// proxy it back to the sender
-				log.Println("------------> $$$ SENDING back the metric pkt to the source: ", source.String())
-				_, err = NmProxyServer.Server.WriteToUDP(buffer[:n], source)
-				if err != nil {
-					log.Println("Failed to send metric packet to remote: ", err)
-				}
-				metrics.MetricsMapLock.Lock()
-				metric := metrics.MetricsMap[metricMsg.Sender.String()]
-				metric.ConnectionStatus = true
-				metric.TrafficRecieved += float64(n) / (1 << 20)
-				metrics.MetricsMap[metricMsg.Sender.String()] = metric
-				metrics.MetricsMapLock.Unlock()
-			}
-		}
-	case packet.MessageProxyUpdateType:
-		msg, err := packet.ConsumeProxyUpdateMsg(buffer[:n])
-		if err == nil {
-			switch msg.Action {
-			case packet.UpdateListenPort:
-				if peer, ok := common.WgIfaceMap.PeerMap[msg.Sender.String()]; ok {
-					peer.Mutex.Lock()
-					if peer.Config.PeerEndpoint.Port != int(msg.ListenPort) {
-						// update peer conn
-						peer.Config.PeerEndpoint.Port = int(msg.ListenPort)
-						common.WgIfaceMap.PeerMap[msg.Sender.String()] = peer
-						log.Println("--------> Resetting Proxy Conn For Peer ", msg.Sender.String())
-						peer.Mutex.Unlock()
-						peer.ResetConn()
-						return
-					}
-					peer.Mutex.Unlock()
-
-				}
-			}
-		}
-	// consume handshake message for ext clients
-	case packet.MessageInitiationType:
-
-		err := packet.ConsumeHandshakeInitiationMsg(false, buffer[:n], source,
-			packet.NoisePublicKey(common.WgIfaceMap.Iface.PublicKey), packet.NoisePrivateKey(common.WgIfaceMap.Iface.PrivateKey))
-		if err != nil {
-			log.Println("---------> @@@ failed to decode HS: ", err)
-		}
-	}
-}
-
-func handleExtClients(buffer []byte, n int, source *net.UDPAddr) bool {
-	isExtClient := false
-	if peerInfo, ok := common.ExtSourceIpMap[source.String()]; ok {
-		if peerI, ok := common.WgIfaceMap.PeerMap[peerInfo.PeerKey]; ok {
-			peerI.Mutex.RLock()
-			peerI.Config.RecieverChan <- buffer[:n]
-			metrics.MetricsMapLock.Lock()
-			metric := metrics.MetricsMap[peerInfo.PeerKey]
-			metric.TrafficRecieved += float64(n) / (1 << 20)
-			metric.ConnectionStatus = true
-			metrics.MetricsMap[peerInfo.PeerKey] = metric
-			metrics.MetricsMapLock.Unlock()
-			peerI.Mutex.RUnlock()
-			isExtClient = true
-		}
-
-	}
-	return isExtClient
-}
-
-func (p *ProxyServer) proxyIncomingPacket(buffer []byte, source *net.UDPAddr, n int, srcPeerKeyHash, dstPeerKeyHash string) {
-	var err error
-	//log.Printf("--------> RECV PKT , [SRCKEYHASH: %s], SourceIP: [%s] \n", srcPeerKeyHash, source.IP.String())
-
-	if common.WgIfaceMap.IfaceKeyHash != dstPeerKeyHash && common.IsRelay {
-
-		log.Println("----------> Relaying######")
-		// check for routing map and forward to right proxy
-		if remoteMap, ok := common.RelayPeerMap[srcPeerKeyHash]; ok {
-			if conf, ok := remoteMap[dstPeerKeyHash]; ok {
-				log.Printf("--------> Relaying PKT [ SourceIP: %s:%d ], [ SourceKeyHash: %s ], [ DstIP: %s:%d ], [ DstHashKey: %s ] \n",
-					source.IP.String(), source.Port, srcPeerKeyHash, conf.Endpoint.String(), conf.Endpoint.Port, dstPeerKeyHash)
-				_, err = p.Server.WriteToUDP(buffer[:n+packet.MessageProxySize], conf.Endpoint)
-				if err != nil {
-					log.Println("Failed to send to remote: ", err)
-				}
-				return
-			}
-		} else {
-			if remoteMap, ok := common.RelayPeerMap[dstPeerKeyHash]; ok {
-				if conf, ok := remoteMap[dstPeerKeyHash]; ok {
-					log.Printf("--------> Relaying BACK TO RELAYED NODE PKT [ SourceIP: %s ], [ SourceKeyHash: %s ], [ DstIP: %s ], [ DstHashKey: %s ] \n",
-						source.String(), srcPeerKeyHash, conf.Endpoint.String(), dstPeerKeyHash)
-					_, err = p.Server.WriteToUDP(buffer[:n+packet.MessageProxySize], conf.Endpoint)
-					if err != nil {
-						log.Println("Failed to send to remote: ", err)
-					}
-					return
-				}
-			}
-
-		}
-	}
-
-	if peerInfo, ok := common.PeerKeyHashMap[srcPeerKeyHash]; ok {
-
-		log.Printf("PROXING TO LOCAL!!!---> %s <<<< %s <<<<<<<< %s   [[ RECV PKT [SRCKEYHASH: %s], [DSTKEYHASH: %s], SourceIP: [%s] ]]\n",
-			peerInfo.LocalConn.RemoteAddr(), peerInfo.LocalConn.LocalAddr(),
-			fmt.Sprintf("%s:%d", source.IP.String(), source.Port), srcPeerKeyHash, dstPeerKeyHash, source.IP.String())
-		_, err = peerInfo.LocalConn.Write(buffer[:n])
-		if err != nil {
-			log.Println("Failed to proxy to Wg local interface: ", err)
-			//continue
-		}
-
-		go func(n int, peerKey string) {
-			metrics.MetricsMapLock.Lock()
-			metric := metrics.MetricsMap[peerKey]
-			metric.TrafficRecieved += float64(n) / (1 << 20)
-			metric.ConnectionStatus = true
-			metrics.MetricsMap[peerKey] = metric
-			metrics.MetricsMapLock.Unlock()
-		}(n, peerInfo.PeerKey)
-		return
-
-	}
-
-}
-
-// Create - creats a proxy listener
-// port - port for proxy to listen on localhost
-// bodySize - default 10000, leave 0 to use default
-// addr - the address for proxy to listen on
-// forwards - indicate address to forward to, {"<address:port>",...} format
-func (p *ProxyServer) CreateProxyServer(port, bodySize int, addr string) (err error) {
-	if p == nil {
-		p = &ProxyServer{}
-	}
-	p.Config.Port = port
-	p.Config.BodySize = bodySize
-	p.setDefaults()
-	p.Server, err = net.ListenUDP("udp", &net.UDPAddr{
-		Port: p.Config.Port,
-		IP:   net.ParseIP(addr),
-	})
-	return
-}
-
-func (p *ProxyServer) KeepAlive(ip string, port int) {
-	for {
-		_, _ = p.Server.WriteToUDP([]byte("hello-proxy"), &net.UDPAddr{
-			IP:   net.ParseIP(ip),
-			Port: port,
-		})
-		//log.Println("Sending MSg: ", ip, port, err)
-		time.Sleep(time.Second * 5)
-	}
-}
-
-// Proxy.setDefaults - sets all defaults of proxy listener
-func (p *ProxyServer) setDefaults() {
-	p.setDefaultBodySize()
-	p.setDefaultPort()
-}
-
-// Proxy.setDefaultPort - sets default port of Proxy listener if 0
-func (p *ProxyServer) setDefaultPort() {
-	if p.Config.Port == 0 {
-		p.Config.Port = defaultPort
-	}
-}
-
-// Proxy.setDefaultBodySize - sets default body size of Proxy listener if 0
-func (p *ProxyServer) setDefaultBodySize() {
-	if p.Config.BodySize == 0 {
-		p.Config.BodySize = defaultBodySize
-	}
-}

nm-proxy/stun/stun.go

@@ -1,69 +0,0 @@
-package stun
-
-import (
-	"fmt"
-	"log"
-	"net"
-	"strconv"
-	"strings"
-
-	"github.com/gravitl/netmaker/nm-proxy/models"
-	"gortc.io/stun"
-)
-
-type HostInfo struct {
-	PublicIp net.IP
-	PrivIp   net.IP
-	PubPort  int
-	PrivPort int
-}
-
-var Host HostInfo
-
-func GetHostInfo(stunHostAddr string) (info HostInfo) {
-
-	s, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:3478", stunHostAddr))
-	if err != nil {
-		log.Println("Resolve: ", err)
-		return
-	}
-	l := &net.UDPAddr{
-		IP:   net.ParseIP(""),
-		Port: models.NmProxyPort,
-	}
-	conn, err := net.DialUDP("udp", l, s)
-	if err != nil {
-		log.Println(err)
-		return
-	}
-	defer conn.Close()
-	c, err := stun.NewClient(conn)
-	if err != nil {
-		log.Println(err)
-		return
-	}
-	defer c.Close()
-	re := strings.Split(conn.LocalAddr().String(), ":")
-	info.PrivIp = net.ParseIP(re[0])
-	info.PrivPort, _ = strconv.Atoi(re[1])
-	// Building binding request with random transaction id.
-	message := stun.MustBuild(stun.TransactionID, stun.BindingRequest)
-	// Sending request to STUN server, waiting for response message.
-	if err := c.Do(message, func(res stun.Event) {
-		if res.Error != nil {
-			log.Println("stun error: ", res.Error)
-			return
-		}
-		// Decoding XOR-MAPPED-ADDRESS attribute from message.
-		var xorAddr stun.XORMappedAddress
-		if err := xorAddr.GetFrom(res.Message); err != nil {
-			log.Println("stun error: ", res.Error)
-			return
-		}
-		info.PublicIp = xorAddr.IP
-		info.PubPort = xorAddr.Port
-	}); err != nil {
-		log.Println("stun error: ", err)
-	}
-	return
-}

nm-proxy/wg/wg.go

@@ -1,321 +0,0 @@
-package wg
-
-import (
-	"errors"
-	"fmt"
-	"log"
-	"net"
-	"os"
-	"os/exec"
-	"strings"
-	"sync"
-	"time"
-
-	"golang.zx2c4.com/wireguard/wgctrl"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-const (
-	DefaultMTU         = 1280
-	DefaultWgPort      = 51820
-	DefaultWgKeepAlive = 20 * time.Second
-)
-
-// WGIface represents a interface instance
-type WGIface struct {
-	Name      string
-	Port      int
-	MTU       int
-	Device    *wgtypes.Device
-	Address   WGAddress
-	Interface NetInterface
-	mu        sync.Mutex
-}
-
-// NetInterface represents a generic network tunnel interface
-type NetInterface interface {
-	Close() error
-}
-
-// WGAddress Wireguard parsed address
-type WGAddress struct {
-	IP      net.IP
-	Network *net.IPNet
-}
-
-// NewWGIFace Creates a new Wireguard interface instance
-func NewWGIFace(iface string, address string, mtu int) (*WGIface, error) {
-	wgIface := &WGIface{
-		Name: iface,
-		MTU:  mtu,
-		mu:   sync.Mutex{},
-	}
-
-	wgAddress, err := parseAddress(address)
-	if err != nil {
-		return wgIface, err
-	}
-
-	wgIface.Address = wgAddress
-	err = wgIface.GetWgIface(iface)
-	if err != nil {
-		return nil, err
-	}
-	return wgIface, nil
-}
-
-func (w *WGIface) GetWgIface(iface string) error {
-	wgClient, err := wgctrl.New()
-	if err != nil {
-		return err
-	}
-	dev, err := wgClient.Device(iface)
-	if err != nil {
-		return err
-	}
-
-	//log.Printf("----> DEVICE: %+v\n", dev)
-	w.Device = dev
-	w.Port = dev.ListenPort
-	return nil
-}
-
-func GetWgIfacePubKey(iface string) [32]byte {
-	wgClient, err := wgctrl.New()
-	if err != nil {
-		log.Println("Error fetching pub key: ", iface, err)
-		return [32]byte{}
-	}
-	dev, err := wgClient.Device(iface)
-	if err != nil {
-		log.Println("Error fetching pub key: ", iface, err)
-		return [32]byte{}
-	}
-
-	return dev.PublicKey
-}
-
-func GetWgIfacePrivKey(iface string) [32]byte {
-	wgClient, err := wgctrl.New()
-	if err != nil {
-		log.Println("Error fetching pub key: ", iface, err)
-		return [32]byte{}
-	}
-	dev, err := wgClient.Device(iface)
-	if err != nil {
-		log.Println("Error fetching pub key: ", iface, err)
-		return [32]byte{}
-	}
-	return dev.PrivateKey
-}
-
-// parseAddress parse a string ("1.2.3.4/24") address to WG Address
-func parseAddress(address string) (WGAddress, error) {
-	ip, network, err := net.ParseCIDR(address)
-	if err != nil {
-		return WGAddress{}, err
-	}
-	return WGAddress{
-		IP:      ip,
-		Network: network,
-	}, nil
-}
-
-// UpdatePeer updates existing Wireguard Peer or creates a new one if doesn't exist
-func (w *WGIface) UpdatePeer(peerKey string, allowedIps []net.IPNet, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	log.Printf("updating interface %s peer %s: endpoint %s ", w.Name, peerKey, endpoint)
-
-	// //parse allowed ips
-	// _, ipNet, err := net.ParseCIDR(allowedIps)
-	// if err != nil {
-	// 	return err
-	// }
-
-	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
-	if err != nil {
-		return err
-	}
-	peer := wgtypes.PeerConfig{
-		PublicKey:                   peerKeyParsed,
-		ReplaceAllowedIPs:           true,
-		AllowedIPs:                  allowedIps,
-		PersistentKeepaliveInterval: &keepAlive,
-		PresharedKey:                preSharedKey,
-		Endpoint:                    endpoint,
-	}
-
-	config := wgtypes.Config{
-		Peers: []wgtypes.PeerConfig{peer},
-	}
-	err = w.configureDevice(config)
-	if err != nil {
-		return fmt.Errorf("received error \"%v\" while updating peer on interface %s with settings: allowed ips %s, endpoint %s", err, w.Name, allowedIps, endpoint.String())
-	}
-	return nil
-}
-
-// configureDevice configures the wireguard device
-func (w *WGIface) configureDevice(config wgtypes.Config) error {
-	wg, err := wgctrl.New()
-	if err != nil {
-		return err
-	}
-	defer wg.Close()
-
-	// validate if device with name exists
-	_, err = wg.Device(w.Name)
-	if err != nil {
-		return err
-	}
-	log.Printf("got Wireguard device %s\n", w.Name)
-
-	return wg.ConfigureDevice(w.Name, config)
-}
-
-// GetListenPort returns the listening port of the Wireguard endpoint
-func (w *WGIface) GetListenPort() (*int, error) {
-	log.Printf("getting Wireguard listen port of interface %s", w.Name)
-
-	//discover Wireguard current configuration
-	wg, err := wgctrl.New()
-	if err != nil {
-		return nil, err
-	}
-	defer wg.Close()
-
-	d, err := wg.Device(w.Name)
-	if err != nil {
-		return nil, err
-	}
-	log.Printf("got Wireguard device listen port %s, %d", w.Name, d.ListenPort)
-
-	return &d.ListenPort, nil
-}
-
-// GetRealIface - retrieves tun iface based on reference iface name from config file
-func GetRealIface(iface string) (string, error) {
-	RunCmd("wg show interfaces", false)
-	ifacePath := "/var/run/wireguard/" + iface + ".name"
-	if !(FileExists(ifacePath)) {
-		return "", errors.New(ifacePath + " does not exist")
-	}
-	realIfaceName, err := GetFileAsString(ifacePath)
-	if err != nil {
-		return "", err
-	}
-	realIfaceName = strings.TrimSpace(realIfaceName)
-	if !(FileExists(fmt.Sprintf("/var/run/wireguard/%s.sock", realIfaceName))) {
-		return "", errors.New("interface file does not exist")
-	}
-	return realIfaceName, nil
-}
-
-// FileExists - checks if file exists locally
-func FileExists(f string) bool {
-	info, err := os.Stat(f)
-	if os.IsNotExist(err) {
-		return false
-	}
-	if err != nil && strings.Contains(err.Error(), "not a directory") {
-		return false
-	}
-	if err != nil {
-		log.Println(0, "error reading file: "+f+", "+err.Error())
-	}
-	return !info.IsDir()
-}
-
-// GetFileAsString - returns the string contents of a given file
-func GetFileAsString(path string) (string, error) {
-	content, err := os.ReadFile(path)
-	if err != nil {
-		return "", err
-	}
-	return string(content), err
-}
-
-// RunCmd - runs a local command
-func RunCmd(command string, printerr bool) (string, error) {
-	args := strings.Fields(command)
-	cmd := exec.Command(args[0], args[1:]...)
-	cmd.Wait()
-	out, err := cmd.CombinedOutput()
-	if err != nil && printerr {
-		log.Println("error running command: ", command)
-		log.Println(strings.TrimSuffix(string(out), "\n"))
-	}
-	return string(out), err
-}
-
-// RemovePeer removes a Wireguard Peer from the interface iface
-func (w *WGIface) RemovePeer(peerKey string) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	log.Printf("Removing peer %s from interface %s ", peerKey, w.Name)
-
-	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
-	if err != nil {
-		return err
-	}
-
-	peer := wgtypes.PeerConfig{
-		PublicKey: peerKeyParsed,
-		Remove:    true,
-	}
-
-	config := wgtypes.Config{
-		Peers: []wgtypes.PeerConfig{peer},
-	}
-	err = w.configureDevice(config)
-	if err != nil {
-		return fmt.Errorf("received error \"%v\" while removing peer %s from interface %s", err, peerKey, w.Name)
-	}
-	return nil
-}
-
-// UpdatePeer
-func (w *WGIface) Update(peerConf wgtypes.PeerConfig, updateOnly bool) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	var err error
-	log.Printf("---------> NEWWWWWW Updating peer %+v from interface %s ", peerConf, w.Name)
-
-	peerConf.UpdateOnly = updateOnly
-	peerConf.ReplaceAllowedIPs = true
-	config := wgtypes.Config{
-		Peers: []wgtypes.PeerConfig{peerConf},
-	}
-	err = w.configureDevice(config)
-	if err != nil {
-		return fmt.Errorf("received error \"%v\" while Updating peer %s from interface %s", err, peerConf.PublicKey.String(), w.Name)
-	}
-	return nil
-}
-
-func GetPeer(ifaceName, peerPubKey string) (wgtypes.Peer, error) {
-	wg, err := wgctrl.New()
-	if err != nil {
-		return wgtypes.Peer{}, err
-	}
-	defer func() {
-		err = wg.Close()
-		if err != nil {
-			log.Printf("got error while closing wgctl: %v", err)
-		}
-	}()
-
-	wgDevice, err := wg.Device(ifaceName)
-	if err != nil {
-		return wgtypes.Peer{}, err
-	}
-	for _, peer := range wgDevice.Peers {
-		if peer.PublicKey.String() == peerPubKey {
-			return peer, nil
-		}
-	}
-	return wgtypes.Peer{}, fmt.Errorf("peer not found")
-}