Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

static node traffic flow improvements

abhishek9686 7 months ago
parent
fabc9f2920
commit
a07850905d
1 changed files with 81 additions and 0 deletions
Split View Show Diff Stats
  1. 81 0
      logic/acls.go

+ 81 - 0
logic/acls.go
View File 

@@ -642,6 +642,87 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
 
 	}
 
 	return false
 
 }
 
+func checkIfAttachedStaticNodesOnPeerAreAllowed(node, peer models.Node) bool {
 
+	if !peer.IsGw {
 
+		return false
 
+	}
 
+	// list device policies
 
+	policies := listDevicePolicies(models.NetworkID(peer.Network))
 
+	srcMap := make(map[string]struct{})
 
+	dstMap := make(map[string]struct{})
 
+	defer func() {
 
+		srcMap = nil
 
+		dstMap = nil
 
+	}()
 
+	for _, policy := range policies {
 
+		if !policy.Enabled {
 
+			continue
 
+		}
 
+		srcMap = convAclTagToValueMap(policy.Src)
 
+		dstMap = convAclTagToValueMap(policy.Dst)
 
+		// check the static nodes
 
+		staticNodes := GetStaticNodesByGw(peer)
 
+		for _, staticNode := range staticNodes {
 
+			if _, ok := srcMap[node.ID.String()]; ok {
 
+				if _, ok = dstMap[staticNode.ID.String()]; ok {
 
+					return true
 
+				}
 
+
 
+			}
 
+			if _, ok := dstMap[node.ID.String()]; ok {
 
+				if _, ok = srcMap[staticNode.ID.String()]; ok {
 
+					return true
 
+				}
 
+			}
 
+			for tagID := range node.Tags {
 
+				if _, ok := dstMap[tagID.String()]; ok {
 
+					if _, ok := srcMap["*"]; ok {
 
+						return true
 
+					}
 
+					for tagID := range staticNode.Tags {
 
+						if _, ok := srcMap[tagID.String()]; ok {
 
+							return true
 
+						}
 
+					}
 
+				}
 
+				if _, ok := srcMap[tagID.String()]; ok {
 
+					if _, ok := dstMap["*"]; ok {
 
+						return true
 
+					}
 
+					for tagID := range staticNode.Tags {
 
+						if _, ok := dstMap[tagID.String()]; ok {
 
+							return true
 
+						}
 
+					}
 
+				}
 
+			}
 
+			for tagID := range staticNode.Tags {
 
+				if _, ok := dstMap[tagID.String()]; ok {
 
+					if _, ok := srcMap["*"]; ok {
 
+						return true
 
+					}
 
+					for tagID := range node.Tags {
 
+
 
+						if _, ok := srcMap[tagID.String()]; ok {
 
+							return true
 
+						}
 
+					}
 
+				}
 
+				if _, ok := srcMap[tagID.String()]; ok {
 
+					if _, ok := dstMap["*"]; ok {
 
+						return true
 
+					}
 
+					for tagID := range node.Tags {
 
+						if _, ok := dstMap[tagID.String()]; ok {
 
+							return true
 
+						}
 
+					}
 
+				}
 
+			}
 
+		}
 
+	}
 
+	return false
 
+}
 
 
 func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.Node) bool {
 
 	// check for node ID