Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

add extclient extra allowedIPs and attach them to egress routes

Abhishek Kondur 1 year ago
parent
9a58c1237e
commit
b6b71c951e
2 changed files with 69 additions and 6 deletions
Split View Show Diff Stats
  1. 45 6
      logic/peers.go
  2. 24 0
      models/node.go

+ 45 - 6
logic/peers.go
View File 

@@ -129,6 +129,9 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 
 					EgressRanges: peer.EgressGatewayRanges,
 
 				})
 
 			}
 
+			if peer.IsIngressGateway {
 
+				hostPeerUpdate.EgressRoutes = append(hostPeerUpdate.EgressRoutes, getExtpeersExtraRoutes(peer.Network)...)
 
+			}
 
 			if (node.IsRelayed && node.RelayedBy != peer.ID.String()) || (peer.IsRelayed && peer.RelayedBy != node.ID.String()) {
 
 				// if node is relayed and peer is not the relay, set remove to true
 
 				if _, ok := peerIndexMap[peerHost.PublicKey.String()]; ok {
 
@@ -207,9 +210,11 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 
 		}
 
 		var extPeers []wgtypes.PeerConfig
 
 		var extPeerIDAndAddrs []models.IDandAddr
 
+		var egressRoutes []models.EgressNetworkRoutes
 
 		if node.IsIngressGateway {
 
-			extPeers, extPeerIDAndAddrs, err = getExtPeers(&node, &node)
 
+			extPeers, extPeerIDAndAddrs, egressRoutes, err = getExtPeers(&node, &node)
 
 			if err == nil {
 
+				hostPeerUpdate.EgressRoutes = append(hostPeerUpdate.EgressRoutes, egressRoutes...)
 
 				hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...)
 
 				for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
 
 					extPeerIdAndAddr := extPeerIdAndAddr
 
@@ -290,16 +295,17 @@ func GetPeerListenPort(host *models.Host) int {
 
 	return peerPort
 
 }
 
 
-func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, error) {
 
+func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, []models.EgressNetworkRoutes, error) {
 
 	var peers []wgtypes.PeerConfig
 
 	var idsAndAddr []models.IDandAddr
 
+	var egressRoutes []models.EgressNetworkRoutes
 
 	extPeers, err := GetNetworkExtClients(node.Network)
 
 	if err != nil {
 
-		return peers, idsAndAddr, err
 
+		return peers, idsAndAddr, egressRoutes, err
 
 	}
 
 	host, err := GetHost(node.HostID.String())
 
 	if err != nil {
 
-		return peers, idsAndAddr, err
 
+		return peers, idsAndAddr, egressRoutes, err
 
 	}
 
 	for _, extPeer := range extPeers {
 
 		extPeer := extPeer
 
@@ -338,6 +344,12 @@ func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA
 
 				allowedips = append(allowedips, addr6)
 
 			}
 
 		}
 
+		for _, extraAllowedIP := range extPeer.ExtraAllowedIPs {
 
+			_, cidr, err := net.ParseCIDR(extraAllowedIP)
 
+			if err == nil {
 
+				allowedips = append(allowedips, *cidr)
 
+			}
 
+		}
 
 
 		primaryAddr := extPeer.Address
 
 		if primaryAddr == "" {
 
@@ -356,8 +368,35 @@ func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA
 
 			IsExtClient: true,
 
 		})
 
 	}
 
-	return peers, idsAndAddr, nil
 
+	return peers, idsAndAddr, egressRoutes, nil
 
+
 
+}
 
+
 
+func getExtPeerEgressRoute(extPeer models.ExtClient) (egressRoutes []models.EgressNetworkRoutes) {
 
+	if extPeer.Address != "" {
 
+		egressRoutes = append(egressRoutes, models.EgressNetworkRoutes{
 
+			NodeAddr:     extPeer.AddressIPNet4(),
 
+			EgressRanges: extPeer.ExtraAllowedIPs,
 
+		})
 
+	}
 
+	if extPeer.Address6 != "" {
 
+		egressRoutes = append(egressRoutes, models.EgressNetworkRoutes{
 
+			NodeAddr:     extPeer.AddressIPNet6(),
 
+			EgressRanges: extPeer.ExtraAllowedIPs,
 
+		})
 
+	}
 
+	return
 
+}
 
 
+func getExtpeersExtraRoutes(network string) (egressRoutes []models.EgressNetworkRoutes) {
 
+	extPeers, err := GetNetworkExtClients(network)
 
+	if err != nil {
 
+		return
 
+	}
 
+	for _, extPeer := range extPeers {
 
+		egressRoutes = append(egressRoutes, getExtPeerEgressRoute(extPeer)...)
 
+	}
 
+	return
 
 }
 
 
 // GetAllowedIPs - calculates the wireguard allowedip field for a peer of a node based on the peer and node settings
 
@@ -367,7 +406,7 @@ func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics) []net.IPNet
 
 
 	// handle ingress gateway peers
 
 	if peer.IsIngressGateway {
 
-		extPeers, _, err := getExtPeers(peer, node)
 
+		extPeers, _, _, err := getExtPeers(peer, node)
 
 		if err != nil {
 
 			logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error())
 
 		}

+ 24 - 0
models/node.go
View File 

@@ -192,6 +192,30 @@ func (node *Node) PrimaryAddress() string {
 
 	return node.Address6.IP.String()
 
 }
 
 
+// ExtClient.PrimaryAddress - returns ipv4 IPNet format
 
+func (extPeer *ExtClient) AddressIPNet4() net.IPNet {
 
+	if extPeer.Address == "" {
 
+		return net.IPNet{}
 
+	}
 
+	_, cidr, err := net.ParseCIDR(extPeer.Address)
 
+	if err != nil {
 
+		return net.IPNet{}
 
+	}
 
+	return *cidr
 
+}
 
+
 
+// ExtClient.AddressIPNet6 - return ipv6 IPNet format
 
+func (extPeer *ExtClient) AddressIPNet6() net.IPNet {
 
+	if extPeer.Address6 == "" {
 
+		return net.IPNet{}
 
+	}
 
+	_, cidr6, err := net.ParseCIDR(extPeer.Address6)
 
+	if err != nil {
 
+		return net.IPNet{}
 
+	}
 
+	return *cidr6
 
+}
 
+
 
 // Node.PrimaryNetworkRange - returns node's parent network, returns ipv4 address if present, else return ipv6
 
 func (node *Node) PrimaryNetworkRange() net.IPNet {
 
 	if node.NetworkRange.IP != nil {