|
@@ -3,7 +3,6 @@ package logic
|
|
|
import (
|
|
import (
|
|
|
"errors"
|
|
"errors"
|
|
|
"fmt"
|
|
"fmt"
|
|
|
- "log"
|
|
|
|
|
"net"
|
|
"net"
|
|
|
"net/netip"
|
|
"net/netip"
|
|
|
|
|
|
|
@@ -137,10 +136,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|
|
Peers: []wgtypes.PeerConfig{},
|
|
Peers: []wgtypes.PeerConfig{},
|
|
|
NodePeers: []wgtypes.PeerConfig{},
|
|
NodePeers: []wgtypes.PeerConfig{},
|
|
|
}
|
|
}
|
|
|
- var deletedNodes = []models.Node{} // used to track deleted nodes
|
|
|
|
|
- if deletedNode != nil {
|
|
|
|
|
- deletedNodes = append(deletedNodes, *deletedNode)
|
|
|
|
|
- }
|
|
|
|
|
|
|
+
|
|
|
logger.Log(1, "peer update for host", host.ID.String())
|
|
logger.Log(1, "peer update for host", host.ID.String())
|
|
|
peerIndexMap := make(map[string]int)
|
|
peerIndexMap := make(map[string]int)
|
|
|
for _, nodeID := range host.Nodes {
|
|
for _, nodeID := range host.Nodes {
|
|
@@ -154,7 +150,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|
|
}
|
|
}
|
|
|
currentPeers, err := GetNetworkNodes(node.Network)
|
|
currentPeers, err := GetNetworkNodes(node.Network)
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
- log.Println("no network nodes")
|
|
|
|
|
return models.HostPeerUpdate{}, err
|
|
return models.HostPeerUpdate{}, err
|
|
|
}
|
|
}
|
|
|
var nodePeerMap map[string]models.PeerRouteInfo
|
|
var nodePeerMap map[string]models.PeerRouteInfo
|
|
@@ -168,10 +163,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|
|
//skip yourself
|
|
//skip yourself
|
|
|
continue
|
|
continue
|
|
|
}
|
|
}
|
|
|
- if peer.Action == models.NODE_DELETE || peer.PendingDelete {
|
|
|
|
|
- deletedNodes = append(deletedNodes, peer) // track deleted node for peer update
|
|
|
|
|
- continue
|
|
|
|
|
- }
|
|
|
|
|
var peerConfig wgtypes.PeerConfig
|
|
var peerConfig wgtypes.PeerConfig
|
|
|
peerHost, err := GetHost(peer.HostID.String())
|
|
peerHost, err := GetHost(peer.HostID.String())
|
|
|
if err != nil {
|
|
if err != nil {
|
|
@@ -179,16 +170,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|
|
return models.HostPeerUpdate{}, err
|
|
return models.HostPeerUpdate{}, err
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- if !peer.Connected {
|
|
|
|
|
- logger.Log(2, "peer update, skipping unconnected node", peer.ID.String())
|
|
|
|
|
- //skip unconnected nodes
|
|
|
|
|
- continue
|
|
|
|
|
- }
|
|
|
|
|
- if !nodeacls.AreNodesAllowed(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID.String()), nodeacls.NodeID(peer.ID.String())) {
|
|
|
|
|
- logger.Log(2, "peer update, skipping node for acl")
|
|
|
|
|
- //skip if not permitted by acl
|
|
|
|
|
- continue
|
|
|
|
|
- }
|
|
|
|
|
peerConfig.PublicKey = peerHost.PublicKey
|
|
peerConfig.PublicKey = peerHost.PublicKey
|
|
|
peerConfig.PersistentKeepaliveInterval = &peer.PersistentKeepalive
|
|
peerConfig.PersistentKeepaliveInterval = &peer.PersistentKeepalive
|
|
|
peerConfig.ReplaceAllowedIPs = true
|
|
peerConfig.ReplaceAllowedIPs = true
|
|
@@ -225,7 +206,14 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|
|
if peer.IsEgressGateway {
|
|
if peer.IsEgressGateway {
|
|
|
allowedips = append(allowedips, getEgressIPs(&node, &peer)...)
|
|
allowedips = append(allowedips, getEgressIPs(&node, &peer)...)
|
|
|
}
|
|
}
|
|
|
- peerConfig.AllowedIPs = allowedips
|
|
|
|
|
|
|
+ if peer.Action != models.NODE_DELETE &&
|
|
|
|
|
+ !peer.PendingDelete &&
|
|
|
|
|
+ peer.Connected &&
|
|
|
|
|
+ nodeacls.AreNodesAllowed(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID.String()), nodeacls.NodeID(peer.ID.String())) &&
|
|
|
|
|
+ (deletedNode == nil || (deletedNode != nil && peer.ID.String() != deletedNode.ID.String())) {
|
|
|
|
|
+ peerConfig.AllowedIPs = allowedips // only append allowed IPs if valid connection
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
if node.IsIngressGateway || node.IsEgressGateway {
|
|
if node.IsIngressGateway || node.IsEgressGateway {
|
|
|
if peer.IsIngressGateway {
|
|
if peer.IsIngressGateway {
|
|
|
_, extPeerIDAndAddrs, err := getExtPeers(&peer)
|
|
_, extPeerIDAndAddrs, err := getExtPeers(&peer)
|
|
@@ -354,27 +342,22 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
+ // == post peer calculations ==
|
|
|
|
|
+ // indicate removal if no allowed IPs were calculated
|
|
|
|
|
+ for i := range hostPeerUpdate.Peers {
|
|
|
|
|
+ peer := hostPeerUpdate.Peers[i]
|
|
|
|
|
+ if len(peer.AllowedIPs) == 0 {
|
|
|
|
|
+ peer.Remove = true
|
|
|
|
|
+ }
|
|
|
|
|
+ hostPeerUpdate.Peers[i] = peer
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
- // run through delete nodes
|
|
|
|
|
- if len(deletedNodes) > 0 {
|
|
|
|
|
- for i := range deletedNodes {
|
|
|
|
|
- delNode := deletedNodes[i]
|
|
|
|
|
- delHost, err := GetHost(delNode.HostID.String())
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- continue
|
|
|
|
|
- }
|
|
|
|
|
- if _, ok := hostPeerUpdate.HostPeerIDs[delHost.PublicKey.String()]; !ok {
|
|
|
|
|
- var peerConfig = wgtypes.PeerConfig{}
|
|
|
|
|
- peerConfig.PublicKey = delHost.PublicKey
|
|
|
|
|
- peerConfig.Endpoint = &net.UDPAddr{
|
|
|
|
|
- IP: delHost.EndpointIP,
|
|
|
|
|
- Port: GetPeerListenPort(delHost),
|
|
|
|
|
- }
|
|
|
|
|
- peerConfig.Remove = true
|
|
|
|
|
- peerConfig.AllowedIPs = []net.IPNet{delNode.Address, delNode.Address6}
|
|
|
|
|
- hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, peerConfig)
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ for i := range hostPeerUpdate.NodePeers {
|
|
|
|
|
+ peer := hostPeerUpdate.NodePeers[i]
|
|
|
|
|
+ if len(peer.AllowedIPs) == 0 {
|
|
|
|
|
+ peer.Remove = true
|
|
|
}
|
|
}
|
|
|
|
|
+ hostPeerUpdate.NodePeers[i] = peer
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
return hostPeerUpdate, nil
|
|
return hostPeerUpdate, nil
|
0xdcarns