Merge pull request #1992 from gravitl/GRA-1054/ingress_route_manager

Gra 1054/ingress route manager

logic/peers.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"net"
+	"net/netip"
 	"sort"
 	"strconv"
 	"strings"
@@ -299,10 +300,14 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 	}
 	hostPeerUpdate := models.HostPeerUpdate{
 		Host:          *host,
+		Server:        servercfg.GetServer(),
 		Network:       make(map[string]models.NetworkInfo),
 		PeerIDs:       make(models.HostPeerMap),
 		ServerVersion: servercfg.GetVersion(),
 		ServerAddrs:   []models.ServerAddr{},
+		IngressInfo: models.IngressInfo{
+			ExtPeers: make(map[string]models.ExtClientInfo),
+		},
 	}
 	logger.Log(1, "peer update for host ", host.ID.String())
 	peerIndexMap := make(map[string]int)
@@ -314,6 +319,7 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 		if !node.Connected || node.Action == models.NODE_DELETE || node.PendingDelete {
 			continue
 		}
+
 		hostPeerUpdate.Network[node.Network] = models.NetworkInfo{
 			DNS: getPeerDNS(node.Network),
 		}
@@ -322,6 +328,10 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 			log.Println("no network nodes")
 			return models.HostPeerUpdate{}, err
 		}
+		var extClientPeerMap map[string]models.PeerExtInfo
+		if node.IsIngressGateway {
+			extClientPeerMap = make(map[string]models.PeerExtInfo)
+		}
 		for _, peer := range currentPeers {
 			if peer.ID == node.ID {
 				logger.Log(2, "peer update, skipping self")
@@ -383,6 +393,17 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 				allowedips = append(allowedips, getEgressIPs(&node, &peer)...)
 			}
 			peerConfig.AllowedIPs = allowedips
+			if node.IsIngressGateway {
+
+				extClientPeerMap[peerHost.PublicKey.String()] = models.PeerExtInfo{
+					PeerAddr: net.IPNet{
+						IP:   net.ParseIP(peer.PrimaryAddress()),
+						Mask: getCIDRMaskFromAddr(peer.PrimaryAddress()),
+					},
+					PeerKey: peerHost.PublicKey.String(),
+					Allow:   true,
+				}
+			}
 
 			if _, ok := hostPeerUpdate.PeerIDs[peerHost.PublicKey.String()]; !ok {
 				hostPeerUpdate.PeerIDs[peerHost.PublicKey.String()] = make(map[string]models.IDandAddr)
@@ -419,6 +440,19 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 						Name:    extPeerIdAndAddr.Name,
 						Network: node.Network,
 					}
+					hostPeerUpdate.IngressInfo.ExtPeers[extPeerIdAndAddr.ID] = models.ExtClientInfo{
+						Masquerade: true,
+						IngGwAddr: net.IPNet{
+							IP:   net.ParseIP(node.PrimaryAddress()),
+							Mask: getCIDRMaskFromAddr(node.PrimaryAddress()),
+						},
+						ExtPeerAddr: net.IPNet{
+							IP:   net.ParseIP(extPeerIdAndAddr.Address),
+							Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
+						},
+						ExtPeerKey: extPeerIdAndAddr.ID,
+						Peers:      extClientPeerMap,
+					}
 				}
 
 			} else if !database.IsEmptyRecord(err) {
@@ -1117,3 +1151,15 @@ func getNodeAllowedIPs(peer, node *models.Node) []net.IPNet {
 	}
 	return allowedips
 }
+
+func getCIDRMaskFromAddr(addr string) net.IPMask {
+	cidr := net.CIDRMask(32, 32)
+	ipAddr, err := netip.ParseAddr(addr)
+	if err != nil {
+		return cidr
+	}
+	if ipAddr.Is6() {
+		cidr = net.CIDRMask(128, 128)
+	}
+	return cidr
+}

models/mqtt.go

@@ -1,6 +1,8 @@
 package models
 
 import (
+	"net"
+
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
@@ -18,12 +20,35 @@ type PeerUpdate struct {
 // HostPeerUpdate - struct for host peer updates
 type HostPeerUpdate struct {
 	Host          Host                   `json:"host" bson:"host" yaml:"host"`
+	Server        string                 `json:"server" bson:"server" yaml:"server"`
 	ServerVersion string                 `json:"serverversion" bson:"serverversion" yaml:"serverversion"`
 	ServerAddrs   []ServerAddr           `json:"serveraddrs" bson:"serveraddrs" yaml:"serveraddrs"`
 	Network       map[string]NetworkInfo `json:"network" bson:"network" yaml:"network"`
 	Peers         []wgtypes.PeerConfig   `json:"peers" bson:"peers" yaml:"peers"`
 	PeerIDs       HostPeerMap            `json:"peerids" bson:"peerids" yaml:"peerids"`
 	ProxyUpdate   ProxyManagerPayload    `json:"proxy_update" bson:"proxy_update" yaml:"proxy_update"`
+	IngressInfo   IngressInfo            `json:"ingress_info" bson:"ext_peers" yaml:"ext_peers"`
+}
+
+// IngressInfo - struct for ingress info
+type IngressInfo struct {
+	ExtPeers map[string]ExtClientInfo `json:"ext_peers" yaml:"ext_peers"`
+}
+
+// PeerExtInfo - struct for peer info for an ext. client
+type PeerExtInfo struct {
+	PeerAddr net.IPNet `json:"peer_addr" yaml:"peer_addr"`
+	PeerKey  string    `json:"peer_key" yaml:"peer_key"`
+	Allow    bool      `json:"allow" yaml:"allow"`
+}
+
+// ExtClientInfo - struct for ext. client and it's peers
+type ExtClientInfo struct {
+	IngGwAddr   net.IPNet              `json:"ingress_gw_addr" yaml:"ingress_gw_addr"`
+	Masquerade  bool                   `json:"masquerade" yaml:"masquerade"`
+	ExtPeerAddr net.IPNet              `json:"ext_peer_addr" yaml:"ext_peer_addr"`
+	ExtPeerKey  string                 `json:"ext_peer_key" yaml:"ext_peer_key"`
+	Peers       map[string]PeerExtInfo `json:"peers" yaml:"peers"`
 }
 
 // NetworkInfo - struct for network info