grpc.go 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388
  1. package server
  2. import (
  3. "encoding/json"
  4. "log"
  5. "net"
  6. "strconv"
  7. "strings"
  8. "time"
  9. nodepb "github.com/gravitl/netmaker/grpc"
  10. "github.com/gravitl/netmaker/logic"
  11. "github.com/gravitl/netmaker/models"
  12. "github.com/gravitl/netmaker/netclient/auth"
  13. "github.com/gravitl/netmaker/netclient/config"
  14. "github.com/gravitl/netmaker/netclient/ncutils"
  15. "golang.zx2c4.com/wireguard/wgctrl/wgtypes"
  16. "google.golang.org/grpc"
  17. "google.golang.org/grpc/metadata"
  18. )
  19. const RELAY_KEEPALIVE_MARKER = "20007ms"
  20. func getGrpcClient(cfg *config.ClientConfig) (nodepb.NodeServiceClient, error) {
  21. var wcclient nodepb.NodeServiceClient
  22. // == GRPC SETUP ==
  23. conn, err := grpc.Dial(cfg.Server.GRPCAddress,
  24. ncutils.GRPCRequestOpts(cfg.Server.GRPCSSL))
  25. if err != nil {
  26. return nil, err
  27. }
  28. defer conn.Close()
  29. wcclient = nodepb.NewNodeServiceClient(conn)
  30. return wcclient, nil
  31. }
  32. func CheckIn(network string) (*models.Node, error) {
  33. cfg, err := config.ReadConfig(network)
  34. if err != nil {
  35. return nil, err
  36. }
  37. node := cfg.Node
  38. if cfg.Node.IsServer != "yes" {
  39. wcclient, err := getGrpcClient(cfg)
  40. if err != nil {
  41. return nil, err
  42. }
  43. // == run client action ==
  44. var header metadata.MD
  45. ctx, err := auth.SetJWT(wcclient, network)
  46. nodeData, err := json.Marshal(&node)
  47. if err != nil {
  48. return nil, err
  49. }
  50. response, err := wcclient.ReadNode(
  51. ctx,
  52. &nodepb.Object{
  53. Data: string(nodeData),
  54. Type: nodepb.NODE_TYPE,
  55. },
  56. grpc.Header(&header),
  57. )
  58. if err != nil {
  59. log.Printf("Encountered error checking in node: %v", err)
  60. }
  61. if err = json.Unmarshal([]byte(response.GetData()), &node); err != nil {
  62. return nil, err
  63. }
  64. }
  65. return &node, err
  66. }
  67. /*
  68. func RemoveNetwork(network string) error {
  69. //need to implement checkin on server side
  70. cfg, err := config.ReadConfig(network)
  71. if err != nil {
  72. return err
  73. }
  74. servercfg := cfg.Server
  75. node := cfg.Node
  76. log.Println("Deleting remote node with MAC: " + node.MacAddress)
  77. var wcclient nodepb.NodeServiceClient
  78. conn, err := grpc.Dial(cfg.Server.GRPCAddress,
  79. ncutils.GRPCRequestOpts(cfg.Server.GRPCSSL))
  80. if err != nil {
  81. log.Printf("Unable to establish client connection to "+servercfg.GRPCAddress+": %v", err)
  82. //return err
  83. } else {
  84. wcclient = nodepb.NewNodeServiceClient(conn)
  85. ctx, err := auth.SetJWT(wcclient, network)
  86. if err != nil {
  87. //return err
  88. log.Printf("Failed to authenticate: %v", err)
  89. } else {
  90. var header metadata.MD
  91. _, err = wcclient.DeleteNode(
  92. ctx,
  93. &nodepb.Object{
  94. Data: node.MacAddress + "###" + node.Network,
  95. Type: nodepb.STRING_TYPE,
  96. },
  97. grpc.Header(&header),
  98. )
  99. if err != nil {
  100. log.Printf("Encountered error deleting node: %v", err)
  101. log.Println(err)
  102. } else {
  103. log.Println("Deleted node " + node.MacAddress)
  104. }
  105. }
  106. }
  107. //err = functions.RemoveLocalInstance(network)
  108. return err
  109. }
  110. */
  111. func GetPeers(macaddress string, network string, server string, dualstack bool, isIngressGateway bool, isServer bool) ([]wgtypes.PeerConfig, bool, []string, error) {
  112. hasGateway := false
  113. var gateways []string
  114. var peers []wgtypes.PeerConfig
  115. cfg, err := config.ReadConfig(network)
  116. if err != nil {
  117. log.Fatalf("Issue retrieving config for network: "+network+". Please investigate: %v", err)
  118. }
  119. nodecfg := cfg.Node
  120. keepalive := nodecfg.PersistentKeepalive
  121. keepalivedur, err := time.ParseDuration(strconv.FormatInt(int64(keepalive), 10) + "s")
  122. keepaliveserver, err := time.ParseDuration(strconv.FormatInt(int64(5), 10) + "s")
  123. if err != nil {
  124. log.Fatalf("Issue with format of keepalive value. Please update netconfig: %v", err)
  125. }
  126. var nodes []models.Node // fill this either from server or client
  127. if !isServer { // set peers client side
  128. var wcclient nodepb.NodeServiceClient
  129. conn, err := grpc.Dial(cfg.Server.GRPCAddress,
  130. ncutils.GRPCRequestOpts(cfg.Server.GRPCSSL))
  131. if err != nil {
  132. log.Fatalf("Unable to establish client connection to localhost:50051: %v", err)
  133. }
  134. defer conn.Close()
  135. // Instantiate the BlogServiceClient with our client connection to the server
  136. wcclient = nodepb.NewNodeServiceClient(conn)
  137. req := &nodepb.Object{
  138. Data: macaddress + "###" + network,
  139. Type: nodepb.STRING_TYPE,
  140. }
  141. ctx, err := auth.SetJWT(wcclient, network)
  142. if err != nil {
  143. log.Println("Failed to authenticate.")
  144. return peers, hasGateway, gateways, err
  145. }
  146. var header metadata.MD
  147. response, err := wcclient.GetPeers(ctx, req, grpc.Header(&header))
  148. if err != nil {
  149. log.Println("Error retrieving peers")
  150. log.Println(err)
  151. return nil, hasGateway, gateways, err
  152. }
  153. if err := json.Unmarshal([]byte(response.GetData()), &nodes); err != nil {
  154. log.Println("Error unmarshaling data for peers")
  155. return nil, hasGateway, gateways, err
  156. }
  157. } else { // set peers serverside
  158. nodes, err = logic.GetPeers(nodecfg)
  159. if err != nil {
  160. return nil, hasGateway, gateways, err
  161. }
  162. }
  163. for _, node := range nodes {
  164. pubkey, err := wgtypes.ParseKey(node.PublicKey)
  165. if err != nil {
  166. log.Println("error parsing key")
  167. return peers, hasGateway, gateways, err
  168. }
  169. if nodecfg.PublicKey == node.PublicKey {
  170. continue
  171. }
  172. if nodecfg.Endpoint == node.Endpoint {
  173. if nodecfg.LocalAddress != node.LocalAddress && node.LocalAddress != "" {
  174. node.Endpoint = node.LocalAddress
  175. } else {
  176. continue
  177. }
  178. }
  179. var peer wgtypes.PeerConfig
  180. var peeraddr = net.IPNet{
  181. IP: net.ParseIP(node.Address),
  182. Mask: net.CIDRMask(32, 32),
  183. }
  184. var allowedips []net.IPNet
  185. allowedips = append(allowedips, peeraddr)
  186. // handle manually set peers
  187. for _, allowedIp := range node.AllowedIPs {
  188. if _, ipnet, err := net.ParseCIDR(allowedIp); err == nil {
  189. nodeEndpointArr := strings.Split(node.Endpoint, ":")
  190. if !ipnet.Contains(net.IP(nodeEndpointArr[0])) && ipnet.IP.String() != node.Address { // don't need to add an allowed ip that already exists..
  191. allowedips = append(allowedips, *ipnet)
  192. }
  193. } else if appendip := net.ParseIP(allowedIp); appendip != nil && allowedIp != node.Address {
  194. ipnet := net.IPNet{
  195. IP: net.ParseIP(allowedIp),
  196. Mask: net.CIDRMask(32, 32),
  197. }
  198. allowedips = append(allowedips, ipnet)
  199. }
  200. }
  201. // handle egress gateway peers
  202. if node.IsEgressGateway == "yes" {
  203. hasGateway = true
  204. ranges := node.EgressGatewayRanges
  205. for _, iprange := range ranges { // go through each cidr for egress gateway
  206. _, ipnet, err := net.ParseCIDR(iprange) // confirming it's valid cidr
  207. if err != nil {
  208. ncutils.PrintLog("could not parse gateway IP range. Not adding "+iprange, 1)
  209. continue // if can't parse CIDR
  210. }
  211. nodeEndpointArr := strings.Split(node.Endpoint, ":") // getting the public ip of node
  212. if ipnet.Contains(net.ParseIP(nodeEndpointArr[0])) { // ensuring egress gateway range does not contain public ip of node
  213. ncutils.PrintLog("egress IP range of "+iprange+" overlaps with "+node.Endpoint+", omitting", 2)
  214. continue // skip adding egress range if overlaps with node's ip
  215. }
  216. if ipnet.Contains(net.ParseIP(nodecfg.LocalAddress)) { // ensuring egress gateway range does not contain public ip of node
  217. ncutils.PrintLog("egress IP range of "+iprange+" overlaps with "+nodecfg.LocalAddress+", omitting", 2)
  218. continue // skip adding egress range if overlaps with node's local ip
  219. }
  220. gateways = append(gateways, iprange)
  221. if err != nil {
  222. log.Println("ERROR ENCOUNTERED SETTING GATEWAY")
  223. } else {
  224. allowedips = append(allowedips, *ipnet)
  225. }
  226. }
  227. }
  228. if node.Address6 != "" && dualstack {
  229. var addr6 = net.IPNet{
  230. IP: net.ParseIP(node.Address6),
  231. Mask: net.CIDRMask(128, 128),
  232. }
  233. allowedips = append(allowedips, addr6)
  234. }
  235. if nodecfg.IsServer == "yes" && !(node.IsServer == "yes"){
  236. peer = wgtypes.PeerConfig{
  237. PublicKey: pubkey,
  238. PersistentKeepaliveInterval: &keepaliveserver,
  239. ReplaceAllowedIPs: true,
  240. AllowedIPs: allowedips,
  241. }
  242. } else if keepalive != 0 {
  243. peer = wgtypes.PeerConfig{
  244. PublicKey: pubkey,
  245. PersistentKeepaliveInterval: &keepalivedur,
  246. Endpoint: &net.UDPAddr{
  247. IP: net.ParseIP(node.Endpoint),
  248. Port: int(node.ListenPort),
  249. },
  250. ReplaceAllowedIPs: true,
  251. AllowedIPs: allowedips,
  252. }
  253. } else {
  254. peer = wgtypes.PeerConfig{
  255. PublicKey: pubkey,
  256. Endpoint: &net.UDPAddr{
  257. IP: net.ParseIP(node.Endpoint),
  258. Port: int(node.ListenPort),
  259. },
  260. ReplaceAllowedIPs: true,
  261. AllowedIPs: allowedips,
  262. }
  263. }
  264. peers = append(peers, peer)
  265. }
  266. if isIngressGateway {
  267. extPeers, err := GetExtPeers(macaddress, network, server, dualstack)
  268. if err == nil {
  269. peers = append(peers, extPeers...)
  270. } else {
  271. log.Println("ERROR RETRIEVING EXTERNAL PEERS", err)
  272. }
  273. }
  274. return peers, hasGateway, gateways, err
  275. }
  276. func GetExtPeers(macaddress string, network string, server string, dualstack bool) ([]wgtypes.PeerConfig, error) {
  277. var peers []wgtypes.PeerConfig
  278. cfg, err := config.ReadConfig(network)
  279. if err != nil {
  280. log.Fatalf("Issue retrieving config for network: "+network+". Please investigate: %v", err)
  281. }
  282. nodecfg := cfg.Node
  283. var extPeers []models.Node
  284. if nodecfg.IsServer != "yes" { // fill extPeers with client side logic
  285. var wcclient nodepb.NodeServiceClient
  286. conn, err := grpc.Dial(cfg.Server.GRPCAddress,
  287. ncutils.GRPCRequestOpts(cfg.Server.GRPCSSL))
  288. if err != nil {
  289. log.Fatalf("Unable to establish client connection to localhost:50051: %v", err)
  290. }
  291. defer conn.Close()
  292. // Instantiate the BlogServiceClient with our client connection to the server
  293. wcclient = nodepb.NewNodeServiceClient(conn)
  294. req := &nodepb.Object{
  295. Data: macaddress + "###" + network,
  296. Type: nodepb.STRING_TYPE,
  297. }
  298. ctx, err := auth.SetJWT(wcclient, network)
  299. if err != nil {
  300. log.Println("Failed to authenticate.")
  301. return peers, err
  302. }
  303. var header metadata.MD
  304. responseObject, err := wcclient.GetExtPeers(ctx, req, grpc.Header(&header))
  305. if err != nil {
  306. log.Println("Error retrieving peers")
  307. log.Println(err)
  308. return nil, err
  309. }
  310. if err = json.Unmarshal([]byte(responseObject.Data), &extPeers); err != nil {
  311. return nil, err
  312. }
  313. } else { // fill extPeers with server side logic
  314. tempPeers, err := logic.GetExtPeersList(nodecfg.MacAddress, nodecfg.Network)
  315. if err != nil {
  316. return nil, err
  317. }
  318. for i := 0; i < len(tempPeers); i++ {
  319. extPeers = append(extPeers, models.Node{
  320. Address: tempPeers[i].Address,
  321. Address6: tempPeers[i].Address6,
  322. Endpoint: tempPeers[i].Endpoint,
  323. PublicKey: tempPeers[i].PublicKey,
  324. PersistentKeepalive: tempPeers[i].KeepAlive,
  325. ListenPort: tempPeers[i].ListenPort,
  326. LocalAddress: tempPeers[i].LocalAddress,
  327. })
  328. }
  329. }
  330. for _, extPeer := range extPeers {
  331. pubkey, err := wgtypes.ParseKey(extPeer.PublicKey)
  332. if err != nil {
  333. log.Println("error parsing key")
  334. return peers, err
  335. }
  336. if nodecfg.PublicKey == extPeer.PublicKey {
  337. continue
  338. }
  339. var peer wgtypes.PeerConfig
  340. var peeraddr = net.IPNet{
  341. IP: net.ParseIP(extPeer.Address),
  342. Mask: net.CIDRMask(32, 32),
  343. }
  344. var allowedips []net.IPNet
  345. allowedips = append(allowedips, peeraddr)
  346. if extPeer.Address6 != "" && dualstack {
  347. var addr6 = net.IPNet{
  348. IP: net.ParseIP(extPeer.Address6),
  349. Mask: net.CIDRMask(128, 128),
  350. }
  351. allowedips = append(allowedips, addr6)
  352. }
  353. peer = wgtypes.PeerConfig{
  354. PublicKey: pubkey,
  355. ReplaceAllowedIPs: true,
  356. AllowedIPs: allowedips,
  357. }
  358. peers = append(peers, peer)
  359. }
  360. return peers, err
  361. }