changes to allowedip parsing to handle ipv6 better

2025-09-06 13:14:24 +08:00 · 2022-04-22 16:15:40 -04:00 · 2022-04-22 16:15:40 -04:00 · 9d365c9c28
commit 9d365c9c28
parent 7654556a3a
3 changed files with 56 additions and 33 deletions
--- a/logic/server.go
+++ b/logic/server.go
@ -16,6 +16,7 @@ import (
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/netclient/ncutils"
 	"github.com/gravitl/netmaker/servercfg"
+	"github.com/seancfoley/ipaddress-go/ipaddr"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )

@ -237,24 +238,47 @@ func GetServerPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, bool, []stri
 		}

 		var peer wgtypes.PeerConfig
-		var peeraddr = net.IPNet{
-			IP:   net.ParseIP(node.Address),
-			Mask: net.CIDRMask(32, 32),
+		var allowedips = []net.IPNet{}
+		if node.Address != "" {
+			var peeraddr = net.IPNet{
+				IP:   net.ParseIP(node.Address),
+				Mask: net.CIDRMask(32, 32),
+			}
+			if peeraddr.IP != nil && peeraddr.Mask != nil {
+				allowedips = append(allowedips, peeraddr)
+			}
 		}
-		var allowedips = []net.IPNet{
-			peeraddr,
+
+		if node.Address6 != "" {
+			var addr6 = net.IPNet{
+				IP:   net.ParseIP(node.Address6),
+				Mask: net.CIDRMask(128, 128),
+			}
+			if addr6.IP != nil && addr6.Mask != nil {
+				allowedips = append(allowedips, addr6)
+			}
 		}
+
 		// handle manually set peers
 		for _, allowedIp := range node.AllowedIPs {
-			if _, ipnet, err := net.ParseCIDR(allowedIp); err == nil {
-				nodeEndpointArr := strings.Split(node.Endpoint, ":")
-				if !ipnet.Contains(net.IP(nodeEndpointArr[0])) && ipnet.IP.String() != node.Address { // don't need to add an allowed ip that already exists..
-					allowedips = append(allowedips, *ipnet)
+			currentIP := ipaddr.NewIPAddressString(allowedIp).GetAddress()
+			if currentIP.IsIPv4() {
+				if _, ipnet, err := net.ParseCIDR(allowedIp); err == nil {
+					nodeEndpointArr := strings.Split(node.Endpoint, ":")
+					if !ipnet.Contains(net.IP(nodeEndpointArr[0])) && ipnet.IP.String() != node.Address { // don't need to add an allowed ip that already exists..
+						allowedips = append(allowedips, *ipnet)
+					}
+				} else if appendip := net.ParseIP(allowedIp); appendip != nil && allowedIp != node.Address {
+					ipnet := net.IPNet{
+						IP:   net.ParseIP(allowedIp),
+						Mask: net.CIDRMask(32, 32),
+					}
+					allowedips = append(allowedips, ipnet)
 				}
-			} else if appendip := net.ParseIP(allowedIp); appendip != nil && allowedIp != node.Address {
+			} else if currentIP.IsIPv6() {
 				ipnet := net.IPNet{
-					IP:   net.ParseIP(allowedIp),
-					Mask: net.CIDRMask(32, 32),
+					IP:   currentIP.GetNetIP(),
+					Mask: net.CIDRMask(128, 128),
 				}
 				allowedips = append(allowedips, ipnet)
 			}
@ -269,31 +293,30 @@ func GetServerPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, bool, []stri
 					logger.Log(1, "could not parse gateway IP range. Not adding", iprange)
 					continue // if can't parse CIDR
 				}
-				nodeEndpointArr := strings.Split(node.Endpoint, ":") // getting the public ip of node
-				if ipnet.Contains(net.ParseIP(nodeEndpointArr[0])) { // ensuring egress gateway range does not contain public ip of node
-					logger.Log(2, "egress IP range of", iprange, "overlaps with", node.Endpoint, ", omitting")
-					continue // skip adding egress range if overlaps with node's ip
-				}
-				if ipnet.Contains(net.ParseIP(serverNode.LocalAddress)) { // ensuring egress gateway range does not contain public ip of node
-					logger.Log(2, "egress IP range of", iprange, "overlaps with", serverNode.LocalAddress, ", omitting")
-					continue // skip adding egress range if overlaps with node's local ip
-				}
-				gateways = append(gateways, iprange)
-				if err != nil {
-					logger.Log(1, "ERROR ENCOUNTERED SETTING GATEWAY:", err.Error())
-				} else {
+				currentAddr := ipaddr.NewIPAddressString(ipnet.String()).GetAddress()
+				if currentAddr.IsIPv4() {
+					nodeEndpointArr := strings.Split(node.Endpoint, ":") // getting the public ip of node
+					if ipnet.Contains(net.ParseIP(nodeEndpointArr[0])) { // ensuring egress gateway range does not contain public ip of node
+						logger.Log(2, "egress IP range of", iprange, "overlaps with", node.Endpoint, ", omitting")
+						continue // skip adding egress range if overlaps with node's ip
+					}
+					if ipnet.Contains(net.ParseIP(serverNode.LocalAddress)) { // ensuring egress gateway range does not contain public ip of node
+						logger.Log(2, "egress IP range of", iprange, "overlaps with", serverNode.LocalAddress, ", omitting")
+						continue // skip adding egress range if overlaps with node's local ip
+					}
+					gateways = append(gateways, iprange)
+					if err != nil {
+						logger.Log(1, "ERROR ENCOUNTERED SETTING GATEWAY:", err.Error())
+					} else {
+						allowedips = append(allowedips, *ipnet)
+					}
+				} else if currentAddr.IsIPv6() {
 					allowedips = append(allowedips, *ipnet)
 				}
 			}
 			ranges = nil
 		}
-		if node.Address6 != "" {
-			var addr6 = net.IPNet{
-				IP:   net.ParseIP(node.Address6),
-				Mask: net.CIDRMask(128, 128),
-			}
-			allowedips = append(allowedips, addr6)
-		}
+
 		peer = wgtypes.PeerConfig{
 			PublicKey:                   pubkey,
 			PersistentKeepaliveInterval: &(keepalivedur),
--- a/netclient/ncutils/peerhelper.go
+++ b/netclient/ncutils/peerhelper.go
@ -10,6 +10,7 @@ import (
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )

+// GetPeers - gets the peers from a given WireGuard interface
 func GetPeers(iface string) ([]wgtypes.Peer, error) {

 	var peers []wgtypes.Peer
--- a/netclient/wireguard/common.go
+++ b/netclient/wireguard/common.go
@ -80,7 +80,6 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error
 			_, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
 				" persistent-keepalive "+keepAliveString+
 				" allowed-ips "+allowedips, true)
-
 		} else {
 			_, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
 				" endpoint "+udpendpoint+