gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-10 07:05:28 +08:00
Code Issues Projects Releases Packages Wiki Activity

changes to allowedip parsing to handle ipv6 better

Browse source
This commit is contained in:
0xdcarns 2022-04-22 16:15:40 -04:00
parent 7654556a3a
commit 9d365c9c28
3 changed files with 56 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

87
logic/server.go
View file

@ -16,6 +16,7 @@ import (
"github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/netclient/ncutils" "github.com/gravitl/netmaker/netclient/ncutils"
"github.com/gravitl/netmaker/servercfg" "github.com/gravitl/netmaker/servercfg"
"github.com/seancfoley/ipaddress-go/ipaddr"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes" "golang.zx2c4.com/wireguard/wgctrl/wgtypes"
) )
@ -237,24 +238,47 @@ func GetServerPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, bool, []stri
} }
var peer wgtypes.PeerConfig var peer wgtypes.PeerConfig
var peeraddr = net.IPNet{ var allowedips = []net.IPNet{}
IP: net.ParseIP(node.Address), if node.Address != "" {
Mask: net.CIDRMask(32, 32), var peeraddr = net.IPNet{
IP: net.ParseIP(node.Address),
Mask: net.CIDRMask(32, 32),
}
if peeraddr.IP != nil && peeraddr.Mask != nil {
allowedips = append(allowedips, peeraddr)
}
} }
var allowedips = []net.IPNet{
peeraddr, if node.Address6 != "" {
var addr6 = net.IPNet{
IP: net.ParseIP(node.Address6),
Mask: net.CIDRMask(128, 128),
}
if addr6.IP != nil && addr6.Mask != nil {
allowedips = append(allowedips, addr6)
}
} }
// handle manually set peers // handle manually set peers
for _, allowedIp := range node.AllowedIPs { for _, allowedIp := range node.AllowedIPs {
if _, ipnet, err := net.ParseCIDR(allowedIp); err == nil { currentIP := ipaddr.NewIPAddressString(allowedIp).GetAddress()
nodeEndpointArr := strings.Split(node.Endpoint, ":") if currentIP.IsIPv4() {
if !ipnet.Contains(net.IP(nodeEndpointArr[0])) && ipnet.IP.String() != node.Address { // don't need to add an allowed ip that already exists.. if _, ipnet, err := net.ParseCIDR(allowedIp); err == nil {
allowedips = append(allowedips, *ipnet) nodeEndpointArr := strings.Split(node.Endpoint, ":")
if !ipnet.Contains(net.IP(nodeEndpointArr[0])) && ipnet.IP.String() != node.Address { // don't need to add an allowed ip that already exists..
allowedips = append(allowedips, *ipnet)
}
} else if appendip := net.ParseIP(allowedIp); appendip != nil && allowedIp != node.Address {
ipnet := net.IPNet{
IP: net.ParseIP(allowedIp),
Mask: net.CIDRMask(32, 32),
}
allowedips = append(allowedips, ipnet)
} }
} else if appendip := net.ParseIP(allowedIp); appendip != nil && allowedIp != node.Address { } else if currentIP.IsIPv6() {
ipnet := net.IPNet{ ipnet := net.IPNet{
IP: net.ParseIP(allowedIp), IP: currentIP.GetNetIP(),
Mask: net.CIDRMask(32, 32), Mask: net.CIDRMask(128, 128),
} }
allowedips = append(allowedips, ipnet) allowedips = append(allowedips, ipnet)
} }
@ -269,31 +293,30 @@ func GetServerPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, bool, []stri
logger.Log(1, "could not parse gateway IP range. Not adding", iprange) logger.Log(1, "could not parse gateway IP range. Not adding", iprange)
continue // if can't parse CIDR continue // if can't parse CIDR
} }
nodeEndpointArr := strings.Split(node.Endpoint, ":") // getting the public ip of node currentAddr := ipaddr.NewIPAddressString(ipnet.String()).GetAddress()
if ipnet.Contains(net.ParseIP(nodeEndpointArr[0])) { // ensuring egress gateway range does not contain public ip of node if currentAddr.IsIPv4() {
logger.Log(2, "egress IP range of", iprange, "overlaps with", node.Endpoint, ", omitting") nodeEndpointArr := strings.Split(node.Endpoint, ":") // getting the public ip of node
continue // skip adding egress range if overlaps with node's ip if ipnet.Contains(net.ParseIP(nodeEndpointArr[0])) { // ensuring egress gateway range does not contain public ip of node
} logger.Log(2, "egress IP range of", iprange, "overlaps with", node.Endpoint, ", omitting")
if ipnet.Contains(net.ParseIP(serverNode.LocalAddress)) { // ensuring egress gateway range does not contain public ip of node continue // skip adding egress range if overlaps with node's ip
logger.Log(2, "egress IP range of", iprange, "overlaps with", serverNode.LocalAddress, ", omitting") }
continue // skip adding egress range if overlaps with node's local ip if ipnet.Contains(net.ParseIP(serverNode.LocalAddress)) { // ensuring egress gateway range does not contain public ip of node
} logger.Log(2, "egress IP range of", iprange, "overlaps with", serverNode.LocalAddress, ", omitting")
gateways = append(gateways, iprange) continue // skip adding egress range if overlaps with node's local ip
if err != nil { }
logger.Log(1, "ERROR ENCOUNTERED SETTING GATEWAY:", err.Error()) gateways = append(gateways, iprange)
} else { if err != nil {
logger.Log(1, "ERROR ENCOUNTERED SETTING GATEWAY:", err.Error())
} else {
allowedips = append(allowedips, *ipnet)
}
} else if currentAddr.IsIPv6() {
allowedips = append(allowedips, *ipnet) allowedips = append(allowedips, *ipnet)
} }
} }
ranges = nil ranges = nil
} }
if node.Address6 != "" {
var addr6 = net.IPNet{
IP: net.ParseIP(node.Address6),
Mask: net.CIDRMask(128, 128),
}
allowedips = append(allowedips, addr6)
}
peer = wgtypes.PeerConfig{ peer = wgtypes.PeerConfig{
PublicKey: pubkey, PublicKey: pubkey,
PersistentKeepaliveInterval: &(keepalivedur), PersistentKeepaliveInterval: &(keepalivedur),

1
netclient/ncutils/peerhelper.go
View file

@ -10,6 +10,7 @@ import (
"golang.zx2c4.com/wireguard/wgctrl/wgtypes" "golang.zx2c4.com/wireguard/wgctrl/wgtypes"
) )
// GetPeers - gets the peers from a given WireGuard interface
func GetPeers(iface string) ([]wgtypes.Peer, error) { func GetPeers(iface string) ([]wgtypes.Peer, error) {
var peers []wgtypes.Peer var peers []wgtypes.Peer

1
netclient/wireguard/common.go
View file

@ -80,7 +80,6 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error
_, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+ _, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
" persistent-keepalive "+keepAliveString+ " persistent-keepalive "+keepAliveString+
" allowed-ips "+allowedips, true) " allowed-ips "+allowedips, true)
} else { } else {
_, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+ _, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
" endpoint "+udpendpoint+ " endpoint "+udpendpoint+