From 82fe2b60f521a8751c6b40b54a2a2e595ddbb22d Mon Sep 17 00:00:00 2001
From: "Matthew R. Kasun" <mkasun@nusak.ca>
Date: Tue, 26 Jul 2022 11:24:23 -0400
Subject: [PATCH 1/5] relayed node peer update for ingress

---
 logic/peers.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/logic/peers.go b/logic/peers.go
index fd40a783..7cd10639 100644
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -413,6 +413,14 @@ func GetPeerUpdateForRelayedNode(node *models.Node, udppeers map[string]string)
 			}
 		}
 	}
+	//delete extclients from allowedip if we are ingress gateway
+	if node.IsIngressGateway == "yes" {
+		for i := len(allowedips) - 1; i >= 0; i-- {
+			if strings.Contains(node.IngressGatewayRange, allowedips[i].IP.String()) {
+				allowedips = append(allowedips[:i], allowedips[i+1:]...)
+			}
+		}
+	}
 
 	pubkey, err := wgtypes.ParseKey(relay.PublicKey)
 	if err != nil {
@@ -458,6 +466,15 @@ func GetPeerUpdateForRelayedNode(node *models.Node, udppeers map[string]string)
 	if relay.IsServer == "yes" {
 		serverNodeAddresses = append(serverNodeAddresses, models.ServerAddr{IsLeader: IsLeader(relay), Address: relay.Address})
 	}
+	//if ingress add extclients
+	if node.IsIngressGateway == "yes" {
+		extPeers, err := getExtPeers(node)
+		if err == nil {
+			peers = append(peers, extPeers...)
+		} else {
+			log.Println("ERROR RETRIEVING EXTERNAL PEERS", err)
+		}
+	}
 	peerUpdate.Network = node.Network
 	peerUpdate.ServerVersion = servercfg.Version
 	peerUpdate.Peers = peers

From 7a763fec666c7bc4f334b8de0f8ad628558efb51 Mon Sep 17 00:00:00 2001
From: "Matthew R. Kasun" <mkasun@nusak.ca>
Date: Wed, 27 Jul 2022 06:20:54 -0400
Subject: [PATCH 2/5] add extclient ip if relayed node is ingress

---
 logic/peers.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/logic/peers.go b/logic/peers.go
index 7cd10639..a591ae66 100644
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -324,6 +324,16 @@ func GetAllowedIPs(node, peer *models.Node) []net.IPNet {
 				extAllowedIPs := getEgressIPs(node, relayedNode)
 				allowedips = append(allowedips, extAllowedIPs...)
 			}
+			if relayedNode.IsIngressGateway == "yes" {
+				extPeers, err := getExtPeers(relayedNode)
+				if err == nil {
+					for _, extPeer := range extPeers {
+						allowedips = append(allowedips, extPeer.AllowedIPs...)
+					}
+				} else {
+					logger.Log(0, "failed to retrieve extclients from relayed ingress", err.Error())
+				}
+			}
 		}
 	}
 	return allowedips

From 067d2aca2dd5a6917358f5905b29c73ee4e43e9f Mon Sep 17 00:00:00 2001
From: cameronts <cameron.tullysmith@gmail.com>
Date: Wed, 27 Jul 2022 11:57:37 -0700
Subject: [PATCH 3/5] Added config file handling for public IP service.

---
 config/config.go             | 1 +
 config/environments/dev.yaml | 1 +
 servercfg/serverconf.go      | 8 +++++++-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/config/config.go b/config/config.go
index 061eeba3..f3e27778 100644
--- a/config/config.go
+++ b/config/config.go
@@ -69,6 +69,7 @@ type ServerConfig struct {
 	MQPort                string `yaml:"mqport"`
 	MQServerPort          string `yaml:"mqserverport"`
 	Server                string `yaml:"server"`
+	PublicIPService       string `yaml:"publicIPService"`
 }
 
 // SQLConfig - Generic SQL Config
diff --git a/config/environments/dev.yaml b/config/environments/dev.yaml
index 10d7d54f..b38c6c40 100644
--- a/config/environments/dev.yaml
+++ b/config/environments/dev.yaml
@@ -11,3 +11,4 @@ server:
   disableremoteipcheck: "" # defaults to "false" or DISABLE_REMOTE_IP_CHECK (if set)
   version: "" # version of server
   rce: "" # defaults to "off"
+  publicIpService: "" # defaults to "" or PUBLIC_IP_SERVICE (if set)
diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go
index ea2c8434..b611973d 100644
--- a/servercfg/serverconf.go
+++ b/servercfg/serverconf.go
@@ -430,7 +430,13 @@ func GetPublicIP() (string, error) {
 	iplist := []string{"https://ip.server.gravitl.com", "https://ifconfig.me", "https://api.ipify.org", "https://ipinfo.io/ip"}
 	publicIpService := os.Getenv("PUBLIC_IP_SERVICE")
 	if publicIpService != "" {
-		logger.Log(3, "User provided public IP service is", publicIpService)
+		logger.Log(3, "User (environment variable) provided public IP service is", publicIpService)
+
+		// prepend the user-specified service so it's checked first
+		iplist = append([]string{publicIpService}, iplist...)
+	} else if config.Config.Server.PublicIPService != "" {
+		publicIpService = config.Config.Server.PublicIPService
+		logger.Log(3, "User (config file) provided public IP service is", publicIpService)
 
 		// prepend the user-specified service so it's checked first
 		iplist = append([]string{publicIpService}, iplist...)

From 437e672360fd1445b194a63c19e4a92ad108349a Mon Sep 17 00:00:00 2001
From: "Matthew R. Kasun" <mkasun@nusak.ca>
Date: Thu, 28 Jul 2022 07:57:19 -0400
Subject: [PATCH 4/5] code review comments

---
 logic/peers.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/logic/peers.go b/logic/peers.go
index a591ae66..7dad5d7d 100644
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -482,7 +482,7 @@ func GetPeerUpdateForRelayedNode(node *models.Node, udppeers map[string]string)
 		if err == nil {
 			peers = append(peers, extPeers...)
 		} else {
-			log.Println("ERROR RETRIEVING EXTERNAL PEERS", err)
+			logger.Log(2, "could not retrieve ext peers for ", node.Name, err.Error())
 		}
 	}
 	peerUpdate.Network = node.Network

From a925f4635c7f9462773ee7ad50d50143a2b46df0 Mon Sep 17 00:00:00 2001
From: cameronts <cameron.tullysmith@gmail.com>
Date: Thu, 28 Jul 2022 10:16:50 -0700
Subject: [PATCH 5/5] Lowercased publicipservice.

---
 config/config.go             | 2 +-
 config/environments/dev.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/config.go b/config/config.go
index f3e27778..71dd0e44 100644
--- a/config/config.go
+++ b/config/config.go
@@ -69,7 +69,7 @@ type ServerConfig struct {
 	MQPort                string `yaml:"mqport"`
 	MQServerPort          string `yaml:"mqserverport"`
 	Server                string `yaml:"server"`
-	PublicIPService       string `yaml:"publicIPService"`
+	PublicIPService       string `yaml:"publicipservice"`
 }
 
 // SQLConfig - Generic SQL Config
diff --git a/config/environments/dev.yaml b/config/environments/dev.yaml
index b38c6c40..8142423c 100644
--- a/config/environments/dev.yaml
+++ b/config/environments/dev.yaml
@@ -11,4 +11,4 @@ server:
   disableremoteipcheck: "" # defaults to "false" or DISABLE_REMOTE_IP_CHECK (if set)
   version: "" # version of server
   rce: "" # defaults to "off"
-  publicIpService: "" # defaults to "" or PUBLIC_IP_SERVICE (if set)
+  publicipservice: "" # defaults to "" or PUBLIC_IP_SERVICE (if set)