Merge branch 'develop' of https://github.com/gravitl/netmaker into feature_v0.14.7_translateiftablestonftables

2024-09-21 07:46:04 +08:00 · 2022-08-03 12:25:40 -07:00 · 2022-08-03 12:25:40 -07:00 · c858d76bad
parent 7c2fce3a55 47db26c9af
commit c858d76bad
4 changed files with 36 additions and 1 deletions
--- a/config/config.go
+++ b/config/config.go
@ -69,6 +69,7 @@ type ServerConfig struct {
 	MQPort                string `yaml:"mqport"`
 	MQServerPort          string `yaml:"mqserverport"`
 	Server                string `yaml:"server"`
+	PublicIPService       string `yaml:"publicipservice"`
 }

 // SQLConfig - Generic SQL Config
--- a/config/environments/dev.yaml
+++ b/config/environments/dev.yaml
@ -11,3 +11,4 @@ server:
  disableremoteipcheck: "" # defaults to "false" or DISABLE_REMOTE_IP_CHECK (if set)
  version: "" # version of server
  rce: "" # defaults to "off"
+  publicipservice: "" # defaults to "" or PUBLIC_IP_SERVICE (if set)
--- a/logic/peers.go
+++ b/logic/peers.go
@ -324,6 +324,16 @@ func GetAllowedIPs(node, peer *models.Node) []net.IPNet {
 				extAllowedIPs := getEgressIPs(node, relayedNode)
 				allowedips = append(allowedips, extAllowedIPs...)
 			}
+			if relayedNode.IsIngressGateway == "yes" {
+				extPeers, err := getExtPeers(relayedNode)
+				if err == nil {
+					for _, extPeer := range extPeers {
+						allowedips = append(allowedips, extPeer.AllowedIPs...)
+					}
+				} else {
+					logger.Log(0, "failed to retrieve extclients from relayed ingress", err.Error())
+				}
+			}
 		}
 	}
 	return allowedips
@ -413,6 +423,14 @@ func GetPeerUpdateForRelayedNode(node *models.Node, udppeers map[string]string)
 			}
 		}
 	}
+	//delete extclients from allowedip if we are ingress gateway
+	if node.IsIngressGateway == "yes" {
+		for i := len(allowedips) - 1; i >= 0; i-- {
+			if strings.Contains(node.IngressGatewayRange, allowedips[i].IP.String()) {
+				allowedips = append(allowedips[:i], allowedips[i+1:]...)
+			}
+		}
+	}

 	pubkey, err := wgtypes.ParseKey(relay.PublicKey)
 	if err != nil {
@ -458,6 +476,15 @@ func GetPeerUpdateForRelayedNode(node *models.Node, udppeers map[string]string)
 	if relay.IsServer == "yes" {
 		serverNodeAddresses = append(serverNodeAddresses, models.ServerAddr{IsLeader: IsLeader(relay), Address: relay.Address})
 	}
+	//if ingress add extclients
+	if node.IsIngressGateway == "yes" {
+		extPeers, err := getExtPeers(node)
+		if err == nil {
+			peers = append(peers, extPeers...)
+		} else {
+			logger.Log(2, "could not retrieve ext peers for ", node.Name, err.Error())
+		}
+	}
 	peerUpdate.Network = node.Network
 	peerUpdate.ServerVersion = servercfg.Version
 	peerUpdate.Peers = peers
--- a/servercfg/serverconf.go
+++ b/servercfg/serverconf.go
@ -430,7 +430,13 @@ func GetPublicIP() (string, error) {
 	iplist := []string{"https://ip.server.gravitl.com", "https://ifconfig.me", "https://api.ipify.org", "https://ipinfo.io/ip"}
 	publicIpService := os.Getenv("PUBLIC_IP_SERVICE")
 	if publicIpService != "" {
-		logger.Log(3, "User provided public IP service is", publicIpService)
+		logger.Log(3, "User (environment variable) provided public IP service is", publicIpService)
+
+		// prepend the user-specified service so it's checked first
+		iplist = append([]string{publicIpService}, iplist...)
+	} else if config.Config.Server.PublicIPService != "" {
+		publicIpService = config.Config.Server.PublicIPService
+		logger.Log(3, "User (config file) provided public IP service is", publicIpService)

 		// prepend the user-specified service so it's checked first
 		iplist = append([]string{publicIpService}, iplist...)