mirror of
https://github.com/gravitl/netmaker.git
synced 2025-10-06 20:05:46 +08:00
NET-433: Only Set Routes for NAT enabled egress GW (#2469)
* remove related fields and code * remover metrics collection from server code * fw update struct * add ext client flag to metrics data * simply nat types * rm proxy update from cli * remove ingress routes from firewall update * check if egress ranges are present * rm unused func
This commit is contained in:
Abhishek K
GitHub
parent
6ef61cf48e
commit
cf11169553
2 changed files with 7 additions and 104 deletions
|
|
@ -30,9 +30,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
|
|||
ServerVersion: servercfg.GetVersion(),
|
||||
ServerAddrs: []models.ServerAddr{},
|
||||
FwUpdate: models.FwUpdate{
|
||||
IngressInfo: models.IngressInfo{
|
||||
ExtPeers: make(map[string]models.ExtClientInfo),
|
||||
},
|
||||
EgressInfo: make(map[string]models.EgressInfo),
|
||||
},
|
||||
PeerIDs: make(models.PeerMap, 0),
|
||||
|
|
@ -110,10 +107,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
|
|||
}
|
||||
|
||||
currentPeers := GetNetworkNodesMemory(allNodes, node.Network)
|
||||
var nodePeerMap map[string]models.PeerRouteInfo
|
||||
if node.IsIngressGateway || node.IsEgressGateway {
|
||||
nodePeerMap = make(map[string]models.PeerRouteInfo)
|
||||
}
|
||||
for _, peer := range currentPeers {
|
||||
peer := peer
|
||||
if peer.ID.String() == node.ID.String() {
|
||||
|
|
@ -138,38 +131,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
|
|||
EgressRanges: peer.EgressGatewayRanges,
|
||||
})
|
||||
}
|
||||
if node.IsIngressGateway || node.IsEgressGateway {
|
||||
if peer.IsIngressGateway {
|
||||
_, extPeerIDAndAddrs, err := getExtPeers(&peer, &node)
|
||||
if err == nil {
|
||||
for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
|
||||
extPeerIdAndAddr := extPeerIdAndAddr
|
||||
nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{
|
||||
PeerAddr: net.IPNet{
|
||||
IP: net.ParseIP(extPeerIdAndAddr.Address),
|
||||
Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
|
||||
},
|
||||
PeerKey: extPeerIdAndAddr.ID,
|
||||
Allow: true,
|
||||
ID: extPeerIdAndAddr.ID,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if node.IsIngressGateway && peer.IsEgressGateway {
|
||||
hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges = append(hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges,
|
||||
peer.EgressGatewayRanges...)
|
||||
}
|
||||
nodePeerMap[peerHost.PublicKey.String()] = models.PeerRouteInfo{
|
||||
PeerAddr: net.IPNet{
|
||||
IP: net.ParseIP(peer.PrimaryAddress()),
|
||||
Mask: getCIDRMaskFromAddr(peer.PrimaryAddress()),
|
||||
},
|
||||
PeerKey: peerHost.PublicKey.String(),
|
||||
Allow: true,
|
||||
ID: peer.ID.String(),
|
||||
}
|
||||
}
|
||||
if (node.IsRelayed && node.RelayedBy != peer.ID.String()) || (peer.IsRelayed && peer.RelayedBy != node.ID.String()) {
|
||||
// if node is relayed and peer is not the relay, set remove to true
|
||||
if _, ok := peerIndexMap[peerHost.PublicKey.String()]; ok {
|
||||
|
|
@ -248,39 +209,11 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
|
|||
var extPeers []wgtypes.PeerConfig
|
||||
var extPeerIDAndAddrs []models.IDandAddr
|
||||
if node.IsIngressGateway {
|
||||
hostPeerUpdate.FwUpdate.IsIngressGw = true
|
||||
extPeers, extPeerIDAndAddrs, err = getExtPeers(&node, &node)
|
||||
if err == nil {
|
||||
for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
|
||||
extPeerIdAndAddr := extPeerIdAndAddr
|
||||
nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{
|
||||
PeerAddr: net.IPNet{
|
||||
IP: net.ParseIP(extPeerIdAndAddr.Address),
|
||||
Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
|
||||
},
|
||||
PeerKey: extPeerIdAndAddr.ID,
|
||||
Allow: true,
|
||||
ID: extPeerIdAndAddr.ID,
|
||||
}
|
||||
}
|
||||
hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...)
|
||||
for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
|
||||
extPeerIdAndAddr := extPeerIdAndAddr
|
||||
|
||||
hostPeerUpdate.FwUpdate.IngressInfo.ExtPeers[extPeerIdAndAddr.ID] = models.ExtClientInfo{
|
||||
Masquerade: true,
|
||||
IngGwAddr: net.IPNet{
|
||||
IP: net.ParseIP(node.PrimaryAddress()),
|
||||
Mask: getCIDRMaskFromAddr(node.PrimaryAddress()),
|
||||
},
|
||||
Network: node.PrimaryNetworkRange(),
|
||||
ExtPeerAddr: net.IPNet{
|
||||
IP: net.ParseIP(extPeerIdAndAddr.Address),
|
||||
Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
|
||||
},
|
||||
ExtPeerKey: extPeerIdAndAddr.ID,
|
||||
Peers: filterNodeMapForClientACLs(extPeerIdAndAddr.ID, node.Network, nodePeerMap),
|
||||
}
|
||||
if node.Network == network {
|
||||
hostPeerUpdate.PeerIDs[extPeerIdAndAddr.ID] = extPeerIdAndAddr
|
||||
hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, extPeers...)
|
||||
|
|
@ -290,7 +223,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
|
|||
logger.Log(1, "error retrieving external clients:", err.Error())
|
||||
}
|
||||
}
|
||||
if node.IsEgressGateway {
|
||||
if node.IsEgressGateway && node.EgressGatewayRequest.NatEnabled == "yes" && len(node.EgressGatewayRequest.Ranges) > 0 {
|
||||
hostPeerUpdate.FwUpdate.IsEgressGw = true
|
||||
hostPeerUpdate.FwUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{
|
||||
EgressID: node.ID.String(),
|
||||
|
|
@ -299,7 +232,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
|
|||
IP: net.ParseIP(node.PrimaryAddress()),
|
||||
Mask: getCIDRMaskFromAddr(node.PrimaryAddress()),
|
||||
},
|
||||
GwPeers: nodePeerMap,
|
||||
EgressGWCfg: node.EgressGatewayRequest,
|
||||
}
|
||||
}
|
||||
|
|
@ -584,29 +516,3 @@ func getCIDRMaskFromAddr(addr string) net.IPMask {
|
|||
}
|
||||
return cidr
|
||||
}
|
||||
|
||||
// accounts for ext client ACLs
|
||||
func filterNodeMapForClientACLs(publicKey, network string, nodePeerMap map[string]models.PeerRouteInfo) map[string]models.PeerRouteInfo {
|
||||
if !isEE {
|
||||
return nodePeerMap
|
||||
}
|
||||
if nodePeerMap == nil {
|
||||
return map[string]models.PeerRouteInfo{}
|
||||
}
|
||||
|
||||
if len(publicKey) == 0 || len(network) == 0 {
|
||||
return nodePeerMap
|
||||
}
|
||||
|
||||
client, err := GetExtClientByPubKey(publicKey, network)
|
||||
if err != nil {
|
||||
return nodePeerMap
|
||||
}
|
||||
for k := range nodePeerMap {
|
||||
currNodePeer := nodePeerMap[k]
|
||||
if _, ok := client.DeniedACLs[currNodePeer.ID]; ok {
|
||||
delete(nodePeerMap, k)
|
||||
}
|
||||
}
|
||||
return nodePeerMap
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,11 +30,10 @@ type IngressInfo struct {
|
|||
|
||||
// EgressInfo - struct for egress info
|
||||
type EgressInfo struct {
|
||||
EgressID string `json:"egress_id" yaml:"egress_id"`
|
||||
Network net.IPNet `json:"network" yaml:"network"`
|
||||
EgressGwAddr net.IPNet `json:"egress_gw_addr" yaml:"egress_gw_addr"`
|
||||
GwPeers map[string]PeerRouteInfo `json:"gateway_peers" yaml:"gateway_peers"`
|
||||
EgressGWCfg EgressGatewayRequest `json:"egress_gateway_cfg" yaml:"egress_gateway_cfg"`
|
||||
EgressID string `json:"egress_id" yaml:"egress_id"`
|
||||
Network net.IPNet `json:"network" yaml:"network"`
|
||||
EgressGwAddr net.IPNet `json:"egress_gw_addr" yaml:"egress_gw_addr"`
|
||||
EgressGWCfg EgressGatewayRequest `json:"egress_gateway_cfg" yaml:"egress_gateway_cfg"`
|
||||
}
|
||||
|
||||
// EgressNetworkRoutes - struct for egress network routes for adding routes to peer's interface
|
||||
|
|
@ -69,8 +68,6 @@ type KeyUpdate struct {
|
|||
|
||||
// FwUpdate - struct for firewall updates
|
||||
type FwUpdate struct {
|
||||
IsIngressGw bool `json:"is_ingress_gw"`
|
||||
IsEgressGw bool `json:"is_egress_gw"`
|
||||
IngressInfo IngressInfo `json:"ingress_info"`
|
||||
EgressInfo map[string]EgressInfo `json:"egress_info"`
|
||||
IsEgressGw bool `json:"is_egress_gw"`
|
||||
EgressInfo map[string]EgressInfo `json:"egress_info"`
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue