From cf11169553e731d66b365c945de0292e239ea34f Mon Sep 17 00:00:00 2001
From: Abhishek K <32607604+abhishek9686@users.noreply.github.com>
Date: Fri, 28 Jul 2023 19:44:51 +0530
Subject: [PATCH] NET-433: Only Set Routes for NAT enabled egress GW (#2469)

* remove related fields and code

* remover metrics collection from server code

* fw update struct

* add ext client flag to metrics data

* simply nat types

* rm proxy update from cli

* remove ingress routes from firewall update

* check if egress ranges are present

* rm unused func
---
 logic/peers.go | 96 +-------------------------------------------------
 models/mqtt.go | 15 ++++----
 2 files changed, 7 insertions(+), 104 deletions(-)

diff --git a/logic/peers.go b/logic/peers.go
index b5a15b24..9068a4a6 100644
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -30,9 +30,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		ServerVersion: servercfg.GetVersion(),
 		ServerAddrs:   []models.ServerAddr{},
 		FwUpdate: models.FwUpdate{
-			IngressInfo: models.IngressInfo{
-				ExtPeers: make(map[string]models.ExtClientInfo),
-			},
 			EgressInfo: make(map[string]models.EgressInfo),
 		},
 		PeerIDs:         make(models.PeerMap, 0),
@@ -110,10 +107,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		}
 
 		currentPeers := GetNetworkNodesMemory(allNodes, node.Network)
-		var nodePeerMap map[string]models.PeerRouteInfo
-		if node.IsIngressGateway || node.IsEgressGateway {
-			nodePeerMap = make(map[string]models.PeerRouteInfo)
-		}
 		for _, peer := range currentPeers {
 			peer := peer
 			if peer.ID.String() == node.ID.String() {
@@ -138,38 +131,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 					EgressRanges: peer.EgressGatewayRanges,
 				})
 			}
-			if node.IsIngressGateway || node.IsEgressGateway {
-				if peer.IsIngressGateway {
-					_, extPeerIDAndAddrs, err := getExtPeers(&peer, &node)
-					if err == nil {
-						for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
-							extPeerIdAndAddr := extPeerIdAndAddr
-							nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{
-								PeerAddr: net.IPNet{
-									IP:   net.ParseIP(extPeerIdAndAddr.Address),
-									Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
-								},
-								PeerKey: extPeerIdAndAddr.ID,
-								Allow:   true,
-								ID:      extPeerIdAndAddr.ID,
-							}
-						}
-					}
-				}
-				if node.IsIngressGateway && peer.IsEgressGateway {
-					hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges = append(hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges,
-						peer.EgressGatewayRanges...)
-				}
-				nodePeerMap[peerHost.PublicKey.String()] = models.PeerRouteInfo{
-					PeerAddr: net.IPNet{
-						IP:   net.ParseIP(peer.PrimaryAddress()),
-						Mask: getCIDRMaskFromAddr(peer.PrimaryAddress()),
-					},
-					PeerKey: peerHost.PublicKey.String(),
-					Allow:   true,
-					ID:      peer.ID.String(),
-				}
-			}
 			if (node.IsRelayed && node.RelayedBy != peer.ID.String()) || (peer.IsRelayed && peer.RelayedBy != node.ID.String()) {
 				// if node is relayed and peer is not the relay, set remove to true
 				if _, ok := peerIndexMap[peerHost.PublicKey.String()]; ok {
@@ -248,39 +209,11 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		var extPeers []wgtypes.PeerConfig
 		var extPeerIDAndAddrs []models.IDandAddr
 		if node.IsIngressGateway {
-			hostPeerUpdate.FwUpdate.IsIngressGw = true
 			extPeers, extPeerIDAndAddrs, err = getExtPeers(&node, &node)
 			if err == nil {
-				for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
-					extPeerIdAndAddr := extPeerIdAndAddr
-					nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{
-						PeerAddr: net.IPNet{
-							IP:   net.ParseIP(extPeerIdAndAddr.Address),
-							Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
-						},
-						PeerKey: extPeerIdAndAddr.ID,
-						Allow:   true,
-						ID:      extPeerIdAndAddr.ID,
-					}
-				}
 				hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...)
 				for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
 					extPeerIdAndAddr := extPeerIdAndAddr
-
-					hostPeerUpdate.FwUpdate.IngressInfo.ExtPeers[extPeerIdAndAddr.ID] = models.ExtClientInfo{
-						Masquerade: true,
-						IngGwAddr: net.IPNet{
-							IP:   net.ParseIP(node.PrimaryAddress()),
-							Mask: getCIDRMaskFromAddr(node.PrimaryAddress()),
-						},
-						Network: node.PrimaryNetworkRange(),
-						ExtPeerAddr: net.IPNet{
-							IP:   net.ParseIP(extPeerIdAndAddr.Address),
-							Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
-						},
-						ExtPeerKey: extPeerIdAndAddr.ID,
-						Peers:      filterNodeMapForClientACLs(extPeerIdAndAddr.ID, node.Network, nodePeerMap),
-					}
 					if node.Network == network {
 						hostPeerUpdate.PeerIDs[extPeerIdAndAddr.ID] = extPeerIdAndAddr
 						hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, extPeers...)
@@ -290,7 +223,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 				logger.Log(1, "error retrieving external clients:", err.Error())
 			}
 		}
-		if node.IsEgressGateway {
+		if node.IsEgressGateway && node.EgressGatewayRequest.NatEnabled == "yes" && len(node.EgressGatewayRequest.Ranges) > 0 {
 			hostPeerUpdate.FwUpdate.IsEgressGw = true
 			hostPeerUpdate.FwUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{
 				EgressID: node.ID.String(),
@@ -299,7 +232,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 					IP:   net.ParseIP(node.PrimaryAddress()),
 					Mask: getCIDRMaskFromAddr(node.PrimaryAddress()),
 				},
-				GwPeers:     nodePeerMap,
 				EgressGWCfg: node.EgressGatewayRequest,
 			}
 		}
@@ -584,29 +516,3 @@ func getCIDRMaskFromAddr(addr string) net.IPMask {
 	}
 	return cidr
 }
-
-// accounts for ext client ACLs
-func filterNodeMapForClientACLs(publicKey, network string, nodePeerMap map[string]models.PeerRouteInfo) map[string]models.PeerRouteInfo {
-	if !isEE {
-		return nodePeerMap
-	}
-	if nodePeerMap == nil {
-		return map[string]models.PeerRouteInfo{}
-	}
-
-	if len(publicKey) == 0 || len(network) == 0 {
-		return nodePeerMap
-	}
-
-	client, err := GetExtClientByPubKey(publicKey, network)
-	if err != nil {
-		return nodePeerMap
-	}
-	for k := range nodePeerMap {
-		currNodePeer := nodePeerMap[k]
-		if _, ok := client.DeniedACLs[currNodePeer.ID]; ok {
-			delete(nodePeerMap, k)
-		}
-	}
-	return nodePeerMap
-}
diff --git a/models/mqtt.go b/models/mqtt.go
index e818df67..b50e8cd2 100644
--- a/models/mqtt.go
+++ b/models/mqtt.go
@@ -30,11 +30,10 @@ type IngressInfo struct {
 
 // EgressInfo - struct for egress info
 type EgressInfo struct {
-	EgressID     string                   `json:"egress_id" yaml:"egress_id"`
-	Network      net.IPNet                `json:"network" yaml:"network"`
-	EgressGwAddr net.IPNet                `json:"egress_gw_addr" yaml:"egress_gw_addr"`
-	GwPeers      map[string]PeerRouteInfo `json:"gateway_peers" yaml:"gateway_peers"`
-	EgressGWCfg  EgressGatewayRequest     `json:"egress_gateway_cfg" yaml:"egress_gateway_cfg"`
+	EgressID     string               `json:"egress_id" yaml:"egress_id"`
+	Network      net.IPNet            `json:"network" yaml:"network"`
+	EgressGwAddr net.IPNet            `json:"egress_gw_addr" yaml:"egress_gw_addr"`
+	EgressGWCfg  EgressGatewayRequest `json:"egress_gateway_cfg" yaml:"egress_gateway_cfg"`
 }
 
 // EgressNetworkRoutes - struct for egress network routes for adding routes to peer's interface
@@ -69,8 +68,6 @@ type KeyUpdate struct {
 
 // FwUpdate - struct for firewall updates
 type FwUpdate struct {
-	IsIngressGw bool                  `json:"is_ingress_gw"`
-	IsEgressGw  bool                  `json:"is_egress_gw"`
-	IngressInfo IngressInfo           `json:"ingress_info"`
-	EgressInfo  map[string]EgressInfo `json:"egress_info"`
+	IsEgressGw bool                  `json:"is_egress_gw"`
+	EgressInfo map[string]EgressInfo `json:"egress_info"`
 }