gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-07 12:26:12 +08:00
Code Issues Projects Releases Packages Wiki Activity

NET-433: Only Set Routes for NAT enabled egress GW (#2469)

Browse source 
* remove related fields and code

* remover metrics collection from server code

* fw update struct

* add ext client flag to metrics data

* simply nat types

* rm proxy update from cli

* remove ingress routes from firewall update

* check if egress ranges are present

* rm unused func
This commit is contained in:
Abhishek K 2023-07-28 19:44:51 +05:30 committed by GitHub
parent 6ef61cf48e
commit cf11169553
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
logic/peers.go
View file

@ -30,9 +30,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
ServerVersion: servercfg.GetVersion(), ServerVersion: servercfg.GetVersion(),
ServerAddrs: []models.ServerAddr{}, ServerAddrs: []models.ServerAddr{},
FwUpdate: models.FwUpdate{ FwUpdate: models.FwUpdate{
IngressInfo: models.IngressInfo{
ExtPeers: make(map[string]models.ExtClientInfo),
},
EgressInfo: make(map[string]models.EgressInfo), EgressInfo: make(map[string]models.EgressInfo),
}, },
PeerIDs: make(models.PeerMap, 0), PeerIDs: make(models.PeerMap, 0),
@ -110,10 +107,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
} }
currentPeers := GetNetworkNodesMemory(allNodes, node.Network) currentPeers := GetNetworkNodesMemory(allNodes, node.Network)
var nodePeerMap map[string]models.PeerRouteInfo
if node.IsIngressGateway || node.IsEgressGateway {
nodePeerMap = make(map[string]models.PeerRouteInfo)
}
for _, peer := range currentPeers { for _, peer := range currentPeers {
peer := peer peer := peer
if peer.ID.String() == node.ID.String() { if peer.ID.String() == node.ID.String() {
@ -138,38 +131,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
EgressRanges: peer.EgressGatewayRanges, EgressRanges: peer.EgressGatewayRanges,
}) })
} }
if node.IsIngressGateway || node.IsEgressGateway {
if peer.IsIngressGateway {
_, extPeerIDAndAddrs, err := getExtPeers(&peer, &node)
if err == nil {
for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
extPeerIdAndAddr := extPeerIdAndAddr
nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{
PeerAddr: net.IPNet{
IP: net.ParseIP(extPeerIdAndAddr.Address),
Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
},
PeerKey: extPeerIdAndAddr.ID,
Allow: true,
ID: extPeerIdAndAddr.ID,
}
}
}
}
if node.IsIngressGateway && peer.IsEgressGateway {
hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges = append(hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges,
peer.EgressGatewayRanges...)
}
nodePeerMap[peerHost.PublicKey.String()] = models.PeerRouteInfo{
PeerAddr: net.IPNet{
IP: net.ParseIP(peer.PrimaryAddress()),
Mask: getCIDRMaskFromAddr(peer.PrimaryAddress()),
},
PeerKey: peerHost.PublicKey.String(),
Allow: true,
ID: peer.ID.String(),
}
}
if (node.IsRelayed && node.RelayedBy != peer.ID.String()) || (peer.IsRelayed && peer.RelayedBy != node.ID.String()) { if (node.IsRelayed && node.RelayedBy != peer.ID.String()) || (peer.IsRelayed && peer.RelayedBy != node.ID.String()) {
// if node is relayed and peer is not the relay, set remove to true // if node is relayed and peer is not the relay, set remove to true
if _, ok := peerIndexMap[peerHost.PublicKey.String()]; ok { if _, ok := peerIndexMap[peerHost.PublicKey.String()]; ok {
@ -248,39 +209,11 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
var extPeers []wgtypes.PeerConfig var extPeers []wgtypes.PeerConfig
var extPeerIDAndAddrs []models.IDandAddr var extPeerIDAndAddrs []models.IDandAddr
if node.IsIngressGateway { if node.IsIngressGateway {
hostPeerUpdate.FwUpdate.IsIngressGw = true
extPeers, extPeerIDAndAddrs, err = getExtPeers(&node, &node) extPeers, extPeerIDAndAddrs, err = getExtPeers(&node, &node)
if err == nil { if err == nil {
for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
extPeerIdAndAddr := extPeerIdAndAddr
nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{
PeerAddr: net.IPNet{
IP: net.ParseIP(extPeerIdAndAddr.Address),
Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
},
PeerKey: extPeerIdAndAddr.ID,
Allow: true,
ID: extPeerIdAndAddr.ID,
}
}
hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...) hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...)
for _, extPeerIdAndAddr := range extPeerIDAndAddrs { for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
extPeerIdAndAddr := extPeerIdAndAddr extPeerIdAndAddr := extPeerIdAndAddr
hostPeerUpdate.FwUpdate.IngressInfo.ExtPeers[extPeerIdAndAddr.ID] = models.ExtClientInfo{
Masquerade: true,
IngGwAddr: net.IPNet{
IP: net.ParseIP(node.PrimaryAddress()),
Mask: getCIDRMaskFromAddr(node.PrimaryAddress()),
},
Network: node.PrimaryNetworkRange(),
ExtPeerAddr: net.IPNet{
IP: net.ParseIP(extPeerIdAndAddr.Address),
Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
},
ExtPeerKey: extPeerIdAndAddr.ID,
Peers: filterNodeMapForClientACLs(extPeerIdAndAddr.ID, node.Network, nodePeerMap),
}
if node.Network == network { if node.Network == network {
hostPeerUpdate.PeerIDs[extPeerIdAndAddr.ID] = extPeerIdAndAddr hostPeerUpdate.PeerIDs[extPeerIdAndAddr.ID] = extPeerIdAndAddr
hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, extPeers...) hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, extPeers...)
@ -290,7 +223,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
logger.Log(1, "error retrieving external clients:", err.Error()) logger.Log(1, "error retrieving external clients:", err.Error())
} }
} }
if node.IsEgressGateway { if node.IsEgressGateway && node.EgressGatewayRequest.NatEnabled == "yes" && len(node.EgressGatewayRequest.Ranges) > 0 {
hostPeerUpdate.FwUpdate.IsEgressGw = true hostPeerUpdate.FwUpdate.IsEgressGw = true
hostPeerUpdate.FwUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{ hostPeerUpdate.FwUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{
EgressID: node.ID.String(), EgressID: node.ID.String(),
@ -299,7 +232,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
IP: net.ParseIP(node.PrimaryAddress()), IP: net.ParseIP(node.PrimaryAddress()),
Mask: getCIDRMaskFromAddr(node.PrimaryAddress()), Mask: getCIDRMaskFromAddr(node.PrimaryAddress()),
}, },
GwPeers: nodePeerMap,
EgressGWCfg: node.EgressGatewayRequest, EgressGWCfg: node.EgressGatewayRequest,
} }
} }
@ -584,29 +516,3 @@ func getCIDRMaskFromAddr(addr string) net.IPMask {
} }
return cidr return cidr
} }
// accounts for ext client ACLs
func filterNodeMapForClientACLs(publicKey, network string, nodePeerMap map[string]models.PeerRouteInfo) map[string]models.PeerRouteInfo {
if !isEE {
return nodePeerMap
}
if nodePeerMap == nil {
return map[string]models.PeerRouteInfo{}
}
if len(publicKey) == 0 || len(network) == 0 {
return nodePeerMap
}
client, err := GetExtClientByPubKey(publicKey, network)
if err != nil {
return nodePeerMap
}
for k := range nodePeerMap {
currNodePeer := nodePeerMap[k]
if _, ok := client.DeniedACLs[currNodePeer.ID]; ok {
delete(nodePeerMap, k)
}
}
return nodePeerMap
}

15
models/mqtt.go
View file

@ -30,11 +30,10 @@ type IngressInfo struct {
// EgressInfo - struct for egress info // EgressInfo - struct for egress info
type EgressInfo struct { type EgressInfo struct {
EgressID string `json:"egress_id" yaml:"egress_id"` EgressID string `json:"egress_id" yaml:"egress_id"`
Network net.IPNet `json:"network" yaml:"network"` Network net.IPNet `json:"network" yaml:"network"`
EgressGwAddr net.IPNet `json:"egress_gw_addr" yaml:"egress_gw_addr"` EgressGwAddr net.IPNet `json:"egress_gw_addr" yaml:"egress_gw_addr"`
GwPeers map[string]PeerRouteInfo `json:"gateway_peers" yaml:"gateway_peers"` EgressGWCfg EgressGatewayRequest `json:"egress_gateway_cfg" yaml:"egress_gateway_cfg"`
EgressGWCfg EgressGatewayRequest `json:"egress_gateway_cfg" yaml:"egress_gateway_cfg"`
} }
// EgressNetworkRoutes - struct for egress network routes for adding routes to peer's interface // EgressNetworkRoutes - struct for egress network routes for adding routes to peer's interface
@ -69,8 +68,6 @@ type KeyUpdate struct {
// FwUpdate - struct for firewall updates // FwUpdate - struct for firewall updates
type FwUpdate struct { type FwUpdate struct {
IsIngressGw bool `json:"is_ingress_gw"` IsEgressGw bool `json:"is_egress_gw"`
IsEgressGw bool `json:"is_egress_gw"` EgressInfo map[string]EgressInfo `json:"egress_info"`
IngressInfo IngressInfo `json:"ingress_info"`
EgressInfo map[string]EgressInfo `json:"egress_info"`
} }