add metric route to ext client addrs

This commit is contained in:
abhishek9686 2025-03-27 15:59:33 +04:00
parent 9b2bffe723
commit d55baebac5
2 changed files with 9 additions and 172 deletions

View file

@ -1054,176 +1054,6 @@ func IsNodeAllowedToCommunicateV1(node, peer models.Node, checkDefaultPolicy boo
return false, allowedPolicies
}
// IsNodeAllowedToCommunicate - check node is allowed to communicate with the peer
func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool) (bool, []models.Acl) {
var nodeId, peerId string
if node.IsStatic {
nodeId = node.StaticNode.ClientID
node = node.StaticNode.ConvertToStaticNode()
} else {
nodeId = node.ID.String()
}
if peer.IsStatic {
peerId = peer.StaticNode.ClientID
peer = peer.StaticNode.ConvertToStaticNode()
} else {
peerId = peer.ID.String()
}
var nodeTags, peerTags map[models.TagID]struct{}
if node.Mutex != nil {
node.Mutex.Lock()
nodeTags = maps.Clone(node.Tags)
node.Mutex.Unlock()
} else {
nodeTags = node.Tags
}
if peer.Mutex != nil {
peer.Mutex.Lock()
peerTags = maps.Clone(peer.Tags)
peer.Mutex.Unlock()
} else {
peerTags = peer.Tags
}
if nodeTags == nil {
nodeTags = make(map[models.TagID]struct{})
}
if peerTags == nil {
peerTags = make(map[models.TagID]struct{})
}
nodeTags[models.TagID(nodeId)] = struct{}{}
peerTags[models.TagID(peerId)] = struct{}{}
if checkDefaultPolicy {
// check default policy if all allowed return true
defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
if err == nil {
if defaultPolicy.Enabled {
return true, []models.Acl{defaultPolicy}
}
}
}
allowedPolicies := []models.Acl{}
// list device policies
policies := listDevicePolicies(models.NetworkID(peer.Network))
srcMap := make(map[string]struct{})
dstMap := make(map[string]struct{})
defer func() {
srcMap = nil
dstMap = nil
}()
for _, policy := range policies {
if !policy.Enabled {
continue
}
srcMap = convAclTagToValueMap(policy.Src)
dstMap = convAclTagToValueMap(policy.Dst)
_, srcAll := srcMap["*"]
_, dstAll := dstMap["*"]
if policy.AllowedDirection == models.TrafficDirectionBi {
if _, ok := srcMap[nodeId]; ok || srcAll {
if _, ok := dstMap[peerId]; ok || dstAll {
allowedPolicies = append(allowedPolicies, policy)
continue
}
}
if _, ok := dstMap[nodeId]; ok || dstAll {
if _, ok := srcMap[peerId]; ok || srcAll {
allowedPolicies = append(allowedPolicies, policy)
continue
}
}
}
if _, ok := dstMap[nodeId]; ok || dstAll {
if _, ok := srcMap[peerId]; ok || srcAll {
allowedPolicies = append(allowedPolicies, policy)
continue
}
}
for tagID := range nodeTags {
allowed := false
if _, ok := dstMap[tagID.String()]; policy.AllowedDirection == models.TrafficDirectionBi && ok || dstAll {
if srcAll {
allowed = true
allowedPolicies = append(allowedPolicies, policy)
break
}
for tagID := range peerTags {
if _, ok := srcMap[tagID.String()]; ok {
allowed = true
break
}
}
}
if allowed {
allowedPolicies = append(allowedPolicies, policy)
break
}
if _, ok := srcMap[tagID.String()]; ok || srcAll {
if dstAll {
allowed = true
allowedPolicies = append(allowedPolicies, policy)
break
}
for tagID := range peerTags {
if _, ok := dstMap[tagID.String()]; ok {
allowed = true
break
}
}
}
if allowed {
allowedPolicies = append(allowedPolicies, policy)
break
}
}
for tagID := range peerTags {
allowed := false
if _, ok := dstMap[tagID.String()]; ok || dstAll {
if srcAll {
allowed = true
allowedPolicies = append(allowedPolicies, policy)
break
}
for tagID := range nodeTags {
if _, ok := srcMap[tagID.String()]; ok || srcAll {
allowed = true
break
}
}
}
if allowed {
allowedPolicies = append(allowedPolicies, policy)
break
}
if _, ok := srcMap[tagID.String()]; policy.AllowedDirection == models.TrafficDirectionBi && ok || srcAll {
if dstAll {
allowed = true
allowedPolicies = append(allowedPolicies, policy)
break
}
for tagID := range nodeTags {
if _, ok := dstMap[tagID.String()]; ok {
allowed = true
break
}
}
}
if allowed {
allowedPolicies = append(allowedPolicies, policy)
break
}
}
}
if len(allowedPolicies) > 0 {
return true, allowedPolicies
}
return false, allowedPolicies
}
// SortTagEntrys - Sorts slice of Tag entries by their id
func SortAclEntrys(acls []models.Acl) {
sort.Slice(acls, func(i, j int) bool {

View file

@ -874,14 +874,21 @@ func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA
}
func getExtPeerEgressRoute(node models.Node, extPeer models.ExtClient) (egressRoutes []models.EgressNetworkRoutes) {
egressRoutes = append(egressRoutes, models.EgressNetworkRoutes{
r := models.EgressNetworkRoutes{
PeerKey: extPeer.PublicKey,
EgressGwAddr: extPeer.AddressIPNet4(),
EgressGwAddr6: extPeer.AddressIPNet6(),
NodeAddr: node.Address,
NodeAddr6: node.Address6,
EgressRanges: extPeer.ExtraAllowedIPs,
})
}
for _, extraAllowedIP := range extPeer.ExtraAllowedIPs {
r.EgressRangesWithMetric = append(r.EgressRangesWithMetric, models.EgressRangeMetric{
Network: extraAllowedIP,
RouteMetric: 256,
})
}
egressRoutes = append(egressRoutes, r)
return
}