slackhq/nebula
1
1
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-02-22 14:33:15 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix for netip

Browse source
This commit is contained in:
Wade Simmons 2024-09-13 16:27:41 -04:00
parent c87e2cbc70
commit 7a36dd057b
1 changed files with 17 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
lighthouse.go
View file

@ -665,6 +665,13 @@ func lhIp6ToIp(v *Ip6AndPort) net.IP {
return ip return ip
} }
func lhIp6ToAddr(v *Ip6AndPort) netip.Addr {
var ip [16]byte
binary.BigEndian.PutUint64(ip[:8], v.Hi)
binary.BigEndian.PutUint64(ip[8:], v.Lo)
return netip.AddrFrom16(ip)
}
func (lh *LightHouse) IsLighthouseIP(vpnIp netip.Addr) bool { func (lh *LightHouse) IsLighthouseIP(vpnIp netip.Addr) bool {
if _, ok := lh.GetLighthouses()[vpnIp]; ok { if _, ok := lh.GetLighthouses()[vpnIp]; ok {
return true return true
@ -1152,16 +1159,21 @@ func (lhh *LightHouseHandler) handleHostPunchNotification(n *NebulaMeta, vpnIp n
} }
} }
remoteVpnIp := iputil.VpnIp(n.Details.VpnIp) //TODO: IPV6-WORK
var b [4]byte
binary.BigEndian.PutUint32(b[:], n.Details.VpnIp)
remoteVpnIp := netip.AddrFrom4(b)
remoteAllowList := lhh.lh.GetRemoteAllowList() remoteAllowList := lhh.lh.GetRemoteAllowList()
for _, a := range n.Details.Ip4AndPorts { for _, a := range n.Details.Ip4AndPorts {
if remoteAllowList.AllowIpV4(remoteVpnIp, iputil.VpnIp(a.Ip)) { binary.BigEndian.PutUint32(b[:], a.Ip)
if remoteAllowList.Allow(remoteVpnIp, netip.AddrFrom4(b)) {
punch(AddrPortFromIp4AndPort(a)) punch(AddrPortFromIp4AndPort(a))
} }
} }
for _, a := range n.Details.Ip6AndPorts { for _, a := range n.Details.Ip6AndPorts {
if remoteAllowList.AllowIpV6(remoteVpnIp, a.Hi, a.Lo) { if remoteAllowList.Allow(remoteVpnIp, lhIp6ToAddr(a)) {
punch(AddrPortFromIp6AndPort(a)) punch(AddrPortFromIp6AndPort(a))
} }
} }
@ -1170,19 +1182,15 @@ func (lhh *LightHouseHandler) handleHostPunchNotification(n *NebulaMeta, vpnIp n
// of a double nat or other difficult scenario, this may help establish // of a double nat or other difficult scenario, this may help establish
// a tunnel. // a tunnel.
if lhh.lh.punchy.GetRespond() { if lhh.lh.punchy.GetRespond() {
//TODO: IPV6-WORK
b := [4]byte{}
binary.BigEndian.PutUint32(b[:], n.Details.VpnIp)
queryVpnIp := netip.AddrFrom4(b)
go func() { go func() {
time.Sleep(lhh.lh.punchy.GetRespondDelay()) time.Sleep(lhh.lh.punchy.GetRespondDelay())
if lhh.l.Level >= logrus.DebugLevel { if lhh.l.Level >= logrus.DebugLevel {
lhh.l.Debugf("Sending a nebula test packet to vpn ip %s", queryVpnIp) lhh.l.Debugf("Sending a nebula test packet to vpn ip %s", remoteVpnIp)
} }
//NOTE: we have to allocate a new output buffer here since we are spawning a new goroutine //NOTE: we have to allocate a new output buffer here since we are spawning a new goroutine
// for each punchBack packet. We should move this into a timerwheel or a single goroutine // for each punchBack packet. We should move this into a timerwheel or a single goroutine
// managed by a channel. // managed by a channel.
w.SendMessageToVpnIp(header.Test, header.TestRequest, queryVpnIp, []byte(""), make([]byte, 12, 12), make([]byte, mtu)) w.SendMessageToVpnIp(header.Test, header.TestRequest, remoteVpnIp, []byte(""), make([]byte, 12, 12), make([]byte, mtu))
}() }()
} }
} }