Skip to content

Commit

Permalink
Use any as source for the firewall for routed networks (#2134)
Browse files Browse the repository at this point in the history
  • Loading branch information
lixmal authored Jun 18, 2024
1 parent 381447b commit 215fb25
Showing 1 changed file with 15 additions and 5 deletions.
20 changes: 15 additions & 5 deletions client/internal/routemanager/server_nonandroid.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ package routemanager
import (
"context"
"fmt"
"net"
"net/netip"
"sync"

log "github.com/sirupsen/logrus"
Expand Down Expand Up @@ -89,7 +89,7 @@ func (m *defaultServerRouter) removeFromServerNetwork(route *route.Route) error
m.mux.Lock()
defer m.mux.Unlock()

routerPair, err := routeToRouterPair(m.wgInterface.Address().Network, route)
routerPair, err := routeToRouterPair(route)
if err != nil {
return fmt.Errorf("parse prefix: %w", err)
}
Expand Down Expand Up @@ -118,7 +118,7 @@ func (m *defaultServerRouter) addToServerNetwork(route *route.Route) error {
m.mux.Lock()
defer m.mux.Unlock()

routerPair, err := routeToRouterPair(m.wgInterface.Address().Network, route)
routerPair, err := routeToRouterPair(route)
if err != nil {
return fmt.Errorf("parse prefix: %w", err)
}
Expand Down Expand Up @@ -151,7 +151,7 @@ func (m *defaultServerRouter) cleanUp() {
m.mux.Lock()
defer m.mux.Unlock()
for _, r := range m.routes {
routerPair, err := routeToRouterPair(m.wgInterface.Address().Network, r)
routerPair, err := routeToRouterPair(r)
if err != nil {
log.Errorf("Failed to convert route to router pair: %v", err)
continue
Expand All @@ -169,7 +169,10 @@ func (m *defaultServerRouter) cleanUp() {
m.statusRecorder.UpdateLocalPeerState(state)
}

func routeToRouterPair(source *net.IPNet, route *route.Route) (firewall.RouterPair, error) {
func routeToRouterPair(route *route.Route) (firewall.RouterPair, error) {
// TODO: add ipv6
source := getDefaultPrefix(route.Network)

destination := route.Network.Masked().String()
if route.IsDynamic() {
// TODO: add ipv6
Expand All @@ -183,3 +186,10 @@ func routeToRouterPair(source *net.IPNet, route *route.Route) (firewall.RouterPa
Masquerade: route.Masquerade,
}, nil
}

func getDefaultPrefix(prefix netip.Prefix) netip.Prefix {
if prefix.Addr().Is6() {
return netip.PrefixFrom(netip.IPv6Unspecified(), 0)
}
return netip.PrefixFrom(netip.IPv4Unspecified(), 0)
}

0 comments on commit 215fb25

Please sign in to comment.