Refactored SyncRoutes for better control
This commit is contained in:
parent
6264d3c504
commit
6b3b3f100f
22
wg.go
22
wg.go
@ -3,6 +3,7 @@ package wgquick
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"strings"
|
"strings"
|
||||||
@ -140,6 +141,11 @@ func execSh(command string, iface string, log logrus.FieldLogger, stdin ...strin
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Sync the config to the current setup for given interface
|
// Sync the config to the current setup for given interface
|
||||||
|
// It perform 4 operations:
|
||||||
|
// * SyncLink --> makes sure link is up and type wireguard
|
||||||
|
// * SyncWireguardDevice --> configures allowedIP & other wireguard specific settings
|
||||||
|
// * SyncAddress --> synces linux addresses bounded to this interface
|
||||||
|
// * SyncRoutes --> synces all allowedIP routes to route to this interface
|
||||||
func Sync(cfg *Config, iface string, logger logrus.FieldLogger) error {
|
func Sync(cfg *Config, iface string, logger logrus.FieldLogger) error {
|
||||||
log := logger.WithField("iface", iface)
|
log := logger.WithField("iface", iface)
|
||||||
|
|
||||||
@ -162,7 +168,13 @@ func Sync(cfg *Config, iface string, logger logrus.FieldLogger) error {
|
|||||||
}
|
}
|
||||||
log.Info("synced addresss")
|
log.Info("synced addresss")
|
||||||
|
|
||||||
if err := SyncRoutes(cfg, link, log); err != nil {
|
var managedRoutes []net.IPNet
|
||||||
|
for _, peer := range cfg.Peers {
|
||||||
|
for _, rt := range peer.AllowedIPs {
|
||||||
|
managedRoutes = append(managedRoutes, rt)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := SyncRoutes(cfg, link, managedRoutes, log); err != nil {
|
||||||
log.WithError(err).Errorln("cannot sync routes")
|
log.WithError(err).Errorln("cannot sync routes")
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -172,7 +184,7 @@ func Sync(cfg *Config, iface string, logger logrus.FieldLogger) error {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// SyncWireguardDevice synces wireguard vpn setting on the given link. It does not set routes/addresses beyond wg internal crypto-key routing
|
// SyncWireguardDevice synces wireguard vpn setting on the given link. It does not set routes/addresses beyond wg internal crypto-key routing, only handles wireguard specific settings
|
||||||
func SyncWireguardDevice(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
|
func SyncWireguardDevice(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
|
||||||
cl, err := wireguardctrl.New()
|
cl, err := wireguardctrl.New()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -275,7 +287,7 @@ func SyncAddress(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// SyncRoutes adds/deletes all route assigned IPV4 addressed as specified in the config
|
// SyncRoutes adds/deletes all route assigned IPV4 addressed as specified in the config
|
||||||
func SyncRoutes(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
|
func SyncRoutes(cfg *Config, link netlink.Link, managedRoutes []net.IPNet, log logrus.FieldLogger) error {
|
||||||
routes, err := netlink.RouteList(link, syscall.AF_INET)
|
routes, err := netlink.RouteList(link, syscall.AF_INET)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error(err, "cannot read existing routes")
|
log.Error(err, "cannot read existing routes")
|
||||||
@ -299,8 +311,7 @@ func SyncRoutes(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
|
|||||||
log.Debug("added route to consideration")
|
log.Debug("added route to consideration")
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, peer := range cfg.Peers {
|
for _, rt := range managedRoutes {
|
||||||
for _, rt := range peer.AllowedIPs {
|
|
||||||
log := log.WithField("route", rt.String())
|
log := log.WithField("route", rt.String())
|
||||||
route, present := presentRoutes[rt.String()]
|
route, present := presentRoutes[rt.String()]
|
||||||
presentRoutes[rt.String()] = netlink.Route{} // mark as visited
|
presentRoutes[rt.String()] = netlink.Route{} // mark as visited
|
||||||
@ -323,7 +334,6 @@ func SyncRoutes(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
|
|||||||
}
|
}
|
||||||
log.Info("route added")
|
log.Info("route added")
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Clean extra routes
|
// Clean extra routes
|
||||||
for _, rt := range presentRoutes {
|
for _, rt := range presentRoutes {
|
||||||
|
Loading…
Reference in New Issue
Block a user