Refactored SyncRoutes for better control

This commit is contained in:
Neven Miculinic 2019-03-29 11:01:22 +01:00
parent 6264d3c504
commit 6b3b3f100f

22
wg.go
View File

@ -3,6 +3,7 @@ package wgquick
import ( import (
"bytes" "bytes"
"fmt" "fmt"
"net"
"os" "os"
"os/exec" "os/exec"
"strings" "strings"
@ -140,6 +141,11 @@ func execSh(command string, iface string, log logrus.FieldLogger, stdin ...strin
} }
// Sync the config to the current setup for given interface // Sync the config to the current setup for given interface
// It perform 4 operations:
// * SyncLink --> makes sure link is up and type wireguard
// * SyncWireguardDevice --> configures allowedIP & other wireguard specific settings
// * SyncAddress --> synces linux addresses bounded to this interface
// * SyncRoutes --> synces all allowedIP routes to route to this interface
func Sync(cfg *Config, iface string, logger logrus.FieldLogger) error { func Sync(cfg *Config, iface string, logger logrus.FieldLogger) error {
log := logger.WithField("iface", iface) log := logger.WithField("iface", iface)
@ -162,7 +168,13 @@ func Sync(cfg *Config, iface string, logger logrus.FieldLogger) error {
} }
log.Info("synced addresss") log.Info("synced addresss")
if err := SyncRoutes(cfg, link, log); err != nil { var managedRoutes []net.IPNet
for _, peer := range cfg.Peers {
for _, rt := range peer.AllowedIPs {
managedRoutes = append(managedRoutes, rt)
}
}
if err := SyncRoutes(cfg, link, managedRoutes, log); err != nil {
log.WithError(err).Errorln("cannot sync routes") log.WithError(err).Errorln("cannot sync routes")
return err return err
} }
@ -172,7 +184,7 @@ func Sync(cfg *Config, iface string, logger logrus.FieldLogger) error {
} }
// SyncWireguardDevice synces wireguard vpn setting on the given link. It does not set routes/addresses beyond wg internal crypto-key routing // SyncWireguardDevice synces wireguard vpn setting on the given link. It does not set routes/addresses beyond wg internal crypto-key routing, only handles wireguard specific settings
func SyncWireguardDevice(cfg *Config, link netlink.Link, log logrus.FieldLogger) error { func SyncWireguardDevice(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
cl, err := wireguardctrl.New() cl, err := wireguardctrl.New()
if err != nil { if err != nil {
@ -275,7 +287,7 @@ func SyncAddress(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
} }
// SyncRoutes adds/deletes all route assigned IPV4 addressed as specified in the config // SyncRoutes adds/deletes all route assigned IPV4 addressed as specified in the config
func SyncRoutes(cfg *Config, link netlink.Link, log logrus.FieldLogger) error { func SyncRoutes(cfg *Config, link netlink.Link, managedRoutes []net.IPNet, log logrus.FieldLogger) error {
routes, err := netlink.RouteList(link, syscall.AF_INET) routes, err := netlink.RouteList(link, syscall.AF_INET)
if err != nil { if err != nil {
log.Error(err, "cannot read existing routes") log.Error(err, "cannot read existing routes")
@ -299,8 +311,7 @@ func SyncRoutes(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
log.Debug("added route to consideration") log.Debug("added route to consideration")
} }
for _, peer := range cfg.Peers { for _, rt := range managedRoutes {
for _, rt := range peer.AllowedIPs {
log := log.WithField("route", rt.String()) log := log.WithField("route", rt.String())
route, present := presentRoutes[rt.String()] route, present := presentRoutes[rt.String()]
presentRoutes[rt.String()] = netlink.Route{} // mark as visited presentRoutes[rt.String()] = netlink.Route{} // mark as visited
@ -323,7 +334,6 @@ func SyncRoutes(cfg *Config, link netlink.Link, log logrus.FieldLogger) error {
} }
log.Info("route added") log.Info("route added")
} }
}
// Clean extra routes // Clean extra routes
for _, rt := range presentRoutes { for _, rt := range presentRoutes {