From edcb19f7eb5e09a437596a72f684f6fb9e695dc5 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Sun, 10 Nov 2024 20:28:33 +0400 Subject: [PATCH 1/5] set relayed peer endpoint to nil on relay --- logic/peers.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/logic/peers.go b/logic/peers.go index 532dc5de5..f67162636 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -237,6 +237,13 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N peerEndpoint = peerHost.EndpointIPv6 } } + if node.IsRelay && peer.RelayedBy == node.ID.String() && !peer.IsStatic { + // don't set endpoint on relayed peer + peerEndpoint = nil + } + if isFailOverPeer && peer.FailedOverBy == node.ID && !peer.IsStatic { + peerEndpoint = nil + } peerConfig.Endpoint = &net.UDPAddr{ IP: peerEndpoint, From 3907461fe3366ec0158eb631b118345275a6deb6 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Mon, 11 Nov 2024 16:59:16 +0400 Subject: [PATCH 2/5] avoid adding static nodes to tags --- controllers/ext_client.go | 4 ++-- migrate/migrate.go | 12 ------------ pro/controllers/users.go | 4 ++-- 3 files changed, 4 insertions(+), 16 deletions(-) diff --git a/controllers/ext_client.go b/controllers/ext_client.go index aabb5103e..874c62576 100644 --- a/controllers/ext_client.go +++ b/controllers/ext_client.go @@ -470,8 +470,8 @@ func createExtClient(w http.ResponseWriter, r *http.Request) { extclient.IngressGatewayID = nodeid extclient.Network = node.Network extclient.Tags = make(map[models.TagID]struct{}) - extclient.Tags[models.TagID(fmt.Sprintf("%s.%s", extclient.Network, - models.RemoteAccessTagName))] = struct{}{} + // extclient.Tags[models.TagID(fmt.Sprintf("%s.%s", extclient.Network, + // models.RemoteAccessTagName))] = struct{}{} // set extclient dns to ingressdns if extclient dns is not explicitly set if (extclient.DNS == "") && (node.IngressDNS != "") { extclient.DNS = node.IngressDNS diff --git a/migrate/migrate.go b/migrate/migrate.go index 51e74ab4c..19e9232aa 100644 --- a/migrate/migrate.go +++ b/migrate/migrate.go @@ -226,18 +226,6 @@ func updateNodes() { } } } - extclients, _ := logic.GetAllExtClients() - for _, extclient := range extclients { - tagID := models.TagID(fmt.Sprintf("%s.%s", extclient.Network, - models.RemoteAccessTagName)) - if extclient.Tags == nil { - extclient.Tags = make(map[models.TagID]struct{}) - } - if _, ok := extclient.Tags[tagID]; !ok { - extclient.Tags[tagID] = struct{}{} - logic.SaveExtClient(&extclient) - } - } } func removeInterGw(egressRanges []string) ([]string, bool) { diff --git a/pro/controllers/users.go b/pro/controllers/users.go index 31099d0ce..86787b79b 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -1006,8 +1006,8 @@ func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) { userConf.Enabled = parentNetwork.DefaultACL == "yes" } userConf.Tags = make(map[models.TagID]struct{}) - userConf.Tags[models.TagID(fmt.Sprintf("%s.%s", userConf.Network, - models.RemoteAccessTagName))] = struct{}{} + // userConf.Tags[models.TagID(fmt.Sprintf("%s.%s", userConf.Network, + // models.RemoteAccessTagName))] = struct{}{} if err = logic.CreateExtClient(&userConf); err != nil { slog.Error( "failed to create extclient", From c8048da70c94bf05eb53ad40e440020be213d6c3 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Thu, 14 Nov 2024 13:43:36 +0400 Subject: [PATCH 3/5] limit ext names to 15 --- logic/extpeers.go | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/logic/extpeers.go b/logic/extpeers.go index efcb045ef..c03a0efa7 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -2,6 +2,7 @@ package logic import ( "encoding/json" + "errors" "fmt" "net" "reflect" @@ -9,6 +10,7 @@ import ( "sync" "time" + "github.com/goombaio/namegenerator" "github.com/gravitl/netmaker/database" "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/logic/acls" @@ -281,13 +283,41 @@ func CreateExtClient(extclient *models.ExtClient) error { } if extclient.ClientID == "" { - extclient.ClientID = models.GenerateNodeName() + extclient.ClientID, err = GenerateNodeName(extclient.Network) + if err != nil { + return err + } } extclient.LastModified = time.Now().Unix() return SaveExtClient(extclient) } +// GenerateNodeName - generates a random node name +func GenerateNodeName(network string) (string, error) { + seed := time.Now().UTC().UnixNano() + nameGenerator := namegenerator.NewNameGenerator(seed) + var name string + cnt := 0 + for { + if cnt > 10 { + return "", errors.New("couldn't generate random name, try again") + } + cnt += 1 + name = nameGenerator.Generate() + if len(name) > 15 { + continue + } + _, err := GetExtClient(name, network) + if err == nil { + // config exists with same name + continue + } + break + } + return name, nil +} + // SaveExtClient - saves an ext client to database func SaveExtClient(extclient *models.ExtClient) error { key, err := GetRecordKey(extclient.ClientID, extclient.Network) From 8a948187bb2d04812fa8b1411cb3d8f72894468a Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Fri, 15 Nov 2024 15:39:36 +0400 Subject: [PATCH 4/5] block tag deletion if used by a acl policy --- controllers/tags.go | 5 +++++ logic/acls.go | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/controllers/tags.go b/controllers/tags.go index 633dab968..f494d7b08 100644 --- a/controllers/tags.go +++ b/controllers/tags.go @@ -216,6 +216,11 @@ func deleteTag(w http.ResponseWriter, r *http.Request) { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) return } + // check if active policy is using the tag + if logic.CheckIfTagAsActivePolicy(tag.ID, tag.Network) { + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("tag is currently in use by an active policy"), "badrequest")) + return + } err = logic.DeleteTag(models.TagID(tagID), true) if err != nil { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) diff --git a/logic/acls.go b/logic/acls.go index 334e6f160..8863ce86d 100644 --- a/logic/acls.go +++ b/logic/acls.go @@ -621,6 +621,25 @@ func UpdateDeviceTag(OldID, newID models.TagID, netID models.NetworkID) { } } +func CheckIfTagAsActivePolicy(tagID models.TagID, netID models.NetworkID) bool { + acls := listDevicePolicies(netID) + for _, acl := range acls { + for _, srcTagI := range acl.Src { + if srcTagI.ID == models.DeviceAclID { + if tagID.String() == srcTagI.Value { + return true + } + } + } + for _, dstTagI := range acl.Dst { + if dstTagI.ID == models.DeviceAclID { + return true + } + } + } + return false +} + // RemoveDeviceTagFromAclPolicies - remove device tag from acl policies func RemoveDeviceTagFromAclPolicies(tagID models.TagID, netID models.NetworkID) error { acls := listDevicePolicies(netID) From 604f8f5ef2178947c641e7313f26692b51aade78 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Fri, 15 Nov 2024 21:07:40 +0400 Subject: [PATCH 5/5] fix old acls migration --- logic/acls/nodeacls/modify.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/logic/acls/nodeacls/modify.go b/logic/acls/nodeacls/modify.go index 5710dd612..1c2de672d 100644 --- a/logic/acls/nodeacls/modify.go +++ b/logic/acls/nodeacls/modify.go @@ -25,6 +25,9 @@ func CreateNodeACL(networkID NetworkID, nodeID NodeID, defaultVal byte) (acls.AC acls.AclMutex.Lock() var newNodeACL = make(acls.ACL) for existingNodeID := range currentNetworkACL { + if currentNetworkACL[existingNodeID] == nil { + currentNetworkACL[existingNodeID] = make(acls.ACL) + } currentNetworkACL[existingNodeID][acls.AclID(nodeID)] = defaultVal // set the old nodes to default value for new node newNodeACL[existingNodeID] = defaultVal // set the old nodes in new node ACL to default value }