extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-06-20 17:58:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

test: fix peer reflexive connectivity (#116)

Browse Source
This commit is contained in:
Mikhail Bragin 2021-09-09 10:45:04 +02:00 committed by GitHub
parent ec759bc461
commit 13288374f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
client/internal/connection.go
View File

@ -188,11 +188,19 @@ func (conn *Connection) Open(timeout time.Duration) error {
} }
// in case the remote peer is in the local network or one of the peers has public static IP -> no need for a Wireguard proxy, direct communication is possible. // in case the remote peer is in the local network or one of the peers has public static IP -> no need for a Wireguard proxy, direct communication is possible.
if !useProxy(pair) { if !useProxy(pair) {
log.Debugf("it is possible to establish a direct connection (without proxy) to peer %s - my addr: %s, remote addr: %s", conn.Config.RemoteWgKey.String(), pair.Local.Address(), pair.Remote.Address()) log.Debugf("it is possible to establish a direct connection (without proxy) to peer %s - my addr: %s, remote addr: %s", conn.Config.RemoteWgKey.String(), pair.Local, pair.Remote)
err = conn.wgProxy.StartLocal(fmt.Sprintf("%s:%d", pair.Remote.Address(), iface.WgPort)) var endpoint string
if isPublicIP(net.ParseIP(pair.Local.Address())) {
//skip endpoint because we are public - it will be discovered by Wireguard automatically
endpoint = ""
} else {
endpoint = fmt.Sprintf("%s:%d", pair.Remote.Address(), iface.WgPort)
}
err = conn.wgProxy.StartLocal(endpoint)
if err != nil { if err != nil {
return err return err
} }
} else { } else {
log.Infof("establishing secure tunnel to peer %s via selected candidate pair %s", conn.Config.RemoteWgKey.String(), pair) log.Infof("establishing secure tunnel to peer %s via selected candidate pair %s", conn.Config.RemoteWgKey.String(), pair)
err = conn.wgProxy.Start(remoteConn) err = conn.wgProxy.Start(remoteConn)
@ -239,23 +247,31 @@ func isPublicIP(ip net.IP) bool {
} }
//useProxy determines whether a direct connection (without a go proxy) is possible //useProxy determines whether a direct connection (without a go proxy) is possible
//There are 2 cases: one of the peers has a public IP or both peers are in teh same private network. //There are 3 cases: one of the peers has a public IP or both peers are in the same private network
//Please note, that this check happens when peers were already able to ping each other with ICE layer. //Please note, that this check happens when peers were already able to ping each other with ICE layer.
func useProxy(pair *ice.CandidatePair) bool { func useProxy(pair *ice.CandidatePair) bool {
remoteIP := net.ParseIP(pair.Remote.Address()) remoteIP := net.ParseIP(pair.Remote.Address())
myIp := net.ParseIP(pair.Local.Address()) myIp := net.ParseIP(pair.Local.Address())
remoteIsPublic := isPublicIP(remoteIP)
myIsPublic := isPublicIP(myIp)
if pair.Local.Type() == ice.CandidateTypeHost && pair.Remote.Type() == ice.CandidateTypeHost { if pair.Local.Type() == ice.CandidateTypeHost && pair.Remote.Type() == ice.CandidateTypeHost {
if isPublicIP(remoteIP) || isPublicIP(myIp) { if remoteIsPublic || myIsPublic {
//one of the hosts has a public IP //one of the hosts has a public IP
return false return false
} }
if !isPublicIP(remoteIP) && !isPublicIP(myIp) { if !remoteIsPublic && !myIsPublic {
//both hosts are in the same private network //both hosts are in the same private network
return false return false
} }
} }
if (pair.Local.Type() == ice.CandidateTypeHost && myIsPublic) && pair.Remote.Type() == ice.CandidateTypePeerReflexive {
// same as the case when either host is public but adds additional case when remote is peer reflexive
// remote is peer reflexive and we are public -> no proxy needed
return false
}
return true return true
} }