extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-06-20 17:58:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

test: fix peer reflexive connectivity (#116)

Browse Source
This commit is contained in:
Mikhail Bragin 2021-09-09 10:45:04 +02:00 committed by GitHub
parent ec759bc461
commit 13288374f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
client/internal/connection.go
View File

@ -188,11 +188,19 @@ func (conn *Connection) Open(timeout time.Duration) error {
}
// in case the remote peer is in the local network or one of the peers has public static IP -> no need for a Wireguard proxy, direct communication is possible.
if !useProxy(pair) {
log.Debugf("it is possible to establish a direct connection (without proxy) to peer %s - my addr: %s, remote addr: %s", conn.Config.RemoteWgKey.String(), pair.Local.Address(), pair.Remote.Address())
err = conn.wgProxy.StartLocal(fmt.Sprintf("%s:%d", pair.Remote.Address(), iface.WgPort))
log.Debugf("it is possible to establish a direct connection (without proxy) to peer %s - my addr: %s, remote addr: %s", conn.Config.RemoteWgKey.String(), pair.Local, pair.Remote)
var endpoint string
if isPublicIP(net.ParseIP(pair.Local.Address())) {
//skip endpoint because we are public - it will be discovered by Wireguard automatically
endpoint = ""
} else {
endpoint = fmt.Sprintf("%s:%d", pair.Remote.Address(), iface.WgPort)
}
err = conn.wgProxy.StartLocal(endpoint)
if err != nil {
return err
}
} else {
log.Infof("establishing secure tunnel to peer %s via selected candidate pair %s", conn.Config.RemoteWgKey.String(), pair)
err = conn.wgProxy.Start(remoteConn)
@ -239,23 +247,31 @@ func isPublicIP(ip net.IP) bool {
}
//useProxy determines whether a direct connection (without a go proxy) is possible
//There are 2 cases: one of the peers has a public IP or both peers are in teh same private network.
//There are 3 cases: one of the peers has a public IP or both peers are in the same private network
//Please note, that this check happens when peers were already able to ping each other with ICE layer.
func useProxy(pair *ice.CandidatePair) bool {
remoteIP := net.ParseIP(pair.Remote.Address())
myIp := net.ParseIP(pair.Local.Address())
remoteIsPublic := isPublicIP(remoteIP)
myIsPublic := isPublicIP(myIp)
if pair.Local.Type() == ice.CandidateTypeHost && pair.Remote.Type() == ice.CandidateTypeHost {
if isPublicIP(remoteIP) || isPublicIP(myIp) {
if remoteIsPublic || myIsPublic {
//one of the hosts has a public IP
return false
}
if !isPublicIP(remoteIP) && !isPublicIP(myIp) {
if !remoteIsPublic && !myIsPublic {
//both hosts are in the same private network
return false
}
}
if (pair.Local.Type() == ice.CandidateTypeHost && myIsPublic) && pair.Remote.Type() == ice.CandidateTypePeerReflexive {
// same as the case when either host is public but adds additional case when remote is peer reflexive
// remote is peer reflexive and we are public -> no proxy needed
return false
}
return true
}