diff --git a/client/internal/routemanager/common/params.go b/client/internal/routemanager/common/params.go index ed05a08c3..e5875e62e 100644 --- a/client/internal/routemanager/common/params.go +++ b/client/internal/routemanager/common/params.go @@ -24,5 +24,5 @@ type HandlerParams struct { PeerStore *peerstore.Store UseNewDNSRoute bool Firewall manager.Manager - FakeIPManager *fakeip.FakeIPManager + FakeIPManager *fakeip.Manager } diff --git a/client/internal/routemanager/dnsinterceptor/handler.go b/client/internal/routemanager/dnsinterceptor/handler.go index df0a18759..bd44ecb15 100644 --- a/client/internal/routemanager/dnsinterceptor/handler.go +++ b/client/internal/routemanager/dnsinterceptor/handler.go @@ -50,7 +50,7 @@ type DnsInterceptor struct { wgInterface wgInterface peerStore *peerstore.Store firewall firewall.Manager - fakeIPManager *fakeip.FakeIPManager + fakeIPManager *fakeip.Manager } func New(params common.HandlerParams) *DnsInterceptor { @@ -428,7 +428,7 @@ func (d *DnsInterceptor) updateDomainPrefixes(resolvedDomain, originalDomain dom } } - d.removeDNATMappingsForRealIPs(toRemove) + d.removeDNATMappings(toRemove) } // Update domain prefixes using resolved domain as key - store real IPs @@ -449,8 +449,8 @@ func (d *DnsInterceptor) updateDomainPrefixes(resolvedDomain, originalDomain dom return nberrors.FormatErrorOrNil(merr) } -// removeDNATMappingsForRealIPs removes DNAT mappings from the firewall for real IP prefixes -func (d *DnsInterceptor) removeDNATMappingsForRealIPs(realPrefixes []netip.Prefix) { +// removeDNATMappings removes DNAT mappings from the firewall for real IP prefixes +func (d *DnsInterceptor) removeDNATMappings(realPrefixes []netip.Prefix) { if len(realPrefixes) == 0 { return } @@ -501,27 +501,6 @@ func (d *DnsInterceptor) addDNATMappings(mappings map[netip.Addr]netip.Addr) { } } -// removeDNATMappings removes DNAT mappings from the firewall for removed prefixes -func (d *DnsInterceptor) removeDNATMappings(prefixes []netip.Prefix) { - if len(prefixes) == 0 { - return - } - - dnatFirewall, ok := d.internalDnatFw() - if !ok { - return - } - - for _, prefix := range prefixes { - fakeIP := prefix.Addr() - if err := dnatFirewall.RemoveInternalDNATMapping(fakeIP); err != nil { - log.Errorf("Failed to remove DNAT mapping for %s: %v", fakeIP, err) - } else { - log.Debugf("Removed DNAT mapping for: %s", fakeIP) - } - } -} - // cleanupDNATMappings removes all DNAT mappings for this interceptor func (d *DnsInterceptor) cleanupDNATMappings() { if _, ok := d.internalDnatFw(); !ok { @@ -529,7 +508,7 @@ func (d *DnsInterceptor) cleanupDNATMappings() { } for _, prefixes := range d.interceptedDomains { - d.removeDNATMappingsForRealIPs(prefixes) + d.removeDNATMappings(prefixes) } } diff --git a/client/internal/routemanager/fakeip/fakeip.go b/client/internal/routemanager/fakeip/fakeip.go index 14cf3c30c..1592045d2 100644 --- a/client/internal/routemanager/fakeip/fakeip.go +++ b/client/internal/routemanager/fakeip/fakeip.go @@ -6,8 +6,8 @@ import ( "sync" ) -// FakeIPManager manages allocation of fake IPs from the 240.0.0.0/8 block -type FakeIPManager struct { +// Manager manages allocation of fake IPs from the 240.0.0.0/8 block +type Manager struct { mu sync.Mutex nextIP netip.Addr // Next IP to allocate allocated map[netip.Addr]netip.Addr // real IP -> fake IP @@ -17,11 +17,11 @@ type FakeIPManager struct { } // NewManager creates a new fake IP manager using 240.0.0.0/8 block -func NewManager() *FakeIPManager { +func NewManager() *Manager { baseIP := netip.AddrFrom4([4]byte{240, 0, 0, 1}) maxIP := netip.AddrFrom4([4]byte{240, 255, 255, 254}) - return &FakeIPManager{ + return &Manager{ nextIP: baseIP, allocated: make(map[netip.Addr]netip.Addr), fakeToReal: make(map[netip.Addr]netip.Addr), @@ -32,62 +32,62 @@ func NewManager() *FakeIPManager { // AllocateFakeIP allocates a fake IP for the given real IP // Returns the fake IP, or existing fake IP if already allocated -func (f *FakeIPManager) AllocateFakeIP(realIP netip.Addr) (netip.Addr, error) { +func (m *Manager) AllocateFakeIP(realIP netip.Addr) (netip.Addr, error) { if !realIP.Is4() { return netip.Addr{}, fmt.Errorf("only IPv4 addresses supported") } - f.mu.Lock() - defer f.mu.Unlock() + m.mu.Lock() + defer m.mu.Unlock() - if fakeIP, exists := f.allocated[realIP]; exists { + if fakeIP, exists := m.allocated[realIP]; exists { return fakeIP, nil } - startIP := f.nextIP + startIP := m.nextIP for { - currentIP := f.nextIP + currentIP := m.nextIP // Advance to next IP, wrapping at boundary - if f.nextIP.Compare(f.maxIP) >= 0 { - f.nextIP = f.baseIP + if m.nextIP.Compare(m.maxIP) >= 0 { + m.nextIP = m.baseIP } else { - f.nextIP = f.nextIP.Next() + m.nextIP = m.nextIP.Next() } // Check if current IP is available - if _, inUse := f.fakeToReal[currentIP]; !inUse { - f.allocated[realIP] = currentIP - f.fakeToReal[currentIP] = realIP + if _, inUse := m.fakeToReal[currentIP]; !inUse { + m.allocated[realIP] = currentIP + m.fakeToReal[currentIP] = realIP return currentIP, nil } // Prevent infinite loop if all IPs exhausted - if f.nextIP.Compare(startIP) == 0 { + if m.nextIP.Compare(startIP) == 0 { return netip.Addr{}, fmt.Errorf("no more fake IPs available in 240.0.0.0/8 block") } } } // GetFakeIP returns the fake IP for a real IP if it exists -func (f *FakeIPManager) GetFakeIP(realIP netip.Addr) (netip.Addr, bool) { - f.mu.Lock() - defer f.mu.Unlock() +func (m *Manager) GetFakeIP(realIP netip.Addr) (netip.Addr, bool) { + m.mu.Lock() + defer m.mu.Unlock() - fakeIP, exists := f.allocated[realIP] + fakeIP, exists := m.allocated[realIP] return fakeIP, exists } // GetRealIP returns the real IP for a fake IP if it exists, otherwise false -func (f *FakeIPManager) GetRealIP(fakeIP netip.Addr) (netip.Addr, bool) { - f.mu.Lock() - defer f.mu.Unlock() +func (m *Manager) GetRealIP(fakeIP netip.Addr) (netip.Addr, bool) { + m.mu.Lock() + defer m.mu.Unlock() - realIP, exists := f.fakeToReal[fakeIP] + realIP, exists := m.fakeToReal[fakeIP] return realIP, exists } // GetFakeIPBlock returns the fake IP block used by this manager -func (f *FakeIPManager) GetFakeIPBlock() netip.Prefix { +func (m *Manager) GetFakeIPBlock() netip.Prefix { return netip.MustParsePrefix("240.0.0.0/8") } diff --git a/client/internal/routemanager/fakeip/fakeip_test.go b/client/internal/routemanager/fakeip/fakeip_test.go index d391cf2d0..ad3e4bd4e 100644 --- a/client/internal/routemanager/fakeip/fakeip_test.go +++ b/client/internal/routemanager/fakeip/fakeip_test.go @@ -87,8 +87,6 @@ func TestGetFakeIP(t *testing.T) { } } - - func TestMultipleAllocations(t *testing.T) { manager := NewManager() @@ -181,7 +179,7 @@ func TestConcurrentAccess(t *testing.T) { func TestIPExhaustion(t *testing.T) { // Create a manager with limited range for testing - manager := &FakeIPManager{ + manager := &Manager{ nextIP: netip.AddrFrom4([4]byte{240, 0, 0, 1}), allocated: make(map[netip.Addr]netip.Addr), fakeToReal: make(map[netip.Addr]netip.Addr), @@ -212,7 +210,7 @@ func TestIPExhaustion(t *testing.T) { func TestWrapAround(t *testing.T) { // Create manager starting near the end of range - manager := &FakeIPManager{ + manager := &Manager{ nextIP: netip.AddrFrom4([4]byte{240, 0, 0, 254}), allocated: make(map[netip.Addr]netip.Addr), fakeToReal: make(map[netip.Addr]netip.Addr), diff --git a/client/internal/routemanager/manager.go b/client/internal/routemanager/manager.go index 3319f90d0..286a282bc 100644 --- a/client/internal/routemanager/manager.go +++ b/client/internal/routemanager/manager.go @@ -41,10 +41,6 @@ import ( "github.com/netbirdio/netbird/version" ) -type internalDNATer interface { - AddInternalDNATMapping(netip.Addr, netip.Addr) error -} - // Manager is a route manager interface type Manager interface { Init() (nbnet.AddHookFunc, nbnet.RemoveHookFunc, error) @@ -102,7 +98,7 @@ type DefaultManager struct { disableClientRoutes bool disableServerRoutes bool activeRoutes map[route.HAUniqueID]client.RouteHandler - fakeIPManager *fakeip.FakeIPManager + fakeIPManager *fakeip.Manager } func NewManager(config ManagerConfig) *DefaultManager { @@ -546,12 +542,6 @@ func (m *DefaultManager) initialClientRoutes(initialRoutes []*route.Route) []*ro return rs } -// supportsInternalDNAT checks if the firewall supports internal DNAT -func (m *DefaultManager) supportsInternalDNAT(fw firewall.Manager) bool { - _, ok := fw.(internalDNATer) - return ok -} - func isRouteSupported(route *route.Route) bool { if netstack.IsEnabled() || !nbnet.CustomRoutingDisabled() || route.IsDynamic() { return true