extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-26 05:56:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Instead of nil address remove and add back the peer

Browse Source
This commit is contained in:
Zoltan Papp
2025-07-28 14:49:44 +02:00
parent 75bbabf91d
commit a2eb33549e
2 changed files with 66 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
client/iface/configurer/kernel_unix.go
View File

@@ -78,18 +78,36 @@ func (c *KernelConfigurer) RemoveEndpointAddress(peerKey string) error {
if err != nil { if err != nil {
return err return err
} }
peer := wgtypes.PeerConfig{
// Get the existing peer to preserve its allowed IPs
existingPeer, err := c.getPeer(c.deviceName, peerKey)
if err != nil {
return fmt.Errorf("get peer: %w", err)
}
removePeerCfg := wgtypes.PeerConfig{
PublicKey: peerKeyParsed, PublicKey: peerKeyParsed,
Endpoint: nil, Remove: true,
} }
config := wgtypes.Config{ if err := c.configure(wgtypes.Config{Peers: []wgtypes.PeerConfig{removePeerCfg}}); err != nil {
Peers: []wgtypes.PeerConfig{peer}, return fmt.Errorf(`error removing peer %s from interface %s: %w`, peerKey, c.deviceName, err)
} }
if err := c.configure(config); err != nil { //Re-add the peer without the endpoint but same AllowedIPs
return fmt.Errorf("failed to remove endpoint address: %w", err) reAddPeerCfg := wgtypes.PeerConfig{
PublicKey: peerKeyParsed,
AllowedIPs: existingPeer.AllowedIPs,
ReplaceAllowedIPs: true,
} }
if err := c.configure(wgtypes.Config{Peers: []wgtypes.PeerConfig{reAddPeerCfg}}); err != nil {
return fmt.Errorf(
`error re-adding peer %s to interface %s with allowed IPs %v: %w`,
peerKey, c.deviceName, existingPeer.AllowedIPs, err,
)
}
return nil return nil
} }

45
client/iface/configurer/usp.go
View File

@@ -109,20 +109,59 @@ func (c *WGUSPConfigurer) UpdatePeer(peerKey string, allowedIps []netip.Prefix,
func (c *WGUSPConfigurer) RemoveEndpointAddress(peerKey string) error { func (c *WGUSPConfigurer) RemoveEndpointAddress(peerKey string) error {
peerKeyParsed, err := wgtypes.ParseKey(peerKey) peerKeyParsed, err := wgtypes.ParseKey(peerKey)
if err != nil { if err != nil {
return err return fmt.Errorf("parse peer key: %w", err)
} }
ipcStr, err := c.device.IpcGet()
if err != nil {
return fmt.Errorf("get IPC config: %w", err)
}
// Parse current status to get allowed IPs for the peer
stats, err := parseStatus(c.deviceName, ipcStr)
if err != nil {
return fmt.Errorf("parse IPC config: %w", err)
}
var allowedIPs []net.IPNet
found := false
for _, peer := range stats.Peers {
if peer.PublicKey == peerKey {
allowedIPs = peer.AllowedIPs
found = true
break
}
}
if !found {
return fmt.Errorf("peer %s not found", peerKey)
}
// remove the peer from the WireGuard configuration
peer := wgtypes.PeerConfig{ peer := wgtypes.PeerConfig{
PublicKey: peerKeyParsed, PublicKey: peerKeyParsed,
Endpoint: nil, Remove: true,
} }
config := wgtypes.Config{ config := wgtypes.Config{
Peers: []wgtypes.PeerConfig{peer}, Peers: []wgtypes.PeerConfig{peer},
} }
if ipcErr := c.device.IpcSet(toWgUserspaceString(config)); ipcErr != nil {
return fmt.Errorf("failed to remove peer: %s", ipcErr)
}
// Build the peer config
peer = wgtypes.PeerConfig{
PublicKey: peerKeyParsed,
ReplaceAllowedIPs: true,
AllowedIPs: allowedIPs,
}
config = wgtypes.Config{
Peers: []wgtypes.PeerConfig{peer},
}
if err := c.device.IpcSet(toWgUserspaceString(config)); err != nil { if err := c.device.IpcSet(toWgUserspaceString(config)); err != nil {
return fmt.Errorf("failed to remove endpoint address: %w", err) return fmt.Errorf("remove endpoint address: %w", err)
} }
return nil return nil