[management, client] Add access control support to network routes (#2100)

2025-08-17 02:21:47 +02:00 · 2024-10-02 14:41:00 +03:00
parent a3a479429e
commit ff7863785f
48 changed files with 4683 additions and 2444 deletions
--- a/client/internal/routemanager/server_nonandroid.go
+++ b/client/internal/routemanager/server_nonandroid.go
@ -94,7 +94,7 @@ func (m *defaultServerRouter) removeFromServerNetwork(route *route.Route) error
 			return fmt.Errorf("parse prefix: %w", err)
 		}

-		err = m.firewall.RemoveRoutingRules(routerPair)
+		err = m.firewall.RemoveNatRule(routerPair)
 		if err != nil {
 			return fmt.Errorf("remove routing rules: %w", err)
 		}
@ -123,7 +123,7 @@ func (m *defaultServerRouter) addToServerNetwork(route *route.Route) error {
 			return fmt.Errorf("parse prefix: %w", err)
 		}

-		err = m.firewall.InsertRoutingRules(routerPair)
+		err = m.firewall.AddNatRule(routerPair)
 		if err != nil {
 			return fmt.Errorf("insert routing rules: %w", err)
 		}
@ -157,7 +157,7 @@ func (m *defaultServerRouter) cleanUp() {
 			continue
 		}

-		err = m.firewall.RemoveRoutingRules(routerPair)
+		err = m.firewall.RemoveNatRule(routerPair)
 		if err != nil {
 			log.Errorf("Failed to remove cleanup route: %v", err)
 		}
@ -173,15 +173,15 @@ func routeToRouterPair(route *route.Route) (firewall.RouterPair, error) {
 	// TODO: add ipv6
 	source := getDefaultPrefix(route.Network)

-	destination := route.Network.Masked().String()
+	destination := route.Network.Masked()
 	if route.IsDynamic() {
-		// TODO: add ipv6
-		destination = "0.0.0.0/0"
+		// TODO: add ipv6 additionally
+		destination = getDefaultPrefix(destination)
 	}

 	return firewall.RouterPair{
-		ID:          string(route.ID),
-		Source:      source.String(),
+		ID:          route.ID,
+		Source:      source,
 		Destination: destination,
 		Masquerade:  route.Masquerade,
 	}, nil