mirror of
https://github.com/netbirdio/netbird.git
synced 2024-11-22 16:13:31 +01:00
1a8c03bef0
* created InitializePeer and ClosePeerConnection functions * feature: simplify peer stopping * chore: remove unused code * feature: basic management service implementation (#44) * feat: basic management service implementation [FAILING TESTS] * test: fix healthcheck test * test: #39 add peer registration endpoint test * feat: #39 add setup key handling * feat: #39 add peer management store persistence * refactor: extract config read/write to the utility package * refactor: move file contents copy to the utility package * refactor: use Accounts instead of Users in the Store * feature: add management server Docker file * refactor: introduce datadir instead of config * chore: use filepath.Join to concat filepaths instead of string concat * refactor: move stop channel to the root * refactor: move stop channel to the root * review: fix PR review notes Co-authored-by: braginini <hello@wiretrustee.com> * Handle read config file errors * feature: add letsencrypt support to the management service * fix: lint warnings * chore: change default datadir * refactor: set default flags in code not Dockerfile * chore: remove unused code * Added RemovePeer and centralized configureDevice code * remove peer from the wg interface when closing proxy * remove config file * add iface tests * fix tests, validate if file exists before removing it * removed unused functions UpdateListenPort and ConfigureWithKeyGen * Ensure we don't wait for timeout when closing * Rename ClosePeerConnection to RemovePeerConnection * Avoid returning on uapi Accept failures * Added engine tests * Remove extra add address code * Adding iface.Close * Ensure Close the interface and disable parallel test execution * check err var when listing interfaces * chore: add synchronisation to peer management * chore: add connection status to track peer connection * refactor: remove unused code Co-authored-by: braginini <hello@wiretrustee.com> Co-authored-by: Mikhail Bragin <bangvalo@gmail.com>
133 lines
3.1 KiB
Go
133 lines
3.1 KiB
Go
package connection
|
|
|
|
import (
|
|
ice "github.com/pion/ice/v2"
|
|
log "github.com/sirupsen/logrus"
|
|
"github.com/wiretrustee/wiretrustee/iface"
|
|
"net"
|
|
)
|
|
|
|
// WgProxy an instance of an instance of the Connection Wireguard Proxy
|
|
type WgProxy struct {
|
|
iface string
|
|
remoteKey string
|
|
allowedIps string
|
|
wgAddr string
|
|
close chan struct{}
|
|
wgConn net.Conn
|
|
}
|
|
|
|
// NewWgProxy creates a new Connection Wireguard Proxy
|
|
func NewWgProxy(iface string, remoteKey string, allowedIps string, wgAddr string) *WgProxy {
|
|
return &WgProxy{
|
|
iface: iface,
|
|
remoteKey: remoteKey,
|
|
allowedIps: allowedIps,
|
|
wgAddr: wgAddr,
|
|
close: make(chan struct{}),
|
|
}
|
|
}
|
|
|
|
// Close closes the proxy
|
|
func (p *WgProxy) Close() error {
|
|
|
|
close(p.close)
|
|
if c := p.wgConn; c != nil {
|
|
err := p.wgConn.Close()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
err := iface.RemovePeer(p.iface, p.remoteKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// StartLocal configure the interface with a peer using a direct IP:Port endpoint to the remote host
|
|
func (p *WgProxy) StartLocal(host string) error {
|
|
err := iface.UpdatePeer(p.iface, p.remoteKey, p.allowedIps, DefaultWgKeepAlive, host)
|
|
if err != nil {
|
|
log.Errorf("error while configuring Wireguard peer [%s] %s", p.remoteKey, err.Error())
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Start starts a new proxy using the ICE connection
|
|
func (p *WgProxy) Start(remoteConn *ice.Conn) error {
|
|
|
|
wgConn, err := net.Dial("udp", p.wgAddr)
|
|
if err != nil {
|
|
log.Fatalf("failed dialing to local Wireguard port %s", err)
|
|
return err
|
|
}
|
|
p.wgConn = wgConn
|
|
// add local proxy connection as a Wireguard peer
|
|
err = iface.UpdatePeer(p.iface, p.remoteKey, p.allowedIps, DefaultWgKeepAlive,
|
|
wgConn.LocalAddr().String())
|
|
if err != nil {
|
|
log.Errorf("error while configuring Wireguard peer [%s] %s", p.remoteKey, err.Error())
|
|
return err
|
|
}
|
|
|
|
go func() { p.proxyToRemotePeer(remoteConn) }()
|
|
go func() { p.proxyToLocalWireguard(remoteConn) }()
|
|
|
|
return err
|
|
}
|
|
|
|
// proxyToRemotePeer proxies everything from Wireguard to the remote peer
|
|
// blocks
|
|
func (p *WgProxy) proxyToRemotePeer(remoteConn *ice.Conn) {
|
|
|
|
buf := make([]byte, 1500)
|
|
for {
|
|
select {
|
|
case <-p.close:
|
|
log.Infof("stopped proxying from remote peer %s due to closed connection", p.remoteKey)
|
|
return
|
|
default:
|
|
n, err := p.wgConn.Read(buf)
|
|
if err != nil {
|
|
//log.Warnln("failed reading from peer: ", err.Error())
|
|
continue
|
|
}
|
|
|
|
_, err = remoteConn.Write(buf[:n])
|
|
if err != nil {
|
|
//log.Warnln("failed writing to remote peer: ", err.Error())
|
|
continue
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// proxyToLocalWireguard proxies everything from the remote peer to local Wireguard
|
|
// blocks
|
|
func (p *WgProxy) proxyToLocalWireguard(remoteConn *ice.Conn) {
|
|
|
|
buf := make([]byte, 1500)
|
|
for {
|
|
select {
|
|
case <-p.close:
|
|
log.Infof("stopped proxying from remote peer %s due to closed connection", p.remoteKey)
|
|
return
|
|
default:
|
|
n, err := remoteConn.Read(buf)
|
|
if err != nil {
|
|
//log.Errorf("failed reading from remote connection %s", err)
|
|
continue
|
|
}
|
|
|
|
_, err = p.wgConn.Write(buf[:n])
|
|
if err != nil {
|
|
//log.Errorf("failed writing to local Wireguard instance %s", err)
|
|
continue
|
|
}
|
|
}
|
|
}
|
|
}
|