2023-10-26 17:53:12 +02:00
|
|
|
package mesh
|
|
|
|
|
|
|
|
import (
|
2023-11-01 12:58:10 +01:00
|
|
|
"fmt"
|
2023-10-26 17:53:12 +02:00
|
|
|
"net"
|
2023-11-22 14:07:33 +01:00
|
|
|
"slices"
|
2023-12-04 18:32:50 +01:00
|
|
|
"strings"
|
2023-11-21 17:42:49 +01:00
|
|
|
"time"
|
2023-10-26 17:53:12 +02:00
|
|
|
|
2023-11-21 17:42:49 +01:00
|
|
|
"github.com/tim-beatham/wgmesh/pkg/conf"
|
2023-11-27 16:56:30 +01:00
|
|
|
"github.com/tim-beatham/wgmesh/pkg/ip"
|
2023-11-21 17:42:49 +01:00
|
|
|
"github.com/tim-beatham/wgmesh/pkg/lib"
|
2023-11-28 15:42:09 +01:00
|
|
|
logging "github.com/tim-beatham/wgmesh/pkg/log"
|
2023-11-21 17:42:49 +01:00
|
|
|
"github.com/tim-beatham/wgmesh/pkg/route"
|
2023-10-26 17:53:12 +02:00
|
|
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
|
|
|
)
|
|
|
|
|
|
|
|
// MeshConfigApplyer abstracts applying the mesh configuration
|
|
|
|
type MeshConfigApplyer interface {
|
|
|
|
ApplyConfig() error
|
2023-11-01 12:58:10 +01:00
|
|
|
RemovePeers(meshId string) error
|
2023-11-06 10:54:06 +01:00
|
|
|
SetMeshManager(manager MeshManager)
|
2023-10-26 17:53:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// WgMeshConfigApplyer applies WireGuard configuration
|
|
|
|
type WgMeshConfigApplyer struct {
|
2023-11-21 17:42:49 +01:00
|
|
|
meshManager MeshManager
|
|
|
|
config *conf.WgMeshConfiguration
|
|
|
|
routeInstaller route.RouteInstaller
|
2023-10-26 17:53:12 +02:00
|
|
|
}
|
|
|
|
|
2023-11-27 16:56:30 +01:00
|
|
|
type routeNode struct {
|
|
|
|
gateway string
|
|
|
|
route Route
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *WgMeshConfigApplyer) convertMeshNode(node MeshNode, device *wgtypes.Device,
|
|
|
|
peerToClients map[string][]net.IPNet,
|
|
|
|
routes map[string][]routeNode) (*wgtypes.PeerConfig, error) {
|
|
|
|
|
2023-10-26 17:53:12 +02:00
|
|
|
endpoint, err := net.ResolveUDPAddr("udp", node.GetWgEndpoint())
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
pubKey, err := node.GetPublicKey()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
allowedips := make([]net.IPNet, 1)
|
|
|
|
allowedips[0] = *node.GetWgHost()
|
|
|
|
|
2023-12-04 18:32:50 +01:00
|
|
|
clients, ok := peerToClients[pubKey.String()]
|
2023-11-21 22:26:31 +01:00
|
|
|
|
|
|
|
if ok {
|
|
|
|
allowedips = append(allowedips, clients...)
|
|
|
|
}
|
|
|
|
|
2023-11-27 16:56:30 +01:00
|
|
|
for _, route := range node.GetRoutes() {
|
|
|
|
bestRoutes := routes[route.GetDestination().String()]
|
2023-11-28 15:42:09 +01:00
|
|
|
var pickedRoute routeNode
|
2023-11-27 16:56:30 +01:00
|
|
|
|
|
|
|
if len(bestRoutes) == 1 {
|
2023-11-28 15:42:09 +01:00
|
|
|
pickedRoute = bestRoutes[0]
|
2023-11-27 16:56:30 +01:00
|
|
|
} else if len(bestRoutes) > 1 {
|
|
|
|
keyFunc := func(mn MeshNode) int {
|
|
|
|
pubKey, _ := mn.GetPublicKey()
|
|
|
|
return lib.HashString(pubKey.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
bucketFunc := func(rn routeNode) int {
|
|
|
|
return lib.HashString(rn.gateway)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Else there is more than one candidate so consistently hash
|
2023-11-28 15:42:09 +01:00
|
|
|
pickedRoute = lib.ConsistentHash(bestRoutes, node, bucketFunc, keyFunc)
|
|
|
|
}
|
2023-11-27 16:56:30 +01:00
|
|
|
|
2023-11-28 15:42:09 +01:00
|
|
|
if pickedRoute.gateway == pubKey.String() {
|
|
|
|
allowedips = append(allowedips, *pickedRoute.route.GetDestination())
|
2023-11-27 16:56:30 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-21 22:26:31 +01:00
|
|
|
keepAlive := time.Duration(m.config.KeepAliveWg) * time.Second
|
2023-11-21 17:42:49 +01:00
|
|
|
|
2023-11-22 14:07:33 +01:00
|
|
|
existing := slices.IndexFunc(device.Peers, func(p wgtypes.Peer) bool {
|
|
|
|
pubKey, _ := node.GetPublicKey()
|
|
|
|
return p.PublicKey.String() == pubKey.String()
|
|
|
|
})
|
|
|
|
|
|
|
|
if existing != -1 {
|
|
|
|
endpoint = device.Peers[existing].Endpoint
|
|
|
|
}
|
|
|
|
|
2023-10-26 17:53:12 +02:00
|
|
|
peerConfig := wgtypes.PeerConfig{
|
2023-11-21 17:42:49 +01:00
|
|
|
PublicKey: pubKey,
|
|
|
|
Endpoint: endpoint,
|
|
|
|
AllowedIPs: allowedips,
|
|
|
|
PersistentKeepaliveInterval: &keepAlive,
|
2023-12-04 18:13:51 +01:00
|
|
|
ReplaceAllowedIPs: true,
|
2023-10-26 17:53:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return &peerConfig, nil
|
|
|
|
}
|
|
|
|
|
2023-11-27 16:56:30 +01:00
|
|
|
// getRoutes: finds the routes with the least hop distance. If more than one route exists
|
|
|
|
// consistently hash to evenly spread the distribution of traffic
|
2023-11-27 19:55:41 +01:00
|
|
|
func (m *WgMeshConfigApplyer) getRoutes(meshProvider MeshProvider) map[string][]routeNode {
|
|
|
|
mesh, _ := meshProvider.GetMesh()
|
|
|
|
|
2023-11-27 16:56:30 +01:00
|
|
|
routes := make(map[string][]routeNode)
|
|
|
|
|
2023-11-27 19:55:41 +01:00
|
|
|
meshPrefixes := lib.Map(lib.MapValues(m.meshManager.GetMeshes()), func(mesh MeshProvider) *net.IPNet {
|
|
|
|
ula := &ip.ULABuilder{}
|
|
|
|
ipNet, _ := ula.GetIPNet(mesh.GetMeshId())
|
|
|
|
return ipNet
|
|
|
|
})
|
|
|
|
|
2023-11-27 16:56:30 +01:00
|
|
|
for _, node := range mesh.GetNodes() {
|
2023-11-27 19:55:41 +01:00
|
|
|
pubKey, _ := node.GetPublicKey()
|
|
|
|
|
2023-11-28 15:42:09 +01:00
|
|
|
for _, route := range node.GetRoutes() {
|
2023-11-27 19:55:41 +01:00
|
|
|
if lib.Contains(meshPrefixes, func(prefix *net.IPNet) bool {
|
2023-12-08 21:02:57 +01:00
|
|
|
v6Default, _, _ := net.ParseCIDR("::/0")
|
|
|
|
v4Default, _, _ := net.ParseCIDR("0.0.0.0/0")
|
2023-12-08 12:49:24 +01:00
|
|
|
|
2023-12-08 21:02:57 +01:00
|
|
|
if (prefix.IP.Equal(v6Default) || prefix.IP.Equal(v4Default)) && m.config.AdvertiseDefaultRoute {
|
2023-12-08 12:49:24 +01:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2023-11-27 19:55:41 +01:00
|
|
|
return prefix.Contains(route.GetDestination().IP)
|
|
|
|
}) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2023-11-27 16:56:30 +01:00
|
|
|
destination := route.GetDestination().String()
|
|
|
|
otherRoute, ok := routes[destination]
|
|
|
|
|
|
|
|
rn := routeNode{
|
|
|
|
gateway: pubKey.String(),
|
|
|
|
route: route,
|
|
|
|
}
|
|
|
|
|
|
|
|
if !ok {
|
|
|
|
otherRoute = make([]routeNode, 1)
|
|
|
|
otherRoute[0] = rn
|
|
|
|
routes[destination] = otherRoute
|
2023-11-27 19:55:41 +01:00
|
|
|
} else if route.GetHopCount() < otherRoute[0].route.GetHopCount() {
|
2023-11-27 16:56:30 +01:00
|
|
|
otherRoute[0] = rn
|
|
|
|
} else if otherRoute[0].route.GetHopCount() == route.GetHopCount() {
|
2023-11-28 15:42:09 +01:00
|
|
|
logging.Log.WriteInfof("Other Route Hop: %d", otherRoute[0].route.GetHopCount())
|
|
|
|
logging.Log.WriteInfof("Route gateway %s, route hop %d", rn.gateway, route.GetHopCount())
|
2023-11-27 16:56:30 +01:00
|
|
|
routes[destination] = append(otherRoute, rn)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return routes
|
|
|
|
}
|
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
// getCorrespondignPeer: gets the peer corresponding to the client
|
|
|
|
func (m *WgMeshConfigApplyer) getCorrespondingPeer(peers []MeshNode, client MeshNode) MeshNode {
|
|
|
|
hashFunc := func(mn MeshNode) int {
|
|
|
|
pubKey, _ := mn.GetPublicKey()
|
|
|
|
return lib.HashString(pubKey.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
peer := lib.ConsistentHash(peers, client, hashFunc, hashFunc)
|
|
|
|
return peer
|
|
|
|
}
|
|
|
|
|
2023-12-08 21:02:57 +01:00
|
|
|
func (m *WgMeshConfigApplyer) getClientConfig(mesh MeshProvider, peers []MeshNode, clients []MeshNode, dev *wgtypes.Device) (*wgtypes.Config, error) {
|
2023-12-05 03:00:16 +01:00
|
|
|
self, err := m.meshManager.GetSelf(mesh.GetMeshId())
|
2023-12-08 21:02:57 +01:00
|
|
|
ula := &ip.ULABuilder{}
|
|
|
|
meshNet, _ := ula.GetIPNet(mesh.GetMeshId())
|
|
|
|
|
2023-12-08 12:49:24 +01:00
|
|
|
routes := lib.Map(lib.MapKeys(m.getRoutes(mesh)), func(destination string) net.IPNet {
|
|
|
|
_, ipNet, _ := net.ParseCIDR(destination)
|
|
|
|
return *ipNet
|
|
|
|
})
|
2023-12-08 21:02:57 +01:00
|
|
|
routes = append(routes, *meshNet)
|
2023-10-26 17:53:12 +02:00
|
|
|
|
|
|
|
if err != nil {
|
2023-12-05 03:00:16 +01:00
|
|
|
return nil, err
|
2023-10-26 17:53:12 +02:00
|
|
|
}
|
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
peer := m.getCorrespondingPeer(peers, self)
|
2023-12-04 18:32:50 +01:00
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
pubKey, _ := peer.GetPublicKey()
|
2023-12-04 18:32:50 +01:00
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
keepAlive := time.Duration(m.config.KeepAliveWg) * time.Second
|
|
|
|
endpoint, err := net.ResolveUDPAddr("udp", peer.GetWgEndpoint())
|
2023-10-26 17:53:12 +02:00
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2023-11-21 17:42:49 +01:00
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
peerCfgs := make([]wgtypes.PeerConfig, 1)
|
2023-10-26 17:53:12 +02:00
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
peerCfgs[0] = wgtypes.PeerConfig{
|
|
|
|
PublicKey: pubKey,
|
|
|
|
Endpoint: endpoint,
|
|
|
|
PersistentKeepaliveInterval: &keepAlive,
|
2023-12-08 12:49:24 +01:00
|
|
|
AllowedIPs: routes,
|
2023-12-05 03:00:16 +01:00
|
|
|
}
|
2023-11-21 17:42:49 +01:00
|
|
|
|
2023-12-08 21:02:57 +01:00
|
|
|
installedRoutes := make([]lib.Route, 0)
|
|
|
|
|
|
|
|
for _, route := range peerCfgs[0].AllowedIPs {
|
|
|
|
installedRoutes = append(installedRoutes, lib.Route{
|
|
|
|
Gateway: peer.GetWgHost().IP,
|
|
|
|
Destination: route,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
cfg := wgtypes.Config{
|
|
|
|
Peers: peerCfgs,
|
2023-11-21 17:42:49 +01:00
|
|
|
}
|
|
|
|
|
2023-12-08 21:02:57 +01:00
|
|
|
m.routeInstaller.InstallRoutes(dev.Name, installedRoutes...)
|
2023-12-05 03:00:16 +01:00
|
|
|
return &cfg, err
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *WgMeshConfigApplyer) getPeerConfig(mesh MeshProvider, peers []MeshNode, clients []MeshNode, dev *wgtypes.Device) (*wgtypes.Config, error) {
|
2023-11-21 22:26:31 +01:00
|
|
|
peerToClients := make(map[string][]net.IPNet)
|
2023-11-27 19:55:41 +01:00
|
|
|
routes := m.getRoutes(mesh)
|
2023-11-27 16:56:30 +01:00
|
|
|
installedRoutes := make([]lib.Route, 0)
|
2023-12-05 03:00:16 +01:00
|
|
|
peerConfigs := make([]wgtypes.PeerConfig, 0)
|
|
|
|
self, err := m.meshManager.GetSelf(mesh.GetMeshId())
|
2023-11-25 04:15:58 +01:00
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2023-12-04 17:40:15 +01:00
|
|
|
|
2023-12-04 18:32:50 +01:00
|
|
|
for _, n := range clients {
|
2023-12-05 03:00:16 +01:00
|
|
|
if len(peers) > 0 {
|
|
|
|
peer := m.getCorrespondingPeer(peers, n)
|
2023-12-04 18:32:50 +01:00
|
|
|
pubKey, _ := peer.GetPublicKey()
|
|
|
|
clients, ok := peerToClients[pubKey.String()]
|
2023-11-21 17:42:49 +01:00
|
|
|
|
2023-11-21 22:26:31 +01:00
|
|
|
if !ok {
|
|
|
|
clients = make([]net.IPNet, 0)
|
2023-12-04 18:32:50 +01:00
|
|
|
peerToClients[pubKey.String()] = clients
|
2023-11-21 17:42:49 +01:00
|
|
|
}
|
2023-11-21 22:26:31 +01:00
|
|
|
|
2023-12-04 18:32:50 +01:00
|
|
|
peerToClients[pubKey.String()] = append(clients, *n.GetWgHost())
|
2023-12-05 03:00:16 +01:00
|
|
|
|
|
|
|
if NodeEquals(self, peer) {
|
|
|
|
cfg, err := m.convertMeshNode(n, dev, peerToClients, routes)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
peerConfigs = append(peerConfigs, *cfg)
|
|
|
|
}
|
2023-11-21 17:42:49 +01:00
|
|
|
}
|
2023-12-04 18:32:50 +01:00
|
|
|
}
|
2023-11-21 17:42:49 +01:00
|
|
|
|
2023-12-04 18:32:50 +01:00
|
|
|
for _, n := range peers {
|
2023-12-04 18:40:24 +01:00
|
|
|
if NodeEquals(n, self) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2023-11-27 16:56:30 +01:00
|
|
|
peer, err := m.convertMeshNode(n, dev, peerToClients, routes)
|
2023-10-26 17:53:12 +02:00
|
|
|
|
|
|
|
if err != nil {
|
2023-12-05 03:00:16 +01:00
|
|
|
return nil, err
|
2023-10-26 17:53:12 +02:00
|
|
|
}
|
|
|
|
|
2023-11-27 16:56:30 +01:00
|
|
|
for _, route := range peer.AllowedIPs {
|
|
|
|
ula := &ip.ULABuilder{}
|
|
|
|
ipNet, _ := ula.GetIPNet(mesh.GetMeshId())
|
|
|
|
|
2023-12-08 21:02:57 +01:00
|
|
|
_, defaultRoute, _ := net.ParseCIDR("::/0")
|
|
|
|
|
|
|
|
if !ipNet.Contains(route.IP) && !ipNet.IP.Equal(defaultRoute.IP) {
|
2023-11-27 16:56:30 +01:00
|
|
|
installedRoutes = append(installedRoutes, lib.Route{
|
|
|
|
Gateway: n.GetWgHost().IP,
|
|
|
|
Destination: route,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
peerConfigs = append(peerConfigs, *peer)
|
2023-10-26 17:53:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
cfg := wgtypes.Config{
|
2023-12-05 03:00:16 +01:00
|
|
|
Peers: peerConfigs,
|
|
|
|
ReplacePeers: true,
|
|
|
|
}
|
|
|
|
|
|
|
|
err = m.routeInstaller.InstallRoutes(dev.Name, installedRoutes...)
|
|
|
|
return &cfg, err
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *WgMeshConfigApplyer) updateWgConf(mesh MeshProvider) error {
|
|
|
|
snap, err := mesh.GetMesh()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
nodes := lib.MapValues(snap.GetNodes())
|
|
|
|
dev, _ := mesh.GetDevice()
|
|
|
|
|
|
|
|
slices.SortFunc(nodes, func(a, b MeshNode) int {
|
|
|
|
return strings.Compare(string(a.GetType()), string(b.GetType()))
|
|
|
|
})
|
|
|
|
|
|
|
|
peers := lib.Filter(nodes, func(mn MeshNode) bool {
|
|
|
|
return mn.GetType() == conf.PEER_ROLE
|
|
|
|
})
|
|
|
|
|
|
|
|
clients := lib.Filter(nodes, func(mn MeshNode) bool {
|
|
|
|
return mn.GetType() == conf.CLIENT_ROLE
|
|
|
|
})
|
|
|
|
|
|
|
|
self, err := m.meshManager.GetSelf(mesh.GetMeshId())
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
var cfg *wgtypes.Config = nil
|
|
|
|
|
|
|
|
switch self.GetType() {
|
|
|
|
case conf.PEER_ROLE:
|
|
|
|
cfg, err = m.getPeerConfig(mesh, peers, clients, dev)
|
|
|
|
case conf.CLIENT_ROLE:
|
2023-12-08 21:02:57 +01:00
|
|
|
cfg, err = m.getClientConfig(mesh, peers, clients, dev)
|
2023-12-05 03:00:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2023-10-26 17:53:12 +02:00
|
|
|
}
|
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
err = m.meshManager.GetClient().ConfigureDevice(dev.Name, *cfg)
|
2023-11-25 04:15:58 +01:00
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-12-05 03:00:16 +01:00
|
|
|
return nil
|
2023-10-26 17:53:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (m *WgMeshConfigApplyer) ApplyConfig() error {
|
2023-11-05 19:03:58 +01:00
|
|
|
for _, mesh := range m.meshManager.GetMeshes() {
|
2023-10-26 17:53:12 +02:00
|
|
|
err := m.updateWgConf(mesh)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-11-01 12:58:10 +01:00
|
|
|
func (m *WgMeshConfigApplyer) RemovePeers(meshId string) error {
|
|
|
|
mesh := m.meshManager.GetMesh(meshId)
|
|
|
|
|
|
|
|
if mesh == nil {
|
2023-11-06 10:54:06 +01:00
|
|
|
return fmt.Errorf("mesh %s does not exist", meshId)
|
2023-11-01 12:58:10 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
dev, err := mesh.GetDevice()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-11-05 19:03:58 +01:00
|
|
|
m.meshManager.GetClient().ConfigureDevice(dev.Name, wgtypes.Config{
|
2023-12-05 03:00:16 +01:00
|
|
|
Peers: make([]wgtypes.PeerConfig, 0),
|
|
|
|
ReplacePeers: true,
|
2023-11-01 12:58:10 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-11-06 10:54:06 +01:00
|
|
|
func (m *WgMeshConfigApplyer) SetMeshManager(manager MeshManager) {
|
|
|
|
m.meshManager = manager
|
|
|
|
}
|
|
|
|
|
2023-11-21 17:42:49 +01:00
|
|
|
func NewWgMeshConfigApplyer(config *conf.WgMeshConfiguration) MeshConfigApplyer {
|
|
|
|
return &WgMeshConfigApplyer{
|
|
|
|
config: config,
|
|
|
|
routeInstaller: route.NewRouteInstaller(),
|
|
|
|
}
|
2023-10-26 17:53:12 +02:00
|
|
|
}
|