From 5757d81a81521be5aa4ca2e82c6bb7e8dc4003fe Mon Sep 17 00:00:00 2001 From: Tim Beatham Date: Fri, 27 Oct 2023 17:49:18 +0100 Subject: [PATCH] Advertising routes into the mesh --- cert/cacert.pem | 21 +++++ cert/caprivate.pem | 28 +++++++ cert/cert.pem | 36 ++++----- cert/key.pem | 28 ------- cert/priv.pem | 28 +++++++ cmd/wgmeshd/configuration.yaml | 5 +- pkg/automerge/automerge.go | 85 +++----------------- pkg/conf/conf.go | 1 + pkg/conn/connectionmanager.go | 22 +++++ pkg/ctrlserver/ctrlserver.go | 1 + pkg/graph/graph.go | 23 ++++-- pkg/mesh/{graphgenerator.go => meshgraph.go} | 22 ++++- pkg/mesh/meshmanager.go | 6 +- pkg/mesh/routemanager.go | 65 +++++---------- pkg/mesh/types.go | 2 + pkg/robin/requester.go | 9 ++- 16 files changed, 199 insertions(+), 183 deletions(-) create mode 100644 cert/cacert.pem create mode 100644 cert/caprivate.pem delete mode 100644 cert/key.pem create mode 100644 cert/priv.pem rename pkg/mesh/{graphgenerator.go => meshgraph.go} (63%) diff --git a/cert/cacert.pem b/cert/cacert.pem new file mode 100644 index 0000000..0f2fece --- /dev/null +++ b/cert/cacert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDazCCAlOgAwIBAgIUDRIRI8UnHU2a4znsun0gxFwlrFQwDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzEwMjcxNTIzMDZaFw0yNDEw +MjYxNTIzMDZaMEUxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDJ5hOmzilimA/zM5hYP7CQf4iRmICtSbVLgt6/rTDP +p3JsGGQWZ4pZNofzGnGa7aEMoXS2Ztl7GzZbr1p4+rd6MBbVt8XZ/hP+X4zasCXi +/YubG0TYyBuAt+JrcYb0cbsTBkMXXnFcNIXDfeYFsNq+pfyJwq2ElMUUZ6SQmVhH +ovn1Wk9Fv4t2GJMhmUcObrSIoYdgo4Vf9CfQnn0PCaRf+RjspY/Kz33oyqDI6xJx +I0rfJR7f9B6ZKosfAkt4oTTfT9P8w/d1I95oBENhDkalgkdJCuNJ/AwKGxZrYf/P +aefcc91HheauObjBYPFrSn6bUj3LMJEfj4IeBK+fOZCfAgMBAAGjUzBRMB0GA1Ud +DgQWBBSpcF7jtpd9n73VM3xhPmI1GMEkFjAfBgNVHSMEGDAWgBSpcF7jtpd9n73V +M3xhPmI1GMEkFjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCK +GplAveP9nVo9zmg+/mkDpyVoo5rp64oJh4DFtm6X+EI31FmH6Cb71Kn2ZzXhQvSq +qrP7+VoGeBDxk4guJtAs/fhnuDupJG2SjsctjiFnDbSrJjWJjGhC0kuL0wcjLU5G +qUpCEJu13GkDlYHKKw0z+oLUOw+OHmvE5/sD23sKl2KxBWKItx0hwSCkGtm0RQld +8mfjOsHqJ2V/FOcHK6X2DSV1728PAhu4l/PRSB0drBA+7kdeCuWIRZw5RA/OyxvU +CuC5dfUh75MrK7KL6sZsXklsoXo8BZp4rRRUt/v1D3r/SMBJPULSGXh6QDjXQX1D +km71c3DEDyKznHTpGxPt +-----END CERTIFICATE----- diff --git a/cert/caprivate.pem b/cert/caprivate.pem new file mode 100644 index 0000000..353b1f5 --- /dev/null +++ b/cert/caprivate.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ5hOmzilimA/z +M5hYP7CQf4iRmICtSbVLgt6/rTDPp3JsGGQWZ4pZNofzGnGa7aEMoXS2Ztl7GzZb +r1p4+rd6MBbVt8XZ/hP+X4zasCXi/YubG0TYyBuAt+JrcYb0cbsTBkMXXnFcNIXD +feYFsNq+pfyJwq2ElMUUZ6SQmVhHovn1Wk9Fv4t2GJMhmUcObrSIoYdgo4Vf9CfQ +nn0PCaRf+RjspY/Kz33oyqDI6xJxI0rfJR7f9B6ZKosfAkt4oTTfT9P8w/d1I95o +BENhDkalgkdJCuNJ/AwKGxZrYf/Paefcc91HheauObjBYPFrSn6bUj3LMJEfj4Ie +BK+fOZCfAgMBAAECggEADqAjoUxC9Dj2wtPkf9QRSs5qSr3E6Iiz4OX4k+MMa6aC +I/F6YqMagw7vtz0dqK75ISybA1GdBI16mRaxU5056FiOdunqo7mDokQytG7ZN8HN +OK23hYqtb1wiw0zEjXWlqyGjf5BgXuERJZG7tYLTvcbRbftTzYxnYGyHn8/z9LBp +GsTJ5X8XMLM5+bTvg1Ovv5s0q31FCeqAuw+auHH4pBNP+ylV6dF5XOWq4HO3TJ2b +grHxWB94JZChZnDC/K+HxQ6aHJfbZ5XCoXfIaIVkoXfnyPzgjvgK+/IpHEF8f/3I +uT/NBiArTpRl29pX5flEO4R121VaW93eM1tuzL32VQKBgQD6Trctx9SYuhzgfiO7 +kdefvR43Kl9SFyEw3hN3HW1cxSNGCCFotjmdem+QdtMBtUd27UJ9tuiKJC0lcCER +t3WRz4kVd/cb0eC1DPzpGHA81o1rUUR3nMr1o7aBfvQ06VAxFUrFAOPpF8nD7tI4 +0CiOh7/sL1ElThA3bOPUpXkYHQKBgQDOfYbP8dppIkC8pRTnHWe0qUY0G4YXxg7r +UtTo4GYOLJeKH/MKoK8MjBDS5VN5n5TAHJ8yUVzhpWXZIPIGzNEhIRDMa56sRPgI +9mLJNs5z/ZIxd/7ZQbDHrD4T3PKeTjzVUtjXrhLowokPlPB/RMQL6ZT+qMao+3bS +fDITSfLG6wKBgBpbcZSDh1JxvpqxDagxqkfqzSS39IObZeZUbC5NzfdH1vgH4SS6 +k4SOoPLQYFW8tgLC5w5/1Sq+tnZLwV+xNtMczG2TTVUDm6rU7EjLRv5RBWE4lIIX +45NMIuqt6J8ttkEE4fOurVEdLSTRoBdVa//eMYp4TQ4lkzWS5Ma+ierNAoGAYO3z +1rFFQYzerq8ffM4E3H2JgvRYodhLMJQVdavAvG6aRDBzOk3rXgxx6U3VPYZ3oSbO +ZCRlYVbu1FnuwtpqYQ7Qf+UU+vD1Ld/ax3F+wFwLwET/0KRRg6mLCm/xQ/ad/9WA +DN6d6b1H8ZSMwHFbRexEELbRaomAYZYDO6K+4DkCgYEAv5De85hPnWtAvKhPzwQi +9mtyWo/cfQgtwL8IKNu6hBHl5RXDpPgX/+pNbXLJfBPwVR3H62x1CMYJDkWVuE6/ +ZjtF7FSucZMz/mR6r1GhSOXy3YLwQ6JLPjjKzvnEjahGlKwALJNL0O2ZucjsZxHE +PM4rmhRZT9opiapiltEhRm0= +-----END PRIVATE KEY----- diff --git a/cert/cert.pem b/cert/cert.pem index c668c26..7db7cce 100644 --- a/cert/cert.pem +++ b/cert/cert.pem @@ -1,21 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDazCCAlOgAwIBAgIUT6VZnyJjB25my9JrUt/qfdX+J8QwDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCVUsxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzEwMDExNDM5MjFaFw0zMzA5 -MjgxNDM5MjFaMEUxCzAJBgNVBAYTAlVLMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCVrc2ZbkM+ICgr9M9AahLijQOmbqhH03PtqUOprMuX -KGzKiG8v6VWCzdqrDMJTBe24/Ph9KUda8J63ra+uEfPXfTgox/NkbMVkd4qz5vIW -a6Q22g3RU2W8LpSczlcAdEvWBKxakWVnPvi1Sw/gj9Yn//HZxOvANeaTzr+wWNJa -VpTTXBPnvkpDY5GkfkSVkt1cZqCntZQAx85xBW1Bth860d0lZPibJBBtdtX3QO7r -PxeOgARB97J964M2DDvScaLiTH5+qQFzj/bS06Km+7s2rmA9ilPK/GlZb6Wc8f3Q -NdanZwF/odoLKFkW4cj0dG3vrRqJGKSO1tTk6OGrQfBTAgMBAAGjUzBRMB0GA1Ud -DgQWBBRLjaTwD74slcrdH0AWwqnCIBzDvzAfBgNVHSMEGDAWgBRLjaTwD74slcrd -H0AWwqnCIBzDvzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCQ -50dhW6+cdzv6vfTrhe5ABOlJ288cxrOnpqKZLK0kWgtXTBXuJdIMqKO7f1dNGGAF -fbhcIoo8YsTVYAHvK0e0nUvKKTj5Jq39YXX4jSmLZMhV9RCxHiuzn3a0Szly2FRG -oLhmz+ib0WmROmspLD+T500toayGi3gfoWALo/LtOSYqUI9JNlFXPEyOfg1dkKfE -op/8Nx4DY73mHtp25dKL3mG1FAa0MQQvDnYTv5BNMRiG2k3N4AL2nORR60PXZV+S -oW9vF+bDWo++GJjmTVgbJPX3joH2B4mg97f4L9i4KqXW38hSB890iyp02j7vXM8Y -vT7vM2Qae3Y48SeOdZIX +MIIDCjCCAfICFB/Vd2eOXWdNdrakThJhFIRtZmhUMA0GCSqGSIb3DQEBCwUAMEUx +CzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl +cm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMjMxMDI3MTUzNDM1WhcNMjMxMTI2MTUz +NDM1WjA+MQswCQYDVQQGEwJHQjENMAsGA1UECAwERmlmZTENMAsGA1UEBwwEY2l0 +eTERMA8GA1UECgwITWVzaCBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDVgcLtNU5AYfPML/mE5PyC7YYKvZn2mt6vEiJ7M/6EzYeTXFeYexD5ZqHg +ewGEd1fwiQWQsATsWd+EM4OnCAXAaNiOH6gGY7FR8CThfT+k8yIGPrl1BovzHHYS +Orekna17UFeIyFMHDPIjl4d2WiJPvmNn5PhLEppPHPBWPhl3J3sMrSbqyRuYbtta +oFIzN8mFcikixLg0SnBPtwlLC72ah9G+MF5CwEcU/E0bYbLQZXv+WhG5aw5JEzes +K2GLxVNgM0xXB7hSyLoX1wBc8DdQyLCMkOp55Hl04UKTxtVE82MiuAOVqMUuKFjR +u2a1C+/Gbk/PS5SHgenGjdZ8sZGpAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHMc +jIFG5Rn9KaVmo7E+/UAq+3ld/3y2yMHg5wq7oG8b7/z0mlSGErHdFMzo75AFLN4r +kOuiF5ItF6dRLNrG8IUFSNMGVH3b3ukw1EI8E89L8ak3CM+wpLT6GVP3BfV8ah+X +4RRix40Tmx4C81l+Lf5W10rHIdlXBCanJy/Fa0ae+S+oXFc9jeXHlK9qlgszrECT +Pa3VCR95LAIc6o9pDL2Z8tpEkSbyzvIWhp53fnC80PyXpSsFMfIw657shagBc/Ov +e7/aPpPf3V3CafJlEIraQp24MDI5ZM59lT5vhRq2AC50gelL6UPV16mVVUlGVhWE +vYyejod5i5ZbuLFOy2g= -----END CERTIFICATE----- diff --git a/cert/key.pem b/cert/key.pem deleted file mode 100644 index 09894bd..0000000 --- a/cert/key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCVrc2ZbkM+ICgr -9M9AahLijQOmbqhH03PtqUOprMuXKGzKiG8v6VWCzdqrDMJTBe24/Ph9KUda8J63 -ra+uEfPXfTgox/NkbMVkd4qz5vIWa6Q22g3RU2W8LpSczlcAdEvWBKxakWVnPvi1 -Sw/gj9Yn//HZxOvANeaTzr+wWNJaVpTTXBPnvkpDY5GkfkSVkt1cZqCntZQAx85x -BW1Bth860d0lZPibJBBtdtX3QO7rPxeOgARB97J964M2DDvScaLiTH5+qQFzj/bS -06Km+7s2rmA9ilPK/GlZb6Wc8f3QNdanZwF/odoLKFkW4cj0dG3vrRqJGKSO1tTk -6OGrQfBTAgMBAAECggEAC4kwrmGUJyadUf31Nza1q+ZIYLxoldiTN77y6xHZQxYn -hFiNkTi/kWxCLSq3k2SClN5SXHsg975RzUBCqPzTOUl6WZJHjPbhI8Qe2Yy0HcxA -BMY7iGWQErfYVlmE1REhgyYrDnPkR9fPnVFisOEFFWIhhrIppU/CLKQjm/jMhY/G -jdVaaTUcz9ee80BB8S6RCOWZLVc2/yYeIkby7AdGf8TUMqOvw/7AnLo4KwC3t06d -ZK+bCVpTD6O4d4VcXzy5eBDwsYUfWdLSp9JEuLJRQlsq449nXF9V7xjHCD8zOoqI -9PYh6xvPNB6fr9zSaOzLH9A4v+1zQqOoLHRliG2IcQKBgQDFlsYSzKUw+ae8AtqZ -qWQiHSXhEoeosjGHLvDWyXmqdORpDparDOw1b0UlFvt3wm/QXU8q3UtNcWn7/aP8 -f/QsKZshJnuk8/+piJBv0v+pHZjpx7lTGVnfTUXpaP5T1EWz9p6HUX5qLHA7XUpr -hQJLt0evvYv06GDtFLIjzHAHSQKBgQDB7UWO1n9TUofYHxG9zhoKsdCvNxeACxJJ -EA1Ue0Ri+y3FnUYY3H9JqQ4d4k3xm731rbgV6TD15xzqv+RGL0+pQ1dDKy4T0lH8 -+bsjRShrq+QVxVLBWff5rike1LTk8Q2bmFlv1COft+edrMsZOpK4af9QINbGc/wF -te5d77GuuwKBgC1bQvSlzXXEmWBrN0r2u2mpTzyvSDzNStlBST/E2Azs8FG9a5Cw -UrihZjnxYKBJHemywa2RRuvsEOwreS1JIf/RPS8K6m8fI50DIETLJqzngmaH1l7g -/uRnlJjT5S3RGH8LKbDeYCp3MPwvmhm8Wp6O4AHTfQEnJrjFe28ESuMhAoGAUiAT -dvwri7PFx6bQsprXuHO5NpqUHyuRINPlcUOKoIhSx/9ksh6e4Sjwy4MNEyareaGJ -9e19SIYJXvjIyVg72iikidN9ffNxuTphH/yns4Fl5DpeY3egZmJ1E5Ns0A+tfZk1 -NwCV3YvaUJHeqN5/SA3Li7l8eyqfLiPvwGRD0QUCgYEAs4VG+7f8qyTQ/9l4VzTj -1G4naIfDxOS8UTnbc3KJqk48yNuPHLUoAxXmmA+ulqsaLhW1Xn+PWTXdFVaHQ5eB -WCsgnrvi9zrznqyVi54y0lrQTt6dMsLpul/29zKR/464Uyzcdy0008Khl3dDTk0o -91xucId8s41do8dEqaHVEhE= ------END PRIVATE KEY----- diff --git a/cert/priv.pem b/cert/priv.pem new file mode 100644 index 0000000..ee5ffe6 --- /dev/null +++ b/cert/priv.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVgcLtNU5AYfPM +L/mE5PyC7YYKvZn2mt6vEiJ7M/6EzYeTXFeYexD5ZqHgewGEd1fwiQWQsATsWd+E +M4OnCAXAaNiOH6gGY7FR8CThfT+k8yIGPrl1BovzHHYSOrekna17UFeIyFMHDPIj +l4d2WiJPvmNn5PhLEppPHPBWPhl3J3sMrSbqyRuYbttaoFIzN8mFcikixLg0SnBP +twlLC72ah9G+MF5CwEcU/E0bYbLQZXv+WhG5aw5JEzesK2GLxVNgM0xXB7hSyLoX +1wBc8DdQyLCMkOp55Hl04UKTxtVE82MiuAOVqMUuKFjRu2a1C+/Gbk/PS5SHgenG +jdZ8sZGpAgMBAAECggEARJNAggLYhtpPPVp9WJ9ZsU3L+0AppujYND/tXkf1bD89 +V+nVYq7IZWp+/MRVWPAiCSphZLb8ZdN59JK9KtVrT4D9aSymwaKcjfZFSj15xyem +Wn4j///hzGxsSe+dE1znnw9PhindbQrN7Pua8TsDATzj3bdPvoETmexwDysz765i +u4zXvxP+xAessz1OYa5IUaDXdlWOf0e1zNXWwanjRggzCeWR3lTofG49GX087oVC +Sb9ASy+AScnOlwpTdQ8sKy1r9gXmE5ey4AULVb0nJ8LDvrCoBBhKBtVE5mJHepE6 +bdC9l6poL6roGvHfMAo3SmiUUT5XceqUxBtHcyHX3wKBgQD1uh+Dv0PrH3CTW9cF +bwHL1rmQNJrbDzDAaounGBe9mcot1RrBhyQAoGw1no4c+QWDAwYRuBP2+Rp6JLU/ +XnEXSyN85rJN6LajlrLEr+BNmKw6ghNsnAFUZBLaJ7epRi6OjACUwmtvH6hRIef8 +aMg4WiOyDT+Z4Xe81pdXb91HXwKBgQDebs3idgVEau3LCKGYnqvmUhzv8iiQiJmD +R29o2G5Xrahf3r1O5gJdGLO1DaCBtdrI7J4xUOlM935KaEYFe5B7RVGXg23tNWgb +2M+YQqu5qz61bDxhg7dGkegHrdvKNcSkV6GUSm5w9rdxJlY8+l45p/7QpSkatcbd +IRiVzMNr9wKBgQC/+Z5fbpFgYxqvdaPicdxkZShqOj71f8OlwFfEvrTlgv4KmqAh +rDP7bVm89leu2PpuZXFbbIXkgK8n1//mNyGBgkmCbjXFWlc+LSETOxixZuK/fxov +0x3S0bBM0ZTSYatD4KsfjVkj4wa8BBJbB33NUNbsZx9WWGkUlk58mD+3XwKBgQDV +mgR+n6WJQUIfwqckH+Ol517AkYSg33zEE9qKDaVQ74QMpKKY3MqSSkFw8agcR93V +K1zysOeJsPYHUEFFzJY/up6S6HSs4aebbkZUylmMkEVFBa6qWkmrLDxs+2lgsuem +hjy1YhDSzCn3L8CLCEdqCMjr5l8ltkBFZB3u5NcZmwKBgHE9ODedQm783JfvDNBb +lB/IoUjMhMR0J2vHC3zxgTU4nIK+MR0vXvA7fmZebpaQNwYrHY9gvrL0/QevOrmG +PtXlkQ9GITMxTlqfHWV5jXZuRBIGTqh1QW3tKbVAhUhNlM0XDNBmBvjKIFjxUIo3 +zMRw/o4R4cIaazyVxguZbsa2 +-----END PRIVATE KEY----- diff --git a/cmd/wgmeshd/configuration.yaml b/cmd/wgmeshd/configuration.yaml index 7ffd88d..9c6bf0e 100644 --- a/cmd/wgmeshd/configuration.yaml +++ b/cmd/wgmeshd/configuration.yaml @@ -1,5 +1,6 @@ certificatePath: "../../cert/cert.pem" -privateKeyPath: "../../cert/key.pem" +privateKeyPath: "../../cert/priv.pem" +caCertificatePath: "../../cert/cacert.pem" skipCertVerification: true gRPCPort: "8080" -advertiseRoutes: true \ No newline at end of file +advertiseRoutes: true diff --git a/pkg/automerge/automerge.go b/pkg/automerge/automerge.go index c99439d..5b2b197 100644 --- a/pkg/automerge/automerge.go +++ b/pkg/automerge/automerge.go @@ -40,17 +40,6 @@ func (c *CrdtMeshManager) AddNode(node mesh.MeshNode) { nodeVal.Map().Set("routes", automerge.NewMap()) } -func (c *CrdtMeshManager) ApplyWg() error { - // snapshot, err := c.GetMesh() - - // if err != nil { - // return err - // } - - // c.updateWgConf(c.IfName, snapshot.GetNodes(), *c.Client) - return nil -} - // GetMesh(): Converts the document into a struct func (c *CrdtMeshManager) GetMesh() (mesh.MeshSnapshot, error) { return automerge.As[*MeshCrdt](c.doc.Root()) @@ -95,43 +84,6 @@ func NewCrdtNodeManager(meshId, devName string, port int, conf conf.WgMeshConfig return &manager, nil } -func (m *CrdtMeshManager) convertMeshNode(node MeshNodeCrdt) (*wgtypes.PeerConfig, error) { - peerEndpoint, err := net.ResolveUDPAddr("udp", node.WgEndpoint) - - if err != nil { - return nil, err - } - - peerPublic, err := wgtypes.ParseKey(node.PublicKey) - - if err != nil { - return nil, err - } - - allowedIps := make([]net.IPNet, 1) - _, ipnet, err := net.ParseCIDR(node.WgHost) - - if err != nil { - return nil, err - } - - allowedIps[0] = *ipnet - - for route, _ := range node.Routes { - _, ipnet, _ := net.ParseCIDR(route) - allowedIps = append(allowedIps, *ipnet) - } - - peerConfig := wgtypes.PeerConfig{ - PublicKey: peerPublic, - Remove: m.HasFailed(node.HostEndpoint), - Endpoint: peerEndpoint, - AllowedIPs: allowedIps, - } - - return &peerConfig, nil -} - func (c *CrdtMeshManager) removeNode(endpoint string) error { err := c.doc.Path("nodes").Map().Delete(endpoint) @@ -222,6 +174,7 @@ func (m *CrdtMeshManager) UpdateTimeStamp(nodeId string) error { // AddRoutes: adds routes to the specific nodeId func (m *CrdtMeshManager) AddRoutes(nodeId string, routes ...string) error { nodeVal, err := m.doc.Path("nodes").Map().Get(nodeId) + logging.Log.WriteInfof("Adding route to %s", nodeId) if err != nil { return err @@ -244,31 +197,6 @@ func (m *CrdtMeshManager) AddRoutes(nodeId string, routes ...string) error { return nil } -func (m *CrdtMeshManager) updateWgConf(devName string, nodes map[string]MeshNodeCrdt, client wgctrl.Client) error { - peerConfigs := make([]wgtypes.PeerConfig, len(nodes)) - - var count int = 0 - - for _, n := range nodes { - peer, err := m.convertMeshNode(n) - - if err != nil { - return err - } - - peerConfigs[count] = *peer - count++ - } - - cfg := wgtypes.Config{ - Peers: peerConfigs, - ReplacePeers: true, - } - - client.ConfigureDevice(devName, cfg) - return nil -} - func (m *CrdtMeshManager) GetSyncer() mesh.MeshSyncer { return NewAutomergeSync(m) } @@ -286,7 +214,7 @@ func (m *MeshNodeCrdt) GetPublicKey() (wgtypes.Key, error) { } func (m *MeshNodeCrdt) GetWgEndpoint() string { - return m.HostEndpoint + return m.WgEndpoint } func (m *MeshNodeCrdt) GetWgHost() *net.IPNet { @@ -308,6 +236,15 @@ func (m *MeshNodeCrdt) GetRoutes() []string { return lib.MapKeys(m.Routes) } +func (m *MeshNodeCrdt) GetIdentifier() string { + ipv6 := m.WgHost[:len(m.WgHost)-4] + + constituents := strings.Split(ipv6, ":") + logging.Log.WriteInfof(ipv6) + constituents = constituents[4:] + return strings.Join(constituents, ":") +} + func (m *MeshCrdt) GetNodes() map[string]mesh.MeshNode { nodes := make(map[string]mesh.MeshNode) diff --git a/pkg/conf/conf.go b/pkg/conf/conf.go index 42e330b..fa41c87 100644 --- a/pkg/conf/conf.go +++ b/pkg/conf/conf.go @@ -11,6 +11,7 @@ import ( type WgMeshConfiguration struct { CertificatePath string `yaml:"certificatePath"` PrivateKeyPath string `yaml:"privateKeyPath"` + CaCertificatePath string `yaml:"caCertificatePath"` SkipCertVerification bool `yaml:"skipCertVerification"` GrpcPort string `yaml:"gRPCPort"` // AdvertiseRoutes advertises other meshes if the node is in multiple meshes diff --git a/pkg/conn/connectionmanager.go b/pkg/conn/connectionmanager.go index 10c8030..717913f 100644 --- a/pkg/conn/connectionmanager.go +++ b/pkg/conn/connectionmanager.go @@ -2,6 +2,9 @@ package conn import ( "crypto/tls" + "crypto/x509" + "errors" + "os" "sync" logging "github.com/tim-beatham/wgmesh/pkg/log" @@ -41,6 +44,7 @@ type NewConnectionManageParams struct { PrivateKey string // Whether or not to skip certificate verification SkipCertVerification bool + CaCert string } // NewConnectionManager: Creates a new instance of a ConnectionManager or an error @@ -61,6 +65,23 @@ func NewConnectionManager(params *NewConnectionManageParams) (ConnectionManager, serverAuth = tls.RequireAnyClientCert } + certPool := x509.NewCertPool() + + if !params.SkipCertVerification { + + if params.CaCert == "" { + return nil, errors.New("CA Cert is not specified") + } + + caCert, err := os.ReadFile(params.CaCert) + + if err != nil { + return nil, err + } + + certPool.AppendCertsFromPEM(caCert) + } + serverConfig := &tls.Config{ ClientAuth: serverAuth, Certificates: []tls.Certificate{cert}, @@ -69,6 +90,7 @@ func NewConnectionManager(params *NewConnectionManageParams) (ConnectionManager, clientConfig := &tls.Config{ Certificates: []tls.Certificate{cert}, InsecureSkipVerify: params.SkipCertVerification, + RootCAs: certPool, } connections := make(map[string]PeerConnection) diff --git a/pkg/ctrlserver/ctrlserver.go b/pkg/ctrlserver/ctrlserver.go index e1698bf..f1ef004 100644 --- a/pkg/ctrlserver/ctrlserver.go +++ b/pkg/ctrlserver/ctrlserver.go @@ -30,6 +30,7 @@ func NewCtrlServer(params *NewCtrlServerParams) (*MeshCtrlServer, error) { CertificatePath: params.Conf.CertificatePath, PrivateKey: params.Conf.PrivateKeyPath, SkipCertVerification: params.Conf.SkipCertVerification, + CaCert: params.Conf.CaCertificatePath, } connMgr, err := conn.NewConnectionManager(&connManagerParams) diff --git a/pkg/graph/graph.go b/pkg/graph/graph.go index 2a244db..1f0d4a4 100644 --- a/pkg/graph/graph.go +++ b/pkg/graph/graph.go @@ -11,12 +11,19 @@ import ( ) type GraphType string +type Shape string const ( GRAPH GraphType = "graph" DIGRAPH = "digraph" ) +const ( + CIRCLE Shape = "circle" + STAR Shape = "star" + HEXAGON Shape = "hexagon" +) + type Graph struct { Type GraphType Label string @@ -25,7 +32,8 @@ type Graph struct { } type Node struct { - Name string + Name string + Shape Shape } type Edge interface { @@ -53,15 +61,16 @@ func NewGraph(label string, graphType GraphType) *Graph { return &Graph{Type: graphType, Label: label, nodes: make(map[string]*Node), edges: make([]Edge, 0)} } -// AddNode: adds a node to the graph -func (g *Graph) AddNode(label string) error { +// PutNode: puts a node in the graph +func (g *Graph) PutNode(label string, shape Shape) error { _, exists := g.nodes[label] if exists { - return errors.New(fmt.Sprintf("Node %s already exists", label)) + // If exists no need to add the ndoe + return nil } - g.nodes[label] = &Node{Name: label} + g.nodes[label] = &Node{Name: label, Shape: shape} return nil } @@ -156,8 +165,8 @@ func (n *Node) hash() int { } func (n *Node) GetDOT() (string, error) { - return fmt.Sprintf("node[shape=circle, style=\"filled\", fillcolor=%d] %s;\n", - n.hash(), n.Name), nil + return fmt.Sprintf("node[shape=%s, style=\"filled\", fillcolor=%d] %s;\n", + n.Shape, n.hash(), n.Name), nil } func (e *DirectedEdge) GetDOT() (string, error) { diff --git a/pkg/mesh/graphgenerator.go b/pkg/mesh/meshgraph.go similarity index 63% rename from pkg/mesh/graphgenerator.go rename to pkg/mesh/meshgraph.go index 15a3ce9..c2ca6d2 100644 --- a/pkg/mesh/graphgenerator.go +++ b/pkg/mesh/meshgraph.go @@ -34,7 +34,7 @@ func (c *MeshDOTConverter) Generate(meshId string) (string, error) { } for _, node := range snapshot.GetNodes() { - g.AddNode(fmt.Sprintf("\"%s\"", node.GetWgHost().IP.String())) + c.graphNode(g, node) } nodes := lib.MapValues(snapshot.GetNodes()) @@ -45,8 +45,8 @@ func (c *MeshDOTConverter) Generate(meshId string) (string, error) { continue } - node1Id := fmt.Sprintf("\"%s\"", node1.GetWgHost().IP.String()) - node2Id := fmt.Sprintf("\"%s\"", node2.GetWgHost().IP.String()) + node1Id := fmt.Sprintf("\"%s\"", node1.GetIdentifier()) + node2Id := fmt.Sprintf("\"%s\"", node2.GetIdentifier()) g.AddEdge(fmt.Sprintf("%s to %s", node1Id, node2Id), node1Id, node2Id) } } @@ -54,6 +54,22 @@ func (c *MeshDOTConverter) Generate(meshId string) (string, error) { return g.GetDOT() } +// graphNode: graphs a node within the mesh +func (c *MeshDOTConverter) graphNode(g *graph.Graph, node MeshNode) { + nodeId := fmt.Sprintf("\"%s\"", node.GetIdentifier()) + g.PutNode(nodeId, graph.CIRCLE) + + if node.GetHostEndpoint() == c.manager.HostParameters.HostEndpoint { + return + } + + for _, route := range node.GetRoutes() { + routeId := fmt.Sprintf("\"%s\"", route) + g.PutNode(routeId, graph.HEXAGON) + g.AddEdge(fmt.Sprintf("%s to %s", nodeId, routeId), nodeId, routeId) + } +} + func NewMeshDotConverter(m *MeshManager) MeshGraphConverter { return &MeshDOTConverter{manager: m} } diff --git a/pkg/mesh/meshmanager.go b/pkg/mesh/meshmanager.go index 635aa57..aa034ee 100644 --- a/pkg/mesh/meshmanager.go +++ b/pkg/mesh/meshmanager.go @@ -45,7 +45,6 @@ func (m *MeshManager) CreateMesh(devName string, port int) (string, error) { } m.Meshes[key.String()] = nodeManager - return key.String(), err } @@ -70,12 +69,13 @@ func (m *MeshManager) AddMesh(meshId string, devName string, port int, meshBytes } m.Meshes[meshId] = meshProvider - return nil + return err } // AddMeshNode: Add a mesh node -func (m *MeshManager) AddMeshNode(meshId string, node MeshNode) { +func (m *MeshManager) AddMeshNode(meshId string, node MeshNode) error { m.Meshes[meshId].AddNode(node) + return m.RouteManager.UpdateRoutes() } // HasChanges returns true if the mesh has changes diff --git a/pkg/mesh/routemanager.go b/pkg/mesh/routemanager.go index 6bff5e0..05b3b05 100644 --- a/pkg/mesh/routemanager.go +++ b/pkg/mesh/routemanager.go @@ -1,12 +1,13 @@ package mesh import ( + "github.com/tim-beatham/wgmesh/pkg/ip" + logging "github.com/tim-beatham/wgmesh/pkg/log" "github.com/tim-beatham/wgmesh/pkg/route" ) type RouteManager interface { UpdateRoutes() error - ApplyWg() error } type RouteManagerImpl struct { @@ -15,55 +16,29 @@ type RouteManagerImpl struct { } func (r *RouteManagerImpl) UpdateRoutes() error { - // // meshes := r.meshManager.Meshes - // // ulaBuilder := new(ip.ULABuilder) + meshes := r.meshManager.Meshes + ulaBuilder := new(ip.ULABuilder) - // for _, mesh1 := range meshes { - // for _, mesh2 := range meshes { - // if mesh1 == mesh2 { - // continue - // } + for _, mesh1 := range meshes { + for _, mesh2 := range meshes { + if mesh1 == mesh2 { + continue + } - // ipNet, err := ulaBuilder.GetIPNet(mesh2.MeshId) + ipNet, err := ulaBuilder.GetIPNet(mesh2.GetMeshId()) - // if err != nil { - // logging.Log.WriteErrorf(err.Error()) - // return err - // } + if err != nil { + logging.Log.WriteErrorf(err.Error()) + return err + } - // mesh1.AddRoutes(ipNet.String()) - // } - // } + err = mesh1.AddRoutes(r.meshManager.HostParameters.HostEndpoint, ipNet.String()) - return nil -} - -func (r *RouteManagerImpl) ApplyWg() error { - // snapshot, err := mesh.GetMesh() - - // if err != nil { - // return err - // } - - // for _, node := range snapshot.Nodes { - // if node.HostEndpoint == r.meshManager.HostEndpoint { - // continue - // } - - // for route, _ := range node.Routes { - // _, netIP, err := net.ParseCIDR(route) - - // if err != nil { - // return err - // } - - // err = r.routeInstaller.InstallRoutes(mesh.IfName, netIP) - - // if err != nil { - // return err - // } - // } - // } + if err != nil { + return err + } + } + } return nil } diff --git a/pkg/mesh/types.go b/pkg/mesh/types.go index 36d8196..584000e 100644 --- a/pkg/mesh/types.go +++ b/pkg/mesh/types.go @@ -24,6 +24,8 @@ type MeshNode interface { GetTimeStamp() int64 // GetRoutes: returns the routes that the nodes provides GetRoutes() []string + // GetIdentifier: returns the identifier of the node + GetIdentifier() string } type MeshSnapshot interface { diff --git a/pkg/robin/requester.go b/pkg/robin/requester.go index a4d1787..2a2ec08 100644 --- a/pkg/robin/requester.go +++ b/pkg/robin/requester.go @@ -54,7 +54,7 @@ func (n *IpcHandler) CreateMesh(args *ipc.NewMeshArgs, reply *string) error { Routes: map[string]interface{}{}, } - n.Server.MeshManager.AddMeshNode(meshId, &meshNode) + err = n.Server.MeshManager.AddMeshNode(meshId, &meshNode) if err != nil { return err @@ -130,7 +130,12 @@ func (n *IpcHandler) JoinMesh(args ipc.JoinMeshArgs, reply *string) error { WgHost: ipAddr.String() + "/128", Routes: make(map[string]interface{}), } - n.Server.MeshManager.AddMeshNode(args.MeshId, &node) + err = n.Server.MeshManager.AddMeshNode(args.MeshId, &node) + + if err != nil { + return err + } + *reply = strconv.FormatBool(true) return nil }