From 2cd16e24a17940fd5c02c143074969553bfc44f9 Mon Sep 17 00:00:00 2001 From: Owen Date: Wed, 13 May 2026 14:58:17 -0700 Subject: [PATCH] Handle jit peers with alias --- olm/data.go | 17 +++++++++------ peers/manager.go | 55 ++++++++++++++++++++++++++---------------------- 2 files changed, 40 insertions(+), 32 deletions(-) diff --git a/olm/data.go b/olm/data.go index 5e6299a..879e61e 100644 --- a/olm/data.go +++ b/olm/data.go @@ -236,19 +236,22 @@ func (o *Olm) handleSync(msg websocket.WSMessage) { // Find peers to add (in expected but not in current) and peers to update for siteId, expectedSite := range expectedPeers { if _, exists := currentPeerMap[siteId]; !exists { + // Only trigger add if this is NOT a JIT-only config (i.e., has more than just siteId and aliases) + jitOnly := expectedSite.PublicKey == "" + if jitOnly { + logger.Debug("Sync: Registering aliases for JIT-only site %d", siteId) + if err := pm.AddPeer(expectedSite); err != nil { + logger.Error("Sync: Failed to register aliases for JIT site %d: %v", siteId, err) + } + continue + } + // New peer - add it using the add flow (with holepunch) logger.Info("Sync: Adding new peer for site %d", siteId) o.holePunchManager.TriggerHolePunch() o.holePunchManager.ResetServerHolepunchInterval() // start sending immediately again so we fill in the endpoint on the cloud - // // TODO: do we need to send the message to the cloud to add the peer that way? - // if err := o.peerManager.AddPeer(expectedSite); err != nil { - // logger.Error("Sync: Failed to add peer %d: %v", siteId, err) - // } else { - // logger.Info("Sync: Successfully added peer for site %d", siteId) - // } - // add the peer via the server // this is important because newt needs to get triggered as well to add the peer once the hp is complete chainId := fmt.Sprintf("sync-%d", expectedSite.SiteId) diff --git a/peers/manager.go b/peers/manager.go index b371aa1..626c58b 100644 --- a/peers/manager.go +++ b/peers/manager.go @@ -33,7 +33,7 @@ type PeerManagerConfig struct { SharedBind *bind.SharedBind // WSClient is optional - if nil, relay messages won't be sent WSClient *websocket.Client - APIServer *api.API + APIServer *api.API PublicDNS []string } @@ -52,7 +52,7 @@ type PeerManager struct { // key is the CIDR string, value is a set of siteIds that want this IP allowedIPClaims map[string]map[int]bool APIServer *api.API - publicDNS []string + publicDNS []string PersistentKeepalive int @@ -71,7 +71,7 @@ func NewPeerManager(config PeerManagerConfig) *PeerManager { allowedIPOwners: make(map[string]int), allowedIPClaims: make(map[string]map[int]bool), APIServer: config.APIServer, - publicDNS: config.PublicDNS, + publicDNS: config.PublicDNS, } // Create the peer monitor @@ -116,7 +116,7 @@ func (pm *PeerManager) GetAllPeers() []SiteConfig { func (pm *PeerManager) AddPeer(siteConfig SiteConfig) error { pm.mu.Lock() defer pm.mu.Unlock() - + for _, alias := range siteConfig.Aliases { address := net.ParseIP(alias.AliasAddress) if address == nil { @@ -124,7 +124,7 @@ func (pm *PeerManager) AddPeer(siteConfig SiteConfig) error { } pm.dnsProxy.AddDNSRecord(alias.Alias, address, siteConfig.SiteId) } - + if siteConfig.PublicKey == "" { logger.Debug("Skip adding site %d because no pub key", siteConfig.SiteId) return nil @@ -162,7 +162,7 @@ func (pm *PeerManager) AddPeer(siteConfig SiteConfig) error { if err := network.AddRoutes(siteConfig.RemoteSubnets, pm.interfaceName); err != nil { logger.Error("Failed to add routes for remote subnets: %v", err) } - + monitorAddress := strings.Split(siteConfig.ServerIP, "/")[0] monitorPeer := net.JoinHostPort(monitorAddress, strconv.Itoa(int(siteConfig.ServerPort+1))) // +1 for the monitor port @@ -189,7 +189,7 @@ func (pm *PeerManager) AddPeer(siteConfig SiteConfig) error { func (pm *PeerManager) UpdateAllPeersPersistentKeepalive(interval int) map[int]error { pm.mu.RLock() defer pm.mu.RUnlock() - + pm.PersistentKeepalive = interval errors := make(map[int]error) @@ -311,6 +311,29 @@ func (pm *PeerManager) UpdatePeer(siteConfig SiteConfig) error { return fmt.Errorf("peer with site ID %d not found", siteConfig.SiteId) } + // Update aliases + // Remove old aliases + for _, alias := range oldPeer.Aliases { + address := net.ParseIP(alias.AliasAddress) + if address == nil { + continue + } + pm.dnsProxy.RemoveDNSRecord(alias.Alias, address) + } + // Add new aliases + for _, alias := range siteConfig.Aliases { + address := net.ParseIP(alias.AliasAddress) + if address == nil { + continue + } + pm.dnsProxy.AddDNSRecord(alias.Alias, address, siteConfig.SiteId) + } + + if siteConfig.PublicKey == "" { + logger.Debug("Skip updating site %d because no pub key", siteConfig.SiteId) + return nil + } + // If public key changed, remove old peer first if siteConfig.PublicKey != oldPeer.PublicKey { if err := RemovePeer(pm.device, siteConfig.SiteId, oldPeer.PublicKey); err != nil { @@ -434,24 +457,6 @@ func (pm *PeerManager) UpdatePeer(siteConfig SiteConfig) error { } } - // Update aliases - // Remove old aliases - for _, alias := range oldPeer.Aliases { - address := net.ParseIP(alias.AliasAddress) - if address == nil { - continue - } - pm.dnsProxy.RemoveDNSRecord(alias.Alias, address) - } - // Add new aliases - for _, alias := range siteConfig.Aliases { - address := net.ParseIP(alias.AliasAddress) - if address == nil { - continue - } - pm.dnsProxy.AddDNSRecord(alias.Alias, address, siteConfig.SiteId) - } - pm.peerMonitor.UpdateHolepunchEndpoint(siteConfig.SiteId, siteConfig.Endpoint) monitorAddress := strings.Split(siteConfig.ServerIP, "/")[0]