[management, client] Add IPv6 overlay support (#5631)

2026-05-16 13:49:58 +00:00 · 2026-05-07 18:33:37 +09:00
parent f23aaa9ae7
commit 205ebcfda2
229 changed files with 10155 additions and 2816 deletions
--- a/management/server/route_test.go
+++ b/management/server/route_test.go
@@ -2,7 +2,6 @@ package server

 import (
 	"context"
-	"net"
 	"net/netip"
 	"testing"
 	"time"
@@ -1333,14 +1332,24 @@ func initTestRouteAccount(t *testing.T, am *DefaultAccountManager) (*types.Accou
 		return nil, err
 	}

+	v6Prefix, err := netip.ParsePrefix(account.Network.NetV6.String())
+	if err != nil {
+		return nil, err
+	}
+
 	ips := account.GetTakenIPs()
-	peer1IP, err := types.AllocatePeerIP(account.Network.Net, ips)
+	peer1IP, err := types.AllocatePeerIP(netip.MustParsePrefix(account.Network.Net.String()), ips)
+	if err != nil {
+		return nil, err
+	}
+	peer1IPv6, err := types.AllocateRandomPeerIPv6(v6Prefix)
 	if err != nil {
 		return nil, err
 	}

 	peer1 := &nbpeer.Peer{
 		IP:       peer1IP,
+		IPv6:     peer1IPv6,
 		ID:       peer1ID,
 		Key:      peer1Key,
 		Name:     "test-host1@netbird.io",
@@ -1361,13 +1370,18 @@ func initTestRouteAccount(t *testing.T, am *DefaultAccountManager) (*types.Accou
 	account.Peers[peer1.ID] = peer1

 	ips = account.GetTakenIPs()
-	peer2IP, err := types.AllocatePeerIP(account.Network.Net, ips)
+	peer2IP, err := types.AllocatePeerIP(netip.MustParsePrefix(account.Network.Net.String()), ips)
+	if err != nil {
+		return nil, err
+	}
+	peer2IPv6, err := types.AllocateRandomPeerIPv6(v6Prefix)
 	if err != nil {
 		return nil, err
 	}

 	peer2 := &nbpeer.Peer{
 		IP:       peer2IP,
+		IPv6:     peer2IPv6,
 		ID:       peer2ID,
 		Key:      peer2Key,
 		Name:     "test-host2@netbird.io",
@@ -1388,13 +1402,18 @@ func initTestRouteAccount(t *testing.T, am *DefaultAccountManager) (*types.Accou
 	account.Peers[peer2.ID] = peer2

 	ips = account.GetTakenIPs()
-	peer3IP, err := types.AllocatePeerIP(account.Network.Net, ips)
+	peer3IP, err := types.AllocatePeerIP(netip.MustParsePrefix(account.Network.Net.String()), ips)
+	if err != nil {
+		return nil, err
+	}
+	peer3IPv6, err := types.AllocateRandomPeerIPv6(v6Prefix)
 	if err != nil {
 		return nil, err
 	}

 	peer3 := &nbpeer.Peer{
 		IP:       peer3IP,
+		IPv6:     peer3IPv6,
 		ID:       peer3ID,
 		Key:      peer3Key,
 		Name:     "test-host3@netbird.io",
@@ -1415,13 +1434,18 @@ func initTestRouteAccount(t *testing.T, am *DefaultAccountManager) (*types.Accou
 	account.Peers[peer3.ID] = peer3

 	ips = account.GetTakenIPs()
-	peer4IP, err := types.AllocatePeerIP(account.Network.Net, ips)
+	peer4IP, err := types.AllocatePeerIP(netip.MustParsePrefix(account.Network.Net.String()), ips)
+	if err != nil {
+		return nil, err
+	}
+	peer4IPv6, err := types.AllocateRandomPeerIPv6(v6Prefix)
 	if err != nil {
 		return nil, err
 	}

 	peer4 := &nbpeer.Peer{
 		IP:       peer4IP,
+		IPv6:     peer4IPv6,
 		ID:       peer4ID,
 		Key:      peer4Key,
 		Name:     "test-host4@netbird.io",
@@ -1442,13 +1466,18 @@ func initTestRouteAccount(t *testing.T, am *DefaultAccountManager) (*types.Accou
 	account.Peers[peer4.ID] = peer4

 	ips = account.GetTakenIPs()
-	peer5IP, err := types.AllocatePeerIP(account.Network.Net, ips)
+	peer5IP, err := types.AllocatePeerIP(netip.MustParsePrefix(account.Network.Net.String()), ips)
+	if err != nil {
+		return nil, err
+	}
+	peer5IPv6, err := types.AllocateRandomPeerIPv6(v6Prefix)
 	if err != nil {
 		return nil, err
 	}

 	peer5 := &nbpeer.Peer{
 		IP:       peer5IP,
+		IPv6:     peer5IPv6,
 		ID:       peer5ID,
 		Key:      peer5Key,
 		Name:     "test-host5@netbird.io",
@@ -1549,7 +1578,8 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 		Peers: map[string]*nbpeer.Peer{
 			"peerA": {
 				ID:     "peerA",
-				IP:     net.ParseIP("100.65.14.88"),
+				IP:     netip.MustParseAddr("100.65.14.88"),
+				IPv6:   netip.MustParseAddr("fd00::1"),
 				Status: &nbpeer.PeerStatus{},
 				Meta: nbpeer.PeerSystemMeta{
 					GoOS: "linux",
@@ -1557,18 +1587,21 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 			},
 			"peerB": {
 				ID:     "peerB",
-				IP:     net.ParseIP(peerBIp),
+				IP:     netip.MustParseAddr(peerBIp),
+				IPv6:   netip.MustParseAddr("fd00::2"),
 				Status: &nbpeer.PeerStatus{},
 				Meta:   nbpeer.PeerSystemMeta{},
 			},
 			"peerC": {
 				ID:     "peerC",
-				IP:     net.ParseIP(peerCIp),
+				IP:     netip.MustParseAddr(peerCIp),
+				IPv6:   netip.MustParseAddr("fd00::3"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerD": {
 				ID:     "peerD",
-				IP:     net.ParseIP("100.65.62.5"),
+				IP:     netip.MustParseAddr("100.65.62.5"),
+				IPv6:   netip.MustParseAddr("fd00::4"),
 				Status: &nbpeer.PeerStatus{},
 				Meta: nbpeer.PeerSystemMeta{
 					GoOS: "linux",
@@ -1576,7 +1609,8 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 			},
 			"peerE": {
 				ID:     "peerE",
-				IP:     net.ParseIP("100.65.32.206"),
+				IP:     netip.MustParseAddr("100.65.32.206"),
+				IPv6:   netip.MustParseAddr("fd00::5"),
 				Key:    peer1Key,
 				Status: &nbpeer.PeerStatus{},
 				Meta: nbpeer.PeerSystemMeta{
@@ -1585,27 +1619,32 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 			},
 			"peerF": {
 				ID:     "peerF",
-				IP:     net.ParseIP("100.65.250.202"),
+				IP:     netip.MustParseAddr("100.65.250.202"),
+				IPv6:   netip.MustParseAddr("fd00::6"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerG": {
 				ID:     "peerG",
-				IP:     net.ParseIP("100.65.13.186"),
+				IP:     netip.MustParseAddr("100.65.13.186"),
+				IPv6:   netip.MustParseAddr("fd00::7"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerH": {
 				ID:     "peerH",
-				IP:     net.ParseIP(peerHIp),
+				IP:     netip.MustParseAddr(peerHIp),
+				IPv6:   netip.MustParseAddr("fd00::8"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerJ": {
 				ID:     "peerJ",
-				IP:     net.ParseIP(peerJIp),
+				IP:     netip.MustParseAddr(peerJIp),
+				IPv6:   netip.MustParseAddr("fd00::a"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerK": {
 				ID:     "peerK",
-				IP:     net.ParseIP(peerKIp),
+				IP:     netip.MustParseAddr(peerKIp),
+				IPv6:   netip.MustParseAddr("fd00::b"),
 				Status: &nbpeer.PeerStatus{},
 			},
 		},
@@ -2129,84 +2168,101 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
 		Peers: map[string]*nbpeer.Peer{
 			"peerA": {
 				ID:     "peerA",
-				IP:     net.ParseIP("100.65.14.88"),
+				IP:     netip.MustParseAddr("100.65.14.88"),
+				IPv6:   netip.MustParseAddr("fd00::1"),
 				Key:    "peerA",
 				Status: &nbpeer.PeerStatus{},
 				Meta: nbpeer.PeerSystemMeta{
-					GoOS: "linux",
+					GoOS:         "linux",
+					Capabilities: []int32{nbpeer.PeerCapabilityIPv6Overlay},
 				},
 			},
 			"peerB": {
 				ID:     "peerB",
-				IP:     net.ParseIP(peerBIp),
+				IP:     netip.MustParseAddr(peerBIp),
+				IPv6:   netip.MustParseAddr("fd00::2"),
 				Status: &nbpeer.PeerStatus{},
 				Meta:   nbpeer.PeerSystemMeta{},
 			},
 			"peerC": {
 				ID:     "peerC",
-				IP:     net.ParseIP(peerCIp),
+				IP:     netip.MustParseAddr(peerCIp),
+				IPv6:   netip.MustParseAddr("fd00::3"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerD": {
 				ID:     "peerD",
-				IP:     net.ParseIP("100.65.62.5"),
+				IP:     netip.MustParseAddr("100.65.62.5"),
+				IPv6:   netip.MustParseAddr("fd00::4"),
 				Key:    "peerD",
 				Status: &nbpeer.PeerStatus{},
 				Meta: nbpeer.PeerSystemMeta{
-					GoOS: "linux",
+					GoOS:         "linux",
+					Capabilities: []int32{nbpeer.PeerCapabilityIPv6Overlay},
 				},
 			},
 			"peerE": {
 				ID:     "peerE",
-				IP:     net.ParseIP("100.65.32.206"),
+				IP:     netip.MustParseAddr("100.65.32.206"),
+				IPv6:   netip.MustParseAddr("fd00::5"),
 				Key:    "peerE",
 				Status: &nbpeer.PeerStatus{},
 				Meta: nbpeer.PeerSystemMeta{
-					GoOS: "linux",
+					GoOS:         "linux",
+					Capabilities: []int32{nbpeer.PeerCapabilityIPv6Overlay},
 				},
 			},
 			"peerF": {
 				ID:     "peerF",
-				IP:     net.ParseIP("100.65.250.202"),
+				IP:     netip.MustParseAddr("100.65.250.202"),
+				IPv6:   netip.MustParseAddr("fd00::6"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerG": {
 				ID:     "peerG",
-				IP:     net.ParseIP("100.65.13.186"),
+				IP:     netip.MustParseAddr("100.65.13.186"),
+				IPv6:   netip.MustParseAddr("fd00::7"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerH": {
 				ID:     "peerH",
-				IP:     net.ParseIP(peerHIp),
+				IP:     netip.MustParseAddr(peerHIp),
+				IPv6:   netip.MustParseAddr("fd00::8"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerJ": {
 				ID:     "peerJ",
-				IP:     net.ParseIP(peerJIp),
+				IP:     netip.MustParseAddr(peerJIp),
+				IPv6:   netip.MustParseAddr("fd00::a"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerK": {
 				ID:     "peerK",
-				IP:     net.ParseIP(peerKIp),
+				IP:     netip.MustParseAddr(peerKIp),
+				IPv6:   netip.MustParseAddr("fd00::b"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerL": {
 				ID:     "peerL",
-				IP:     net.ParseIP("100.65.19.186"),
+				IP:     netip.MustParseAddr("100.65.19.186"),
+				IPv6:   netip.MustParseAddr("fd00::d"),
 				Key:    "peerL",
 				Status: &nbpeer.PeerStatus{},
 				Meta: nbpeer.PeerSystemMeta{
-					GoOS: "linux",
+					GoOS:         "linux",
+					Capabilities: []int32{nbpeer.PeerCapabilityIPv6Overlay},
 				},
 			},
 			"peerM": {
 				ID:     "peerM",
-				IP:     net.ParseIP(peerMIp),
+				IP:     netip.MustParseAddr(peerMIp),
+				IPv6:   netip.MustParseAddr("fd00::e"),
 				Status: &nbpeer.PeerStatus{},
 			},
 			"peerN": {
 				ID:     "peerN",
-				IP:     net.ParseIP("100.65.20.18"),
+				IP:     netip.MustParseAddr("100.65.20.18"),
+				IPv6:   netip.MustParseAddr("fd00::f"),
 				Key:    "peerN",
 				Status: &nbpeer.PeerStatus{},
 				Meta: nbpeer.PeerSystemMeta{
@@ -2215,7 +2271,8 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
 			},
 			"peerO": {
 				ID:     "peerO",
-				IP:     net.ParseIP(peerOIp),
+				IP:     netip.MustParseAddr(peerOIp),
+				IPv6:   netip.MustParseAddr("fd00::10"),
 				Status: &nbpeer.PeerStatus{},
 			},
 		},