Extend protocol and firewall manager to handle old management (#915)

* Extend protocol and firewall manager to handle old management * Send correct empty firewall rules list when delete peer * Add extra tests for firewall manager and uspfilter * Work with inconsistent state * Review note * Update comment
2026-04-18 08:16:39 +00:00 · 2023-05-31 21:04:38 +04:00
parent 45a6263adc
commit 293499c3c0
13 changed files with 362 additions and 220 deletions
--- a/management/server/grpcserver.go
+++ b/management/server/grpcserver.go
@@ -444,14 +444,15 @@ func toSyncResponse(config *Config, peer *Peer, turnCredentials *TURNCredentials
 		RemotePeers:        remotePeers,
 		RemotePeersIsEmpty: len(remotePeers) == 0,
 		NetworkMap: &proto.NetworkMap{
-			Serial:             networkMap.Network.CurrentSerial(),
-			PeerConfig:         pConfig,
-			RemotePeers:        remotePeers,
-			OfflinePeers:       offlinePeers,
-			RemotePeersIsEmpty: len(remotePeers) == 0,
-			Routes:             routesUpdate,
-			DNSConfig:          dnsUpdate,
-			FirewallRules:      firewallRules,
+			Serial:               networkMap.Network.CurrentSerial(),
+			PeerConfig:           pConfig,
+			RemotePeers:          remotePeers,
+			OfflinePeers:         offlinePeers,
+			RemotePeersIsEmpty:   len(remotePeers) == 0,
+			Routes:               routesUpdate,
+			DNSConfig:            dnsUpdate,
+			FirewallRules:        firewallRules,
+			FirewallRulesIsEmpty: len(firewallRules) == 0,
 		},
 	}
 }
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -395,9 +395,11 @@ func (am *DefaultAccountManager) DeletePeer(accountID, peerID, userID string) (*
 				RemotePeersIsEmpty: true,
 				// new field
 				NetworkMap: &proto.NetworkMap{
-					Serial:             account.Network.CurrentSerial(),
-					RemotePeers:        []*proto.RemotePeerConfig{},
-					RemotePeersIsEmpty: true,
+					Serial:               account.Network.CurrentSerial(),
+					RemotePeers:          []*proto.RemotePeerConfig{},
+					RemotePeersIsEmpty:   true,
+					FirewallRules:        []*proto.FirewallRule{},
+					FirewallRulesIsEmpty: true,
 				},
 			},
 		})
--- a/management/server/policy.go
+++ b/management/server/policy.go
@@ -242,6 +242,9 @@ func (a *Account) connResourcesGenerator() (func(*PolicyRule, []*Peer, int), fun
 	peers := make([]*Peer, 0)
 	return func(rule *PolicyRule, groupPeers []*Peer, direction int) {
 			for _, peer := range groupPeers {
+				if peer == nil {
+					continue
+				}
 				if _, ok := peersExists[peer.ID]; !ok {
 					peers = append(peers, peer)
 					peersExists[peer.ID] = struct{}{}
@@ -457,8 +460,8 @@ func getAllPeersFromGroups(account *Account, groups []string, peerID string) ([]
 		}

 		for _, p := range group.Peers {
-			peer := account.Peers[p]
-			if peer.ID == peerID {
+			peer, ok := account.Peers[p]
+			if ok && peer != nil && peer.ID == peerID {
 				peerInGroups = true
 				continue
 			}