feat: add interface black list to avoid undesired interfaces

2026-04-18 00:06:38 +00:00 · 2021-05-16 18:05:08 +02:00
parent 47933bcbfa
commit a773ec8150
4 changed files with 37 additions and 18 deletions
--- a/connection/connection.go
+++ b/connection/connection.go
@@ -29,6 +29,8 @@ type ConnConfig struct {
 	RemoteWgKey wgtypes.Key

 	StunTurnURLS []*ice.URL
+
+	iFaceBlackList map[string]struct{}
 }

 type IceCredentials struct {
@@ -88,6 +90,13 @@ func (conn *Connection) Open(timeout time.Duration) error {
 	a, err := ice.NewAgent(&ice.AgentConfig{
 		NetworkTypes: []ice.NetworkType{ice.NetworkTypeUDP4},
 		Urls:         conn.Config.StunTurnURLS,
+		InterfaceFilter: func(s string) bool {
+			if conn.Config.iFaceBlackList == nil {
+				return true
+			}
+			_, ok := conn.Config.iFaceBlackList[s]
+			return !ok
+		},
 	})
 	conn.agent = a

@@ -280,7 +289,7 @@ func (conn *Connection) listenOnConnectionStateChanges() error {
 				log.Errorf("failed selecting active ICE candidate pair %s", err)
 				return
 			}
-			log.Debugf("closed to peer %s via selected candidate pair %s", conn.Config.RemoteWgKey.String(), pair)
+			log.Infof("will connect to peer %s via a selected connnection candidate pair %s", conn.Config.RemoteWgKey.String(), pair)
 		} else if state == ice.ConnectionStateDisconnected || state == ice.ConnectionStateFailed {
 			// todo do we really wanna have a connection restart within connection itself? Think of moving it outside
 			err := conn.Close()
--- a/connection/engine.go
+++ b/connection/engine.go
@@ -23,6 +23,8 @@ type Engine struct {
 	wgIface string
 	// Wireguard local address
 	wgIp string
+
+	iFaceBlackList map[string]struct{}
 }

 type Peer struct {
@@ -30,13 +32,15 @@ type Peer struct {
 	WgAllowedIps string
 }

-func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string) *Engine {
+func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string,
+	iFaceBlackList map[string]struct{}) *Engine {
 	return &Engine{
-		stunsTurns: stunsTurns,
-		signal:     signal,
-		wgIface:    wgIface,
-		wgIp:       wgAddr,
-		conns:      map[string]*Connection{},
+		stunsTurns:     stunsTurns,
+		signal:         signal,
+		wgIface:        wgIface,
+		wgIp:           wgAddr,
+		conns:          map[string]*Connection{},
+		iFaceBlackList: iFaceBlackList,
 	}
 }

@@ -101,13 +105,14 @@ func (e *Engine) openPeerConnection(wgPort int, myKey wgtypes.Key, peer Peer) (*

 	remoteKey, _ := wgtypes.ParseKey(peer.WgPubKey)
 	connConfig := &ConnConfig{
-		WgListenAddr: fmt.Sprintf("127.0.0.1:%d", wgPort),
-		WgPeerIp:     e.wgIp,
-		WgIface:      e.wgIface,
-		WgAllowedIPs: peer.WgAllowedIps,
-		WgKey:        myKey,
-		RemoteWgKey:  remoteKey,
-		StunTurnURLS: e.stunsTurns,
+		WgListenAddr:   fmt.Sprintf("127.0.0.1:%d", wgPort),
+		WgPeerIp:       e.wgIp,
+		WgIface:        e.wgIface,
+		WgAllowedIPs:   peer.WgAllowedIps,
+		WgKey:          myKey,
+		RemoteWgKey:    remoteKey,
+		StunTurnURLS:   e.stunsTurns,
+		iFaceBlackList: e.iFaceBlackList,
 	}

 	signalOffer := func(uFrag string, pwd string) error {