Handle peer interface config change (#348)

Before this change, NetBird Agent wasn't handling peer interface configuration changes dynamically. Also, remote peer configuration changes have not been applied (e.g. AllowedIPs changed). Not a very common cause, but still it should be handled. Now, Agent reacts to PeerConfig changes sent from the management service and restarts remote connections if AllowedIps have been changed.
2026-04-18 08:16:39 +00:00 · 2022-06-04 19:41:01 +02:00
parent 60ac8c3268
commit e6e9f0322f
13 changed files with 278 additions and 83 deletions
--- a/management/server/grpcserver.go
+++ b/management/server/grpcserver.go
@@ -29,9 +29,6 @@ type Server struct {
 	jwtMiddleware          *middleware.JWTMiddleware
 }

-// AllowedIPsFormat generates Wireguard AllowedIPs format (e.g. 100.30.30.1/32)
-const AllowedIPsFormat = "%s/32"
-
 // NewServer creates a new Management server
 func NewServer(config *Config, accountManager AccountManager, peersUpdateManager *PeersUpdateManager, turnCredentialsManager TURNCredentialsManager) (*Server, error) {
 	key, err := wgtypes.GeneratePrivateKey()
@@ -227,7 +224,7 @@ func (s *Server) registerPeer(peerKey wgtypes.Key, req *proto.LoginRequest) (*Pe
 				peersToSend = append(peersToSend, p)
 			}
 		}
-		update := toSyncResponse(s.config, peer, peersToSend, nil, networkMap.Network.CurrentSerial())
+		update := toSyncResponse(s.config, remotePeer, peersToSend, nil, networkMap.Network.CurrentSerial())
 		err = s.peersUpdateManager.SendUpdate(remotePeer.Key, &UpdateMessage{Update: update})
 		if err != nil {
 			// todo rethink if we should keep this return
@@ -368,7 +365,7 @@ func toWiretrusteeConfig(config *Config, turnCredentials *TURNCredentials) *prot

 func toPeerConfig(peer *Peer) *proto.PeerConfig {
 	return &proto.PeerConfig{
-		Address: peer.IP.String() + "/16", // todo make it explicit
+		Address: fmt.Sprintf("%s/%d", peer.IP.String(), SubnetSize), // take it from the network
 	}
 }

@@ -377,7 +374,7 @@ func toRemotePeerConfig(peers []*Peer) []*proto.RemotePeerConfig {
 	for _, rPeer := range peers {
 		remotePeers = append(remotePeers, &proto.RemotePeerConfig{
 			WgPubKey:   rPeer.Key,
-			AllowedIps: []string{fmt.Sprintf(AllowedIPsFormat, rPeer.IP)}, // todo /32
+			AllowedIps: []string{fmt.Sprintf(AllowedIPsFormat, rPeer.IP)},
 		})
 	}

--- a/management/server/network.go
+++ b/management/server/network.go
@@ -11,6 +11,16 @@ import (
 	"time"
 )

+const (
+	// SubnetSize is a size of the subnet of the global network, e.g.  100.77.0.0/16
+	SubnetSize = 16
+	// NetSize is a global network size 100.64.0.0/10
+	NetSize = 10
+
+	// AllowedIPsFormat generates Wireguard AllowedIPs format (e.g. 100.64.30.1/32)
+	AllowedIPsFormat = "%s/32"
+)
+
 type NetworkMap struct {
 	Peers   []*Peer
 	Network *Network
@@ -31,8 +41,8 @@ type Network struct {
 // It takes a random /16 subnet from 100.64.0.0/10 (64 different subnets)
 func NewNetwork() *Network {

-	n := iplib.NewNet4(net.ParseIP("100.64.0.0"), 10)
-	sub, _ := n.Subnet(16)
+	n := iplib.NewNet4(net.ParseIP("100.64.0.0"), NetSize)
+	sub, _ := n.Subnet(SubnetSize)

 	s := rand.NewSource(time.Now().Unix())
 	r := rand.New(s)