sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-25 11:46:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

minor fixes after tests

Browse Source
This commit is contained in:
crn4
2025-10-07 10:07:14 +01:00
parent e926ca34b5
commit ffed4b38ef
1 changed files with 39 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
management/server/types/networkmapbuilder.go
View File

@@ -36,6 +36,7 @@ type NetworkMapCache struct {
policyToRules map[string][]*PolicyRule //policyId policyToRules map[string][]*PolicyRule //policyId
groupToPolicies map[string][]*Policy groupToPolicies map[string][]*Policy
groupToRoutes map[string][]*route.Route groupToRoutes map[string][]*route.Route
peerToRoutes map[string][]*route.Route
peerACLs map[string]*PeerACLView peerACLs map[string]*PeerACLView
peerRoutes map[string]*PeerRoutesView peerRoutes map[string]*PeerRoutesView
@@ -57,6 +58,7 @@ type PeerACLView struct {
type PeerRoutesView struct { type PeerRoutesView struct {
OwnRouteIDs []route.ID OwnRouteIDs []route.ID
NetworkResourceIDs []route.ID NetworkResourceIDs []route.ID
InheritedRouteIDs []route.ID
RouteFirewallRuleIDs []string RouteFirewallRuleIDs []string
} }
@@ -78,6 +80,7 @@ func NewNetworkMapBuilder(account *Account, validatedPeers map[string]struct{})
policyToRules: make(map[string][]*PolicyRule), policyToRules: make(map[string][]*PolicyRule),
groupToPolicies: make(map[string][]*Policy), groupToPolicies: make(map[string][]*Policy),
groupToRoutes: make(map[string][]*route.Route), groupToRoutes: make(map[string][]*route.Route),
peerToRoutes: make(map[string][]*route.Route),
peerACLs: make(map[string]*PeerACLView), peerACLs: make(map[string]*PeerACLView),
peerRoutes: make(map[string]*PeerRoutesView), peerRoutes: make(map[string]*PeerRoutesView),
peerDNS: make(map[string]*nbdns.Config), peerDNS: make(map[string]*nbdns.Config),
@@ -126,6 +129,7 @@ func (b *NetworkMapBuilder) buildGlobalIndexes(account *Account) {
clear(b.cache.globalRouteRules) clear(b.cache.globalRouteRules)
clear(b.cache.globalResources) clear(b.cache.globalResources)
clear(b.cache.groupToRoutes) clear(b.cache.groupToRoutes)
clear(b.cache.peerToRoutes)
maps.Copy(b.cache.globalPeers, account.Peers) maps.Copy(b.cache.globalPeers, account.Peers)
@@ -176,9 +180,14 @@ func (b *NetworkMapBuilder) buildGlobalIndexes(account *Account) {
if !r.Enabled { if !r.Enabled {
continue continue
} }
for _, groupID := range r.Groups { for _, groupID := range r.PeerGroups {
b.cache.groupToRoutes[groupID] = append(b.cache.groupToRoutes[groupID], r) b.cache.groupToRoutes[groupID] = append(b.cache.groupToRoutes[groupID], r)
} }
if r.Peer != "" {
if peer, ok := b.cache.globalPeers[r.Peer]; ok {
b.cache.peerToRoutes[peer.ID] = append(b.cache.peerToRoutes[peer.ID], r)
}
}
} }
} }
@@ -223,7 +232,7 @@ func (b *NetworkMapBuilder) buildPeerACLView(account *Account, peerID string) {
func (b *NetworkMapBuilder) getPeerConnectionResources(account *Account, peerID string, func (b *NetworkMapBuilder) getPeerConnectionResources(account *Account, peerID string,
validatedPeersMap map[string]struct{}, validatedPeersMap map[string]struct{},
) ([]*nbpeer.Peer, []*FirewallRule) { ) ([]*nbpeer.Peer, []*FirewallRule) {
ctx := context.Background()
peer := b.cache.globalPeers[peerID] peer := b.cache.globalPeers[peerID]
if peer == nil { if peer == nil {
return nil, nil return nil, nil
@@ -243,6 +252,9 @@ func (b *NetworkMapBuilder) getPeerConnectionResources(account *Account, peerID
for _, group := range peerGroups { for _, group := range peerGroups {
policies := b.cache.groupToPolicies[group] policies := b.cache.groupToPolicies[group]
for _, policy := range policies { for _, policy := range policies {
if isValid := account.validatePostureChecksOnPeer(ctx, policy.SourcePostureChecks, peerID); !isValid {
continue
}
rules := b.cache.policyToRules[policy.ID] rules := b.cache.policyToRules[policy.ID]
for _, rule := range rules { for _, rule := range rules {
peerInSources := b.isPeerInGroupscached(rule.Sources, peerGroupsMap) peerInSources := b.isPeerInGroupscached(rule.Sources, peerGroupsMap)
@@ -359,7 +371,6 @@ func (b *NetworkMapBuilder) generateResourcescached(
if peer == nil { if peer == nil {
continue continue
} }
if _, ok := peersExists[peer.ID]; !ok { if _, ok := peersExists[peer.ID]; !ok {
*peers = append(*peers, peer) *peers = append(*peers, peer)
peersExists[peer.ID] = struct{}{} peersExists[peer.ID] = struct{}{}
@@ -567,12 +578,12 @@ func (b *NetworkMapBuilder) buildPeerRoutesView(account *Account, peerID string)
if aclPeerID == peerID { if aclPeerID == peerID {
continue continue
} }
activeRoutes, _ := b.getRoutingPeerRoutes(aclPeerID) activeRoutes, _ := b.getRoutingPeerRoutes(aclPeerID)
groupFilteredRoutes := account.filterRoutesByGroups(activeRoutes, peerGroupsMap) groupFilteredRoutes := account.filterRoutesByGroups(activeRoutes, peerGroupsMap)
haFilteredRoutes := account.filterRoutesFromPeersOfSameHAGroup(groupFilteredRoutes, peerRoutesMembership) haFilteredRoutes := account.filterRoutesFromPeersOfSameHAGroup(groupFilteredRoutes, peerRoutesMembership)
for _, inheritedRoute := range haFilteredRoutes { for _, inheritedRoute := range haFilteredRoutes {
view.InheritedRouteIDs = append(view.InheritedRouteIDs, inheritedRoute.ID)
b.cache.globalRoutes[inheritedRoute.ID] = inheritedRoute b.cache.globalRoutes[inheritedRoute.ID] = inheritedRoute
} }
} }
@@ -637,12 +648,11 @@ func (b *NetworkMapBuilder) getRoutingPeerRoutes(peerID string) (enabledRoutes [
newPeerRoute.PeerGroups = nil newPeerRoute.PeerGroups = nil
newPeerRoute.ID = route.ID(string(r.ID) + ":" + peerID) newPeerRoute.ID = route.ID(string(r.ID) + ":" + peerID)
takeRoute(newPeerRoute, peerID) takeRoute(newPeerRoute, peerID)
if r.Peer == peerID { }
}
for _, r := range b.cache.peerToRoutes[peerID] {
takeRoute(r.Copy(), peerID) takeRoute(r.Copy(), peerID)
} }
}
}
return enabledRoutes, disabledRoutes return enabledRoutes, disabledRoutes
} }
@@ -846,7 +856,7 @@ func (b *NetworkMapBuilder) GetPeerNetworkMap(
routesView := b.cache.peerRoutes[peerID] routesView := b.cache.peerRoutes[peerID]
dnsConfig := b.cache.peerDNS[peerID] dnsConfig := b.cache.peerDNS[peerID]
nm := b.assembleNetworkMap(account, aclView, routesView, dnsConfig, peersCustomZone, validatedPeers) nm := b.assembleNetworkMap(account, peer, aclView, routesView, dnsConfig, peersCustomZone, validatedPeers)
if metrics != nil { if metrics != nil {
objectCount := int64(len(nm.Peers) + len(nm.OfflinePeers) + len(nm.Routes) + len(nm.FirewallRules) + len(nm.RoutesFirewallRules)) objectCount := int64(len(nm.Peers) + len(nm.OfflinePeers) + len(nm.Routes) + len(nm.FirewallRules) + len(nm.RoutesFirewallRules))
@@ -863,7 +873,7 @@ func (b *NetworkMapBuilder) GetPeerNetworkMap(
} }
func (b *NetworkMapBuilder) assembleNetworkMap( func (b *NetworkMapBuilder) assembleNetworkMap(
account *Account, aclView *PeerACLView, routesView *PeerRoutesView, account *Account, peer *nbpeer.Peer, aclView *PeerACLView, routesView *PeerRoutesView,
dnsConfig *nbdns.Config, customZone nbdns.CustomZone, validatedPeers map[string]struct{}, dnsConfig *nbdns.Config, customZone nbdns.CustomZone, validatedPeers map[string]struct{},
) *NetworkMap { ) *NetworkMap {
@@ -889,7 +899,7 @@ func (b *NetworkMapBuilder) assembleNetworkMap(
} }
var routes []*route.Route var routes []*route.Route
allRouteIDs := slices.Concat(routesView.OwnRouteIDs, routesView.NetworkResourceIDs) allRouteIDs := slices.Concat(routesView.OwnRouteIDs, routesView.NetworkResourceIDs, routesView.InheritedRouteIDs)
for _, routeID := range allRouteIDs { for _, routeID := range allRouteIDs {
if route := b.cache.globalRoutes[routeID]; route != nil { if route := b.cache.globalRoutes[routeID]; route != nil {
@@ -913,7 +923,13 @@ func (b *NetworkMapBuilder) assembleNetworkMap(
finalDNSConfig := *dnsConfig finalDNSConfig := *dnsConfig
if finalDNSConfig.ServiceEnable && customZone.Domain != "" { if finalDNSConfig.ServiceEnable && customZone.Domain != "" {
finalDNSConfig.CustomZones = append(finalDNSConfig.CustomZones, customZone) var zones []nbdns.CustomZone
records := filterZoneRecordsForPeers(peer, customZone, peersToConnect)
zones = append(zones, nbdns.CustomZone{
Domain: customZone.Domain,
Records: records,
})
finalDNSConfig.CustomZones = zones
} }
return &NetworkMap{ return &NetworkMap{
@@ -1028,9 +1044,18 @@ func (b *NetworkMapBuilder) updateIndexesForNewPeer(account *Account, peerID str
if !r.Enabled || b.cache.globalRoutes[r.ID] != nil { if !r.Enabled || b.cache.globalRoutes[r.ID] != nil {
continue continue
} }
for _, groupID := range r.Groups { for _, groupID := range r.PeerGroups {
if !slices.Contains(b.cache.groupToRoutes[groupID], r) {
b.cache.groupToRoutes[groupID] = append(b.cache.groupToRoutes[groupID], r) b.cache.groupToRoutes[groupID] = append(b.cache.groupToRoutes[groupID], r)
} }
}
if r.Peer != "" {
if peer, ok := b.cache.globalPeers[r.Peer]; ok {
if !slices.Contains(b.cache.peerToRoutes[peer.ID], r) {
b.cache.peerToRoutes[peer.ID] = append(b.cache.peerToRoutes[peer.ID], r)
}
}
}
b.cache.globalRoutes[r.ID] = r b.cache.globalRoutes[r.ID] = r
} }