|
|
|
@ -6,6 +6,7 @@ import (
|
|
|
|
|
"net/netip" |
|
|
|
|
"strconv" |
|
|
|
|
|
|
|
|
|
"darvaza.org/core" |
|
|
|
|
"git.jpi.io/amery/jpictl/pkg/rings" |
|
|
|
|
"git.jpi.io/amery/jpictl/pkg/wireguard" |
|
|
|
|
) |
|
|
|
@ -225,13 +226,21 @@ func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) {
|
|
|
|
|
rp.AllowCIDR(rp.Address, 32) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// revive:disable:cognitive-complexity
|
|
|
|
|
func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) { |
|
|
|
|
// revive:enable:cognitive-complexity
|
|
|
|
|
regionID, zoneID, _, _ := r.Decode(rp.Address) |
|
|
|
|
|
|
|
|
|
// peer
|
|
|
|
|
rp.AllowCIDR(rp.Address, 32) |
|
|
|
|
|
|
|
|
|
// ring1 gateways connect to all other ring1 networks
|
|
|
|
|
m, ok := r.ZoneIterator.(RegionIterator) |
|
|
|
|
if !ok { |
|
|
|
|
panic("Cannot iterate Region from Zone") |
|
|
|
|
} |
|
|
|
|
m.ForEachRegion(func(r2 *Region) bool { |
|
|
|
|
if r2.IsPrimary() { |
|
|
|
|
r.ForEachZone(func(z *Zone) bool { |
|
|
|
|
if !z.Is(regionID, zoneID) { |
|
|
|
|
subnet := z.RingOnePrefix() |
|
|
|
@ -239,6 +248,9 @@ func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) {
|
|
|
|
|
} |
|
|
|
|
return false |
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
return false |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
// ring1 gateways also connect to all ring0 addresses
|
|
|
|
|
r.ForEachZone(func(z *Zone) bool { |
|
|
|
@ -316,7 +328,9 @@ func (rp *RingPeer) AllowCIDR(addr netip.Addr, bits int) {
|
|
|
|
|
|
|
|
|
|
// AllowSubnet allows an IP range via this peer
|
|
|
|
|
func (rp *RingPeer) AllowSubnet(subnet netip.Prefix) { |
|
|
|
|
if !core.SliceContains(rp.PeerConfig.AllowedIPs, subnet) { |
|
|
|
|
rp.PeerConfig.AllowedIPs = append(rp.PeerConfig.AllowedIPs, subnet) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// NewRing composes a new Ring for Wireguard setup
|
|
|
|
|