Peer interface address should match server's prefix length (#177)

2025-02-26 05:49:14 +00:00 · 2023-10-20 04:53:51 +08:00 · 2023-10-20 04:53:51 +08:00 · 4c061a1aa9
commit 4c061a1aa9
parent 40cfcd67e9
4 changed files with 11 additions and 5 deletions
--- a/internal/app/wireguard/wireguard_interfaces.go
+++ b/internal/app/wireguard/wireguard_interfaces.go
@ -644,7 +644,7 @@ func (m Manager) importPeer(ctx context.Context, in *domain.Interface, p *domain
 	peer.InterfaceIdentifier = in.Identifier
 	peer.EndpointPublicKey = domain.StringConfigOption{Value: in.PublicKey, Overridable: true}
 	peer.AllowedIPsStr = domain.StringConfigOption{Value: in.PeerDefAllowedIPsStr, Overridable: true}
-	peer.Interface.Addresses = p.AllowedIPs // use allowed IP's as the peer IP's
+	peer.Interface.Addresses = p.AllowedIPs // use allowed IP's as the peer IP's TODO: Should this also match server interface address' prefix length?
 	peer.Interface.DnsStr = domain.StringConfigOption{Value: in.PeerDefDnsStr, Overridable: true}
 	peer.Interface.DnsSearchStr = domain.StringConfigOption{Value: in.PeerDefDnsSearchStr, Overridable: true}
 	peer.Interface.Mtu = domain.IntConfigOption{Value: in.PeerDefMtu, Overridable: true}
--- a/internal/app/wireguard/wireguard_peers.go
+++ b/internal/app/wireguard/wireguard_peers.go
@ -310,8 +310,9 @@ func (m Manager) getFreshPeerIpConfig(ctx context.Context, iface *domain.Interfa
 		for {
 			ipConflict := false
 			for _, usedIp := range existingIps[network] {
-				if usedIp == ip {
+				if usedIp.Addr == ip.Addr {
 					ipConflict = true
+					break
 				}
 			}

@ -326,7 +327,7 @@ func (m Manager) getFreshPeerIpConfig(ctx context.Context, iface *domain.Interfa
 			}
 		}

-		ips = append(ips, ip.HostAddr())
+		ips = append(ips, ip)
 	}

 	return
--- a/internal/domain/interface.go
+++ b/internal/domain/interface.go
@ -103,7 +103,9 @@ func (i *Interface) GetAllowedIPs(peers []Peer) []Cidr {
 	var allowedCidrs []Cidr

 	for _, peer := range peers {
-		allowedCidrs = append(allowedCidrs, peer.Interface.Addresses...)
+		for _, ip := range peer.Interface.Addresses {
+			allowedCidrs = append(allowedCidrs, ip.HostAddr())
+		}
 		if peer.ExtraAllowedIPsStr != "" {
 			extraIPs, err := CidrsFromString(peer.ExtraAllowedIPsStr)
 			if err == nil {
--- a/internal/domain/peer.go
+++ b/internal/domain/peer.go
@ -228,7 +228,10 @@ func MergeToPhysicalPeer(pp *PhysicalPeer, p *Peer) {
 		extraAllowedIPs, _ := CidrsFromString(p.ExtraAllowedIPsStr)
 		pp.AllowedIPs = append(allowedIPs, extraAllowedIPs...)
 	} else {
-		allowedIPs := p.Interface.Addresses
+		allowedIPs := make([]Cidr, len(p.Interface.Addresses))
+		for i, ip := range p.Interface.Addresses {
+			allowedIPs[i] = ip.HostAddr()
+		}
 		extraAllowedIPs, _ := CidrsFromString(p.ExtraAllowedIPsStr)
 		pp.AllowedIPs = append(allowedIPs, extraAllowedIPs...)
 	}