kilo/pkg/mesh/graph.go

198 lines
6.4 KiB
Go
Raw Normal View History

migrate to golang.zx2c4.com/wireguard/wgctrl (#239) * migrate to golang.zx2c4.com/wireguard/wgctrl This commit introduces the usage of wgctrl. It avoids the usage of exec calls of the wg command and parsing the output of `wg show`. Signed-off-by: leonnicolas <leonloechner@gmx.de> * vendor wgctrl Signed-off-by: leonnicolas <leonloechner@gmx.de> * apply suggestions from code review Remove wireguard.Enpoint struct and use net.UDPAddr for the resolved endpoint and addr string (dnsanme:port) if a DN was supplied. Signed-off-by: leonnicolas <leonloechner@gmx.de> * pkg/*: use wireguard.Enpoint This commit introduces the wireguard.Enpoint struct. It encapsulates a DN name with port and a net.UPDAddr. The fields are private and only accessible over exported Methods to avoid accidental modification. Also iptables.GetProtocol is improved to avoid ipv4 rules being applied by `ip6tables`. Signed-off-by: leonnicolas <leonloechner@gmx.de> * pkg/wireguard/conf_test.go: add tests for Endpoint Signed-off-by: leonnicolas <leonloechner@gmx.de> * cmd/kg/main.go: validate port range Signed-off-by: leonnicolas <leonloechner@gmx.de> * add suggestions from review Signed-off-by: leonnicolas <leonloechner@gmx.de> * pkg/mesh/mesh.go: use Equal func Implement an Equal func for Enpoint and use it instead of comparing strings. Signed-off-by: leonnicolas <leonloechner@gmx.de> * cmd/kgctl/main.go: check port range Signed-off-by: leonnicolas <leonloechner@gmx.de> * vendor Signed-off-by: leonnicolas <leonloechner@gmx.de>
2022-01-30 16:38:45 +00:00
// Copyright 2021 the Kilo authors
2019-01-18 01:50:10 +00:00
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package mesh
import (
"fmt"
"net"
"strings"
2019-01-18 01:50:10 +00:00
"github.com/awalterschulze/gographviz"
migrate to golang.zx2c4.com/wireguard/wgctrl (#239) * migrate to golang.zx2c4.com/wireguard/wgctrl This commit introduces the usage of wgctrl. It avoids the usage of exec calls of the wg command and parsing the output of `wg show`. Signed-off-by: leonnicolas <leonloechner@gmx.de> * vendor wgctrl Signed-off-by: leonnicolas <leonloechner@gmx.de> * apply suggestions from code review Remove wireguard.Enpoint struct and use net.UDPAddr for the resolved endpoint and addr string (dnsanme:port) if a DN was supplied. Signed-off-by: leonnicolas <leonloechner@gmx.de> * pkg/*: use wireguard.Enpoint This commit introduces the wireguard.Enpoint struct. It encapsulates a DN name with port and a net.UPDAddr. The fields are private and only accessible over exported Methods to avoid accidental modification. Also iptables.GetProtocol is improved to avoid ipv4 rules being applied by `ip6tables`. Signed-off-by: leonnicolas <leonloechner@gmx.de> * pkg/wireguard/conf_test.go: add tests for Endpoint Signed-off-by: leonnicolas <leonloechner@gmx.de> * cmd/kg/main.go: validate port range Signed-off-by: leonnicolas <leonloechner@gmx.de> * add suggestions from review Signed-off-by: leonnicolas <leonloechner@gmx.de> * pkg/mesh/mesh.go: use Equal func Implement an Equal func for Enpoint and use it instead of comparing strings. Signed-off-by: leonnicolas <leonloechner@gmx.de> * cmd/kgctl/main.go: check port range Signed-off-by: leonnicolas <leonloechner@gmx.de> * vendor Signed-off-by: leonnicolas <leonloechner@gmx.de>
2022-01-30 16:38:45 +00:00
"github.com/squat/kilo/pkg/wireguard"
2019-01-18 01:50:10 +00:00
)
// Dot generates a Graphviz graph of the Topology in DOT fomat.
func (t *Topology) Dot() (string, error) {
g := gographviz.NewGraph()
g.Name = "kilo"
if err := g.AddAttr("kilo", string(gographviz.Label), graphEscape((&net.IPNet{IP: t.wireGuardCIDR.IP.Mask(t.wireGuardCIDR.Mask), Mask: t.wireGuardCIDR.Mask}).String())); err != nil {
2019-01-18 01:50:10 +00:00
return "", fmt.Errorf("failed to add label to graph")
}
if err := g.AddAttr("kilo", string(gographviz.LabelLOC), "t"); err != nil {
return "", fmt.Errorf("failed to add label location to graph")
}
2019-05-07 14:36:02 +00:00
if err := g.AddAttr("kilo", string(gographviz.OutputOrder), "nodesfirst"); err != nil {
return "", fmt.Errorf("failed to set output ordering")
}
2019-01-18 01:50:10 +00:00
if err := g.AddAttr("kilo", string(gographviz.Overlap), "false"); err != nil {
return "", fmt.Errorf("failed to disable graph overlap")
}
if err := g.SetDir(true); err != nil {
return "", fmt.Errorf("failed to set direction")
}
leaders := make([]string, len(t.segments))
2019-01-18 01:50:10 +00:00
nodeAttrs := map[string]string{
string(gographviz.Shape): "ellipse",
}
2019-05-07 14:36:02 +00:00
for i, s := range t.segments {
location := s.location
plainConnection := false
if s.nodeLocation != "" {
location = s.nodeLocation
plainConnection = true
}
if err := g.AddSubGraph("kilo", subGraphName(location), nil); err != nil {
2019-01-18 01:50:10 +00:00
return "", fmt.Errorf("failed to add subgraph")
}
if err := g.AddAttr(subGraphName(location), string(gographviz.Label), graphEscape(location)); err != nil {
2019-01-18 01:50:10 +00:00
return "", fmt.Errorf("failed to add label to subgraph")
}
if err := g.AddAttr(subGraphName(location), string(gographviz.Style), `"dashed,rounded"`); err != nil {
2019-01-18 01:50:10 +00:00
return "", fmt.Errorf("failed to add style to subgraph")
}
for j := range s.cidrs {
if err := g.AddNode(subGraphName(location), graphEscape(s.hostnames[j]), nodeAttrs); err != nil {
2019-01-18 01:50:10 +00:00
return "", fmt.Errorf("failed to add node to subgraph")
}
var wg net.IP
var endpoint *wireguard.Endpoint
2019-01-18 01:50:10 +00:00
if j == s.leader {
wg = s.wireGuardIP
endpoint = s.endpoint
2019-01-18 01:50:10 +00:00
if err := g.Nodes.Lookup[graphEscape(s.hostnames[j])].Attrs.Add(string(gographviz.Rank), "1"); err != nil {
return "", fmt.Errorf("failed to add rank to node")
}
}
var priv net.IP
if s.privateIPs != nil {
priv = s.privateIPs[j]
}
if err := g.Nodes.Lookup[graphEscape(s.hostnames[j])].Attrs.Add(string(gographviz.Label), nodeLabel(location, s.hostnames[j], s.cidrs[j], priv, wg, endpoint)); err != nil {
2019-01-18 01:50:10 +00:00
return "", fmt.Errorf("failed to add label to node")
}
}
meshSubGraph(g, g.Relations.SortedChildren(subGraphName(location)), s.leader, plainConnection, nil)
2019-01-18 01:50:10 +00:00
leaders[i] = graphEscape(s.hostnames[s.leader])
}
2019-05-07 14:36:02 +00:00
meshGraph(g, leaders, nil)
2019-09-23 15:54:16 +00:00
if err := g.AddSubGraph("kilo", graphEscape("cluster_peers"), nil); err != nil {
return "", fmt.Errorf("failed to add peer subgraph")
}
if err := g.AddAttr(graphEscape("cluster_peers"), string(gographviz.Label), graphEscape("peers")); err != nil {
return "", fmt.Errorf("failed to add label to peer subgraph")
}
if err := g.AddAttr(graphEscape("cluster_peers"), string(gographviz.Style), `"dashed,rounded"`); err != nil {
return "", fmt.Errorf("failed to add style to peer subgraph")
}
for j := range t.peers {
if err := g.AddNode(graphEscape("cluster_peers"), graphEscape(t.peers[j].Name), nodeAttrs); err != nil {
return "", fmt.Errorf("failed to add peer node to peer subgraph")
}
if err := g.Nodes.Lookup[graphEscape(t.peers[j].Name)].Attrs.Add(string(gographviz.Label), peerLabel(t.peers[j])); err != nil {
return "", fmt.Errorf("failed to add label to peer node")
}
}
meshPeers(g, leaders, g.Relations.SortedChildren(graphEscape("cluster_peers")), nil)
2019-01-18 01:50:10 +00:00
return g.String(), nil
}
2019-05-07 14:36:02 +00:00
func meshGraph(g *gographviz.Graph, nodes []string, attrs gographviz.Attrs) {
if attrs == nil {
attrs = make(gographviz.Attrs)
attrs[gographviz.Dir] = "both"
}
for i := range nodes {
for j := i + 1; j < len(nodes); j++ {
if i == j {
continue
}
dsts := g.Edges.SrcToDsts[nodes[i]]
if dsts != nil && len(dsts[nodes[j]]) != 0 {
// nodes already connected via plain connection
continue
}
2019-05-07 14:36:02 +00:00
g.Edges.Add(&gographviz.Edge{Src: nodes[i], Dst: nodes[j], Dir: true, Attrs: attrs})
}
}
}
func meshSubGraph(g *gographviz.Graph, nodes []string, leader int, plainConnection bool, attrs gographviz.Attrs) {
2019-05-07 14:36:02 +00:00
if attrs == nil {
attrs = make(gographviz.Attrs)
attrs[gographviz.Dir] = "both"
if plainConnection {
attrs[gographviz.Style] = "dotted"
attrs[gographviz.ArrowHead] = "none"
attrs[gographviz.ArrowTail] = "none"
}
2019-05-07 14:36:02 +00:00
}
2019-01-18 01:50:10 +00:00
for i := range nodes {
if i == leader {
continue
}
2019-05-07 14:36:02 +00:00
g.Edges.Add(&gographviz.Edge{Src: nodes[leader], Dst: nodes[i], Dir: true, Attrs: attrs})
2019-01-18 01:50:10 +00:00
}
}
2019-09-23 15:54:16 +00:00
func meshPeers(g *gographviz.Graph, nodes, peers []string, attrs gographviz.Attrs) {
if attrs == nil {
attrs = make(gographviz.Attrs)
attrs[gographviz.Dir] = "both"
attrs[gographviz.Style] = "dashed"
}
for i := range nodes {
for j := range peers {
g.Edges.Add(&gographviz.Edge{Src: nodes[i], Dst: peers[j], Dir: true, Attrs: attrs})
}
}
}
2019-01-18 01:50:10 +00:00
func graphEscape(s string) string {
return fmt.Sprintf("\"%s\"", s)
}
func subGraphName(name string) string {
2019-09-23 15:54:16 +00:00
return graphEscape(fmt.Sprintf("cluster_location_%s", name))
2019-01-18 01:50:10 +00:00
}
func nodeLabel(location, name string, cidr *net.IPNet, priv, wgIP net.IP, endpoint *wireguard.Endpoint) string {
label := []string{
location,
name,
cidr.String(),
}
if priv != nil {
label = append(label, priv.String())
}
2019-01-18 01:50:10 +00:00
if wgIP != nil {
label = append(label, wgIP.String())
}
migrate to golang.zx2c4.com/wireguard/wgctrl (#239) * migrate to golang.zx2c4.com/wireguard/wgctrl This commit introduces the usage of wgctrl. It avoids the usage of exec calls of the wg command and parsing the output of `wg show`. Signed-off-by: leonnicolas <leonloechner@gmx.de> * vendor wgctrl Signed-off-by: leonnicolas <leonloechner@gmx.de> * apply suggestions from code review Remove wireguard.Enpoint struct and use net.UDPAddr for the resolved endpoint and addr string (dnsanme:port) if a DN was supplied. Signed-off-by: leonnicolas <leonloechner@gmx.de> * pkg/*: use wireguard.Enpoint This commit introduces the wireguard.Enpoint struct. It encapsulates a DN name with port and a net.UPDAddr. The fields are private and only accessible over exported Methods to avoid accidental modification. Also iptables.GetProtocol is improved to avoid ipv4 rules being applied by `ip6tables`. Signed-off-by: leonnicolas <leonloechner@gmx.de> * pkg/wireguard/conf_test.go: add tests for Endpoint Signed-off-by: leonnicolas <leonloechner@gmx.de> * cmd/kg/main.go: validate port range Signed-off-by: leonnicolas <leonloechner@gmx.de> * add suggestions from review Signed-off-by: leonnicolas <leonloechner@gmx.de> * pkg/mesh/mesh.go: use Equal func Implement an Equal func for Enpoint and use it instead of comparing strings. Signed-off-by: leonnicolas <leonloechner@gmx.de> * cmd/kgctl/main.go: check port range Signed-off-by: leonnicolas <leonloechner@gmx.de> * vendor Signed-off-by: leonnicolas <leonloechner@gmx.de>
2022-01-30 16:38:45 +00:00
str := endpoint.String()
if str != "" {
label = append(label, str)
2019-01-18 01:50:10 +00:00
}
return graphEscape(strings.Join(label, "\\n"))
2019-01-18 01:50:10 +00:00
}
2019-09-23 15:54:16 +00:00
func peerLabel(peer *Peer) string {
return graphEscape(fmt.Sprintf("%s\\n%s\n", peer.Name, peer.Endpoint.String()))
2019-09-23 15:54:16 +00:00
}