pkg: deduplicate peer IP addresses

We need to defensively deduplicate peer allowed IPs. If two peers claim the same IP, the WireGuard configuration could flap, causing the interface to churn.
2019-05-10 02:07:05 +02:00
parent 4d9c203603
commit 35390054ba
4 changed files with 215 additions and 20 deletions
--- a/pkg/wireguard/conf.go
+++ b/pkg/wireguard/conf.go
@@ -59,6 +59,20 @@ type Peer struct {
 	PublicKey           []byte
 }

+// DeduplicateIPs eliminates duplicate allowed IPs.
+func (p *Peer) DeduplicateIPs() {
+	var ips []*net.IPNet
+	seen := make(map[string]struct{})
+	for _, ip := range p.AllowedIPs {
+		if _, ok := seen[ip.String()]; ok {
+			continue
+		}
+		ips = append(ips, ip)
+		seen[ip.String()] = struct{}{}
+	}
+	p.AllowedIPs = ips
+}
+
 // Endpoint represents an `endpoint` key of a `peer` section.
 type Endpoint struct {
 	IP   net.IP