migrate to golang.zx2c4.com/wireguard/wgctrl
This commit introduces the usage of wgctrl. It avoids the usage of exec calls of the wg command and parsing the output of `wg show`. Signed-off-by: leonnicolas <leonloechner@gmx.de>
This commit is contained in:
leonnicolas
@@ -1,4 +1,4 @@
|
||||
// Copyright 2019 the Kilo authors
|
||||
// Copyright 2021 the Kilo authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
@@ -15,14 +15,15 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
@@ -47,7 +48,7 @@ var (
|
||||
}, ", ")
|
||||
allowedIPs []string
|
||||
showConfOpts struct {
|
||||
allowedIPs []*net.IPNet
|
||||
allowedIPs []net.IPNet
|
||||
serializer *json.Serializer
|
||||
output string
|
||||
asPeer bool
|
||||
@@ -89,7 +90,7 @@ func runShowConf(c *cobra.Command, args []string) error {
|
||||
if err != nil {
|
||||
return fmt.Errorf("allowed-ips must contain only valid CIDRs; got %q", allowedIPs[i])
|
||||
}
|
||||
showConfOpts.allowedIPs = append(showConfOpts.allowedIPs, aip)
|
||||
showConfOpts.allowedIPs = append(showConfOpts.allowedIPs, *aip)
|
||||
}
|
||||
return runRoot(c, args)
|
||||
}
|
||||
@@ -151,14 +152,14 @@ func runShowConfNode(_ *cobra.Command, args []string) error {
|
||||
}
|
||||
}
|
||||
|
||||
t, err := mesh.NewTopology(nodes, peers, opts.granularity, hostname, opts.port, []byte{}, subnet, nodes[hostname].PersistentKeepalive, nil)
|
||||
t, err := mesh.NewTopology(nodes, peers, opts.granularity, hostname, int(opts.port), wgtypes.Key{}, subnet, nodes[hostname].PersistentKeepalive, nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create topology: %v", err)
|
||||
}
|
||||
|
||||
var found bool
|
||||
for _, p := range t.PeerConf("").Peers {
|
||||
if bytes.Equal(p.PublicKey, nodes[hostname].Key) {
|
||||
if p.PublicKey == nodes[hostname].Key {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
@@ -184,7 +185,7 @@ func runShowConfNode(_ *cobra.Command, args []string) error {
|
||||
p := t.AsPeer()
|
||||
p.AllowedIPs = append(p.AllowedIPs, showConfOpts.allowedIPs...)
|
||||
p.DeduplicateIPs()
|
||||
k8sp := translatePeer(p)
|
||||
k8sp := translatePeer(&p)
|
||||
k8sp.Name = hostname
|
||||
return showConfOpts.serializer.Encode(k8sp, os.Stdout)
|
||||
case outputFormatWireGuard:
|
||||
@@ -192,7 +193,7 @@ func runShowConfNode(_ *cobra.Command, args []string) error {
|
||||
p.AllowedIPs = append(p.AllowedIPs, showConfOpts.allowedIPs...)
|
||||
p.DeduplicateIPs()
|
||||
c, err := (&wireguard.Conf{
|
||||
Peers: []*wireguard.Peer{p},
|
||||
Peers: []wireguard.Peer{p},
|
||||
}).Bytes()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to generate configuration: %v", err)
|
||||
@@ -244,7 +245,11 @@ func runShowConfPeer(_ *cobra.Command, args []string) error {
|
||||
return fmt.Errorf("did not find any peer named %q in the cluster", peer)
|
||||
}
|
||||
|
||||
t, err := mesh.NewTopology(nodes, peers, opts.granularity, hostname, mesh.DefaultKiloPort, []byte{}, subnet, peers[peer].PersistentKeepalive, nil)
|
||||
pka := time.Duration(0)
|
||||
if p := peers[peer].PersistentKeepaliveInterval; p != nil {
|
||||
pka = *p
|
||||
}
|
||||
t, err := mesh.NewTopology(nodes, peers, opts.granularity, hostname, mesh.DefaultKiloPort, wgtypes.Key{}, subnet, pka, nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create topology: %v", err)
|
||||
}
|
||||
@@ -272,7 +277,7 @@ func runShowConfPeer(_ *cobra.Command, args []string) error {
|
||||
p.AllowedIPs = append(p.AllowedIPs, showConfOpts.allowedIPs...)
|
||||
p.DeduplicateIPs()
|
||||
c, err := (&wireguard.Conf{
|
||||
Peers: []*wireguard.Peer{p},
|
||||
Peers: []wireguard.Peer{*p},
|
||||
}).Bytes()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to generate configuration: %v", err)
|
||||
@@ -291,36 +296,37 @@ func translatePeer(peer *wireguard.Peer) *v1alpha1.Peer {
|
||||
var aips []string
|
||||
for _, aip := range peer.AllowedIPs {
|
||||
// Skip any invalid IPs.
|
||||
if aip == nil {
|
||||
// TODO all IPs should be valid, so no need to skip here?
|
||||
if aip.String() == (&net.IPNet{}).String() {
|
||||
continue
|
||||
}
|
||||
aips = append(aips, aip.String())
|
||||
}
|
||||
var endpoint *v1alpha1.PeerEndpoint
|
||||
if peer.Endpoint != nil && peer.Endpoint.Port > 0 && (peer.Endpoint.IP != nil || peer.Endpoint.DNS != "") {
|
||||
if peer.KiloEndpoint != nil && peer.KiloEndpoint.Port > 0 && (peer.KiloEndpoint.IP != nil || peer.KiloEndpoint.DNS != "") {
|
||||
var ip string
|
||||
if peer.Endpoint.IP != nil {
|
||||
ip = peer.Endpoint.IP.String()
|
||||
if peer.KiloEndpoint.IP != nil {
|
||||
ip = peer.KiloEndpoint.IP.String()
|
||||
}
|
||||
endpoint = &v1alpha1.PeerEndpoint{
|
||||
DNSOrIP: v1alpha1.DNSOrIP{
|
||||
DNS: peer.Endpoint.DNS,
|
||||
DNS: peer.KiloEndpoint.DNS,
|
||||
IP: ip,
|
||||
},
|
||||
Port: peer.Endpoint.Port,
|
||||
Port: uint32(peer.KiloEndpoint.Port),
|
||||
}
|
||||
}
|
||||
var key string
|
||||
if len(peer.PublicKey) > 0 {
|
||||
key = string(peer.PublicKey)
|
||||
if peer.PublicKey != (wgtypes.Key{}) {
|
||||
key = peer.PublicKey.String()
|
||||
}
|
||||
var psk string
|
||||
if len(peer.PresharedKey) > 0 {
|
||||
psk = string(peer.PresharedKey)
|
||||
if peer.PresharedKey != nil {
|
||||
psk = peer.PresharedKey.String()
|
||||
}
|
||||
var pka int
|
||||
if peer.PersistentKeepalive > 0 {
|
||||
pka = peer.PersistentKeepalive
|
||||
if peer.PersistentKeepaliveInterval != nil && *peer.PersistentKeepaliveInterval > time.Duration(0) {
|
||||
pka = int(*peer.PersistentKeepaliveInterval)
|
||||
}
|
||||
return &v1alpha1.Peer{
|
||||
TypeMeta: metav1.TypeMeta{
|
||||
|
||||
Reference in New Issue
Block a user