IPv6 support for outside (udp) (#369)

2021-03-18 20:37:24 -05:00
parent 9e94442ce7
commit 7073d204a8
34 changed files with 1726 additions and 732 deletions
--- a/config.go
+++ b/config.go
@ -235,13 +235,18 @@ func (c *Config) GetAllowList(k string, allowInterfaces bool) (*AllowList, error
 		return nil, fmt.Errorf("config `%s` has invalid type: %T", k, r)
 	}

-	tree := NewCIDRTree()
+	tree := NewCIDR6Tree()
 	var nameRules []AllowListNameRule

-	firstValue := true
-	allValuesMatch := true
-	defaultSet := false
-	var allValues bool
+	// Keep track of the rules we have added for both ipv4 and ipv6
+	type allowListRules struct {
+		firstValue     bool
+		allValuesMatch bool
+		defaultSet     bool
+		allValues      bool
+	}
+	rules4 := allowListRules{firstValue: true, allValuesMatch: true, defaultSet: false}
+	rules6 := allowListRules{firstValue: true, allValuesMatch: true, defaultSet: false}

 	for rawKey, rawValue := range rawMap {
 		rawCIDR, ok := rawKey.(string)
@ -276,31 +281,48 @@ func (c *Config) GetAllowList(k string, allowInterfaces bool) (*AllowList, error
 		// TODO: should we error on duplicate CIDRs in the config?
 		tree.AddCIDR(cidr, value)

-		if firstValue {
-			allValues = value
-			firstValue = false
+		maskBits, maskSize := cidr.Mask.Size()
+
+		var rules *allowListRules
+		if maskSize == 32 {
+			rules = &rules4
 		} else {
-			if value != allValues {
-				allValuesMatch = false
+			rules = &rules6
+		}
+
+		if rules.firstValue {
+			rules.allValues = value
+			rules.firstValue = false
+		} else {
+			if value != rules.allValues {
+				rules.allValuesMatch = false
 			}
 		}

-		// Check if this is 0.0.0.0/0
-		bits, size := cidr.Mask.Size()
-		if bits == 0 && size == 32 {
-			defaultSet = true
+		// Check if this is 0.0.0.0/0 or ::/0
+		if maskBits == 0 {
+			rules.defaultSet = true
 		}
 	}

-	if !defaultSet {
-		if allValuesMatch {
+	if !rules4.defaultSet {
+		if rules4.allValuesMatch {
 			_, zeroCIDR, _ := net.ParseCIDR("0.0.0.0/0")
-			tree.AddCIDR(zeroCIDR, !allValues)
+			tree.AddCIDR(zeroCIDR, !rules4.allValues)
 		} else {
 			return nil, fmt.Errorf("config `%s` contains both true and false rules, but no default set for 0.0.0.0/0", k)
 		}
 	}

+	if !rules6.defaultSet {
+		if rules6.allValuesMatch {
+			_, zeroCIDR, _ := net.ParseCIDR("::/0")
+			tree.AddCIDR(zeroCIDR, !rules6.allValues)
+		} else {
+			return nil, fmt.Errorf("config `%s` contains both true and false rules, but no default set for ::/0", k)
+		}
+	}
+
 	return &AllowList{cidrTree: tree, nameRules: nameRules}, nil
 }