change ip assignment to support ipv6 overlay
This commit is contained in:
Leo Antunes
parent
c1a3cc33f4
commit
b8e729298c
|
|
@ -5,7 +5,6 @@
|
||||||
*.so
|
*.so
|
||||||
*.dylib
|
*.dylib
|
||||||
wesher
|
wesher
|
||||||
wg
|
|
||||||
|
|
||||||
# Test binary, build with `go test -c`
|
# Test binary, build with `go test -c`
|
||||||
*.test
|
*.test
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# docker run --rm -it --hostname test3 --name test3 --network wesher_test --volume `pwd`:/app golang:1.12-alpine
|
||||||
|
# cd /app
|
||||||
|
# apk add git
|
||||||
|
# export PATH=/app:$PATH
|
||||||
|
# go run . --loglevel debug --clusterkey 'ILICZ3yBMCGAWNIq5Pn0bewBVimW3Q2yRVJ/Be+b1Uc='
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
genkey)
|
||||||
|
echo "ILICZ3yBMCGAWNIq5Pn0bewBVimW3Q2yRVJ/Be+b1Uc="
|
||||||
|
;;
|
||||||
|
pubkey)
|
||||||
|
read x
|
||||||
|
echo "VceweY6x/QdGXEQ6frXrSd8CwUAInUmqIc6G/qi8FHo="
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
27
wireguard.go
27
wireguard.go
|
|
@ -1,8 +1,8 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/md5"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"hash/fnv"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
|
@ -33,8 +33,11 @@ type wgState struct {
|
||||||
PubKey string
|
PubKey string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var wgPath = "wg"
|
||||||
|
var wgQuickPath = "wg-quick"
|
||||||
|
|
||||||
func newWGConfig(iface string, port int) (*wgState, error) {
|
func newWGConfig(iface string, port int) (*wgState, error) {
|
||||||
if err := exec.Command("wg").Run(); err != nil {
|
if err := exec.Command(wgPath).Run(); err != nil {
|
||||||
return nil, fmt.Errorf("could not exec wireguard: %s", err)
|
return nil, fmt.Errorf("could not exec wireguard: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -54,16 +57,18 @@ func newWGConfig(iface string, port int) (*wgState, error) {
|
||||||
|
|
||||||
func (wg *wgState) assignOverlayAddr(ipnet *net.IPNet, name string) {
|
func (wg *wgState) assignOverlayAddr(ipnet *net.IPNet, name string) {
|
||||||
// TODO: this is way too brittle and opaque
|
// TODO: this is way too brittle and opaque
|
||||||
ip := []byte(ipnet.IP)
|
|
||||||
bits, size := ipnet.Mask.Size()
|
bits, size := ipnet.Mask.Size()
|
||||||
|
ip := make([]byte, net.IPv6len)
|
||||||
|
copy(ip, []byte(ipnet.IP))
|
||||||
|
|
||||||
h := md5.New()
|
h := fnv.New128a()
|
||||||
h.Write([]byte(name))
|
h.Write([]byte(name))
|
||||||
hb := h.Sum(nil)
|
hb := h.Sum(nil)
|
||||||
|
|
||||||
for i := 0; i < (size-bits)/8; i++ {
|
for i := 1; i <= (size-bits)/8; i++ {
|
||||||
ip[size/8-i-1] = hb[i]
|
ip[len(ip)-i] = hb[len(hb)-i]
|
||||||
}
|
}
|
||||||
|
|
||||||
wg.OverlayAddr = net.IP(ip)
|
wg.OverlayAddr = net.IP(ip)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -84,25 +89,25 @@ func (wg *wgState) writeConf(nodes []node) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (wg *wgState) downInterface() error {
|
func (wg *wgState) downInterface() error {
|
||||||
if err := exec.Command("wg", "show", wg.iface).Run(); err != nil {
|
if err := exec.Command(wgPath, "show", wg.iface).Run(); err != nil {
|
||||||
return nil // assume a failure means the interface is not there
|
return nil // assume a failure means the interface is not there
|
||||||
}
|
}
|
||||||
return exec.Command("wg-quick", "down", wg.iface).Run()
|
return exec.Command(wgQuickPath, "down", wg.iface).Run()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (wg *wgState) upInterface() error {
|
func (wg *wgState) upInterface() error {
|
||||||
return exec.Command("wg-quick", "up", wg.iface).Run()
|
return exec.Command(wgQuickPath, "up", wg.iface).Run()
|
||||||
}
|
}
|
||||||
|
|
||||||
func wgKeyPair() (string, string, error) {
|
func wgKeyPair() (string, string, error) {
|
||||||
cmd := exec.Command("wg", "genkey")
|
cmd := exec.Command(wgPath, "genkey")
|
||||||
outPriv := strings.Builder{}
|
outPriv := strings.Builder{}
|
||||||
cmd.Stdout = &outPriv
|
cmd.Stdout = &outPriv
|
||||||
if err := cmd.Run(); err != nil {
|
if err := cmd.Run(); err != nil {
|
||||||
return "", "", err
|
return "", "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd = exec.Command("wg", "pubkey")
|
cmd = exec.Command(wgPath, "pubkey")
|
||||||
outPub := strings.Builder{}
|
outPub := strings.Builder{}
|
||||||
cmd.Stdout = &outPub
|
cmd.Stdout = &outPub
|
||||||
cmd.Stdin = strings.NewReader(outPriv.String())
|
cmd.Stdin = strings.NewReader(outPriv.String())
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,87 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net"
|
||||||
|
"reflect"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
wgPath = "tests/wg"
|
||||||
|
wgQuickPath = "tests/wg-quick"
|
||||||
|
}
|
||||||
|
|
||||||
|
func Test_wgKeyPair(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
want string
|
||||||
|
want1 string
|
||||||
|
wantErr bool
|
||||||
|
}{
|
||||||
|
// see tests/wg for values
|
||||||
|
{"generate fixed values", "ILICZ3yBMCGAWNIq5Pn0bewBVimW3Q2yRVJ/Be+b1Uc=", "VceweY6x/QdGXEQ6frXrSd8CwUAInUmqIc6G/qi8FHo=", false},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
got, got1, err := wgKeyPair()
|
||||||
|
if (err != nil) != tt.wantErr {
|
||||||
|
t.Errorf("wgKeyPair() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if got != tt.want {
|
||||||
|
t.Errorf("wgKeyPair() got = %v, want %v", got, tt.want)
|
||||||
|
}
|
||||||
|
if got1 != tt.want1 {
|
||||||
|
t.Errorf("wgKeyPair() got1 = %v, want %v", got1, tt.want1)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func Test_wgState_assignOverlayAddr(t *testing.T) {
|
||||||
|
type args struct {
|
||||||
|
ipnet *net.IPNet
|
||||||
|
name string
|
||||||
|
}
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
args args
|
||||||
|
want net.IP
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
"assign in big ipv4 net",
|
||||||
|
args{&net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(8, 32)}, "test"},
|
||||||
|
net.ParseIP("10.221.153.165"), // if we ever have to change this, we should probably also mark it as a breaking change
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"assign in ipv6 net",
|
||||||
|
args{&net.IPNet{IP: net.ParseIP("2001:db8::"), Mask: net.CIDRMask(32, 128)}, "test"},
|
||||||
|
net.ParseIP("2001:db8:c575:7277:b806:e994:13dd:99a5"), // if we ever have to change this, we should probably also mark it as a breaking change
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
wg := &wgState{}
|
||||||
|
wg.assignOverlayAddr(tt.args.ipnet, tt.args.name)
|
||||||
|
|
||||||
|
if !reflect.DeepEqual(wg.OverlayAddr, tt.want) {
|
||||||
|
t.Errorf("assignOverlayAddr() set = %s, want %s", wg.OverlayAddr, tt.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// This is just to ensure - if we ever change the hashing function - that it spreads the results in a way that at least
|
||||||
|
// avoids the most obvious collisions.
|
||||||
|
func Test_wgState_assignOverlayAddr_no_obvious_collisions(t *testing.T) {
|
||||||
|
ipnet := &net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(24, 32)}
|
||||||
|
assignments := make(map[string]string)
|
||||||
|
for _, n := range []string{"test", "test1", "test2", "1test", "2test"} {
|
||||||
|
wg := &wgState{}
|
||||||
|
wg.assignOverlayAddr(ipnet, n)
|
||||||
|
if assigned, ok := assignments[wg.OverlayAddr.String()]; ok {
|
||||||
|
t.Errorf("IP assignment collision: hash(%s) = hash(%s)", n, assigned)
|
||||||
|
}
|
||||||
|
assignments[wg.OverlayAddr.String()] = n
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue