mirror of
https://github.com/luscis/openlan.git
synced 2025-10-07 09:30:54 +08:00
fea: support share network to a port.
This commit is contained in:
Daniel Ding
@@ -2,7 +2,7 @@ package config
|
|||||||
|
|
||||||
type Bridge struct {
|
type Bridge struct {
|
||||||
Network string `json:"-" yaml:"-"`
|
Network string `json:"-" yaml:"-"`
|
||||||
Peer string `json:"peer,omitempty" yaml:"peer,omitempty"`
|
Share string `json:"share,omitempty" yaml:"share,omitempty"`
|
||||||
Name string `json:"name,omitempty" yaml:"name,omitempty"`
|
Name string `json:"name,omitempty" yaml:"name,omitempty"`
|
||||||
IPMtu int `json:"mtu,omitempty" yaml:"mtu,omitempty"`
|
IPMtu int `json:"mtu,omitempty" yaml:"mtu,omitempty"`
|
||||||
Address string `json:"address,omitempty" yaml:"address,omitempty"`
|
Address string `json:"address,omitempty" yaml:"address,omitempty"`
|
||||||
|
|||||||
@@ -74,21 +74,6 @@ func (w *WorkerImpl) Provider() string {
|
|||||||
return w.cfg.Provider
|
return w.cfg.Provider
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *WorkerImpl) newRoute(rt *co.PrefixRoute) *models.Route {
|
|
||||||
if rt.NextHop == "" {
|
|
||||||
w.out.Warn("WorkerImpl.NewRoute: %s noNextHop", rt.Prefix)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
rte := models.NewRoute(rt.Prefix, w.IfAddr())
|
|
||||||
if rt.Metric > 0 {
|
|
||||||
rte.Metric = rt.Metric
|
|
||||||
}
|
|
||||||
if rt.NextHop != "" {
|
|
||||||
rte.Origin = rt.NextHop
|
|
||||||
}
|
|
||||||
return rte
|
|
||||||
}
|
|
||||||
|
|
||||||
func (w *WorkerImpl) Initialize() {
|
func (w *WorkerImpl) Initialize() {
|
||||||
cfg := w.cfg
|
cfg := w.cfg
|
||||||
|
|
||||||
@@ -119,12 +104,8 @@ func (w *WorkerImpl) Initialize() {
|
|||||||
w.fire = cn.NewFireWallTable(cfg.Name)
|
w.fire = cn.NewFireWallTable(cfg.Name)
|
||||||
w.snat = cn.NewFireWallChain("XTT_"+cfg.Name+"_SNAT", cn.TNat, "")
|
w.snat = cn.NewFireWallChain("XTT_"+cfg.Name+"_SNAT", cn.TNat, "")
|
||||||
|
|
||||||
if out, err := w.setV.Clear(); err != nil {
|
w.setV.Clear()
|
||||||
w.out.Error("WorkerImpl.Initialize: create ipset: %s %s", out, err)
|
w.setR.Clear()
|
||||||
}
|
|
||||||
if out, err := w.setR.Clear(); err != nil {
|
|
||||||
w.out.Error("WorkerImpl.Initialize: create ipset: %s %s", out, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
w.ztrust = NewZTrust(cfg.Name, 30)
|
w.ztrust = NewZTrust(cfg.Name, 30)
|
||||||
w.ztrust.Initialize()
|
w.ztrust.Initialize()
|
||||||
@@ -946,6 +927,7 @@ func (w *WorkerImpl) forwardSubnet() {
|
|||||||
input = w.br.L3Name()
|
input = w.br.L3Name()
|
||||||
w.forwardZone(input)
|
w.forwardZone(input)
|
||||||
}
|
}
|
||||||
|
share := cfg.Bridge.Share
|
||||||
|
|
||||||
ifAddr := strings.SplitN(cfg.Bridge.Address, "/", 2)[0]
|
ifAddr := strings.SplitN(cfg.Bridge.Address, "/", 2)[0]
|
||||||
if ifAddr == "" {
|
if ifAddr == "" {
|
||||||
@@ -954,6 +936,9 @@ func (w *WorkerImpl) forwardSubnet() {
|
|||||||
|
|
||||||
// Enable MASQUERADE, and FORWARD it.
|
// Enable MASQUERADE, and FORWARD it.
|
||||||
w.toRelated(input, "Accept related")
|
w.toRelated(input, "Accept related")
|
||||||
|
if share != "" {
|
||||||
|
w.toRelated(share, "Accept related")
|
||||||
|
}
|
||||||
for _, rt := range cfg.Routes {
|
for _, rt := range cfg.Routes {
|
||||||
if !w.addIpSet(rt) {
|
if !w.addIpSet(rt) {
|
||||||
break
|
break
|
||||||
@@ -963,12 +948,18 @@ func (w *WorkerImpl) forwardSubnet() {
|
|||||||
if w.vrf != nil {
|
if w.vrf != nil {
|
||||||
w.toForward_i(w.vrf.Name(), w.setR.Name, "To route")
|
w.toForward_i(w.vrf.Name(), w.setR.Name, "To route")
|
||||||
} else {
|
} else {
|
||||||
|
if share != "" {
|
||||||
|
w.toForward_i(share, w.setR.Name, "To route")
|
||||||
|
}
|
||||||
w.toForward_i(input, w.setR.Name, "To route")
|
w.toForward_i(input, w.setR.Name, "To route")
|
||||||
}
|
}
|
||||||
|
|
||||||
if vpn != nil {
|
if vpn != nil {
|
||||||
w.toMasq_s(w.setR.Name, vpn.Subnet, "To VPN")
|
w.toMasq_s(w.setR.Name, vpn.Subnet, "To VPN")
|
||||||
}
|
}
|
||||||
|
if share != "" {
|
||||||
|
w.toMasq_i(share, w.setR.Name, "To Masq")
|
||||||
|
}
|
||||||
w.toMasq_i(input, w.setR.Name, "To Masq")
|
w.toMasq_i(input, w.setR.Name, "To Masq")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -6,9 +6,7 @@ import (
|
|||||||
"github.com/luscis/openlan/pkg/api"
|
"github.com/luscis/openlan/pkg/api"
|
||||||
"github.com/luscis/openlan/pkg/cache"
|
"github.com/luscis/openlan/pkg/cache"
|
||||||
co "github.com/luscis/openlan/pkg/config"
|
co "github.com/luscis/openlan/pkg/config"
|
||||||
"github.com/luscis/openlan/pkg/libol"
|
|
||||||
cn "github.com/luscis/openlan/pkg/network"
|
cn "github.com/luscis/openlan/pkg/network"
|
||||||
nl "github.com/vishvananda/netlink"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func PeerName(name, prefix string) (string, string) {
|
func PeerName(name, prefix string) (string, string) {
|
||||||
@@ -83,49 +81,11 @@ func (w *OpenLANWorker) UpBridge(cfg *co.Bridge) {
|
|||||||
if err := master.Delay(cfg.Delay); err != nil {
|
if err := master.Delay(cfg.Delay); err != nil {
|
||||||
w.out.Warn("OpenLANWorker.UpBridge: Delay %s", err)
|
w.out.Warn("OpenLANWorker.UpBridge: Delay %s", err)
|
||||||
}
|
}
|
||||||
w.connectPeer(cfg)
|
|
||||||
if err := master.CallIptables(0); err != nil {
|
if err := master.CallIptables(0); err != nil {
|
||||||
w.out.Warn("OpenLANWorker.Start: CallIptables %s", err)
|
w.out.Warn("OpenLANWorker.Start: CallIptables %s", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *OpenLANWorker) connectPeer(cfg *co.Bridge) {
|
|
||||||
if cfg.Peer == "" {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
in, ex := PeerName(cfg.Network, "-e")
|
|
||||||
link := &nl.Veth{
|
|
||||||
LinkAttrs: nl.LinkAttrs{Name: in},
|
|
||||||
PeerName: ex,
|
|
||||||
}
|
|
||||||
br := cn.NewBrCtl(cfg.Peer, cfg.IPMtu)
|
|
||||||
promise := &libol.Promise{
|
|
||||||
First: time.Second * 2,
|
|
||||||
MaxInt: time.Minute,
|
|
||||||
MinInt: time.Second * 10,
|
|
||||||
}
|
|
||||||
promise.Go(func() error {
|
|
||||||
if !br.Has() {
|
|
||||||
w.out.Warn("%s notFound", br.Name)
|
|
||||||
return libol.NewErr("%s notFound", br.Name)
|
|
||||||
}
|
|
||||||
err := nl.LinkAdd(link)
|
|
||||||
if err != nil {
|
|
||||||
w.out.Error("OpenLANWorker.connectPeer: %s", err)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
br0 := cn.NewBrCtl(cfg.Name, cfg.IPMtu)
|
|
||||||
if err := br0.AddPort(in); err != nil {
|
|
||||||
w.out.Error("OpenLANWorker.connectPeer: %s", err)
|
|
||||||
}
|
|
||||||
br1 := cn.NewBrCtl(cfg.Peer, cfg.IPMtu)
|
|
||||||
if err := br1.AddPort(ex); err != nil {
|
|
||||||
w.out.Error("OpenLANWorker.connectPeer: %s", err)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func (w *OpenLANWorker) Start(v api.Switcher) {
|
func (w *OpenLANWorker) Start(v api.Switcher) {
|
||||||
w.uuid = v.UUID()
|
w.uuid = v.UUID()
|
||||||
w.startTime = time.Now().Unix()
|
w.startTime = time.Now().Unix()
|
||||||
@@ -138,33 +98,16 @@ func (w *OpenLANWorker) Start(v api.Switcher) {
|
|||||||
w.WorkerImpl.Start(v)
|
w.WorkerImpl.Start(v)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *OpenLANWorker) downBridge(cfg *co.Bridge) {
|
func (w *OpenLANWorker) downBridge() {
|
||||||
w.closePeer(cfg)
|
|
||||||
_ = w.br.Close()
|
_ = w.br.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *OpenLANWorker) closePeer(cfg *co.Bridge) {
|
|
||||||
if cfg.Peer == "" {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
in, ex := PeerName(cfg.Network, "-e")
|
|
||||||
link := &nl.Veth{
|
|
||||||
LinkAttrs: nl.LinkAttrs{Name: in},
|
|
||||||
PeerName: ex,
|
|
||||||
}
|
|
||||||
err := nl.LinkDel(link)
|
|
||||||
if err != nil {
|
|
||||||
w.out.Error("OpenLANWorker.closePeer: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (w *OpenLANWorker) Stop() {
|
func (w *OpenLANWorker) Stop() {
|
||||||
w.out.Info("OpenLANWorker.Close")
|
w.out.Info("OpenLANWorker.Close")
|
||||||
w.WorkerImpl.Stop()
|
w.WorkerImpl.Stop()
|
||||||
w.UnLoadLinks()
|
w.UnLoadLinks()
|
||||||
w.startTime = 0
|
w.startTime = 0
|
||||||
w.downBridge(w.cfg.Bridge)
|
w.downBridge()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *OpenLANWorker) UpTime() int64 {
|
func (w *OpenLANWorker) UpTime() int64 {
|
||||||
|
|||||||
Reference in New Issue
Block a user