New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable real forwarding for wireguard service #596
Conversation
@@ -99,6 +117,10 @@ func (ce *connectionEndpoint) Stop() error { | |||
return err | |||
} | |||
|
|||
if ce.natService != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can it be nil ? its depedency
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
connectionEndpoint is used both for provider and consumer.
There is no reason to do anything with NAT for the consumer.
So the answer is yes, it can be nil for the consumer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That means that connection endpoint is too low level component to handle forwarding. Behaviour based on ifs is not a very good practice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved NAT configuration to the service manager.
@@ -68,6 +63,29 @@ func (ce *connectionEndpoint) Start(config *wg.ServiceConfig) error { | |||
ce.privateKey = config.Consumer.PrivateKey | |||
} | |||
|
|||
if ce.ipResolver != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This shows too much details - could be separate private function with clear name
b73e31c
to
bc31f4a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for now. I see that we will need to move all iptables code into separate service common to any service using iptables. This will be needed to resolve possible rule clash'es. Will create a separate ticket for this.
bc31f4a
to
ccdd3f6
Compare
Fixed tests and rebased it. Please take a look again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good enough. Let's do this
@zolia @vkuznecovas lets decide |
No description provided.