feat: add interface black list to avoid undesired interfaces

netbirdio · May 16, 2021 · a773ec8 · a773ec8
1 parent 47933bc
commit a773ec8
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 18 deletions.
diff --git a/cmd/config.go b/cmd/config.go
@@ -14,9 +14,10 @@ type Config struct {
 	Peers        []connection.Peer
 	StunTurnURLs []*ice.URL
 	// host:port of the signal server
-	SignalAddr string
-	WgAddr     string
-	WgIface    string
+	SignalAddr     string
+	WgAddr         string
+	WgIface        string
+	IFaceBlackList []string
 }
 
 //Write writes configPath to a file

diff --git a/cmd/up.go b/cmd/up.go
@@ -38,7 +38,11 @@ var (
 			//todo proper close handling
 			defer func() { signalClient.Close() }()
 
-			engine := connection.NewEngine(signalClient, config.StunTurnURLs, config.WgIface, config.WgAddr)
+			iFaceBlackList := make(map[string]struct{})
+			for i := 0; i < len(config.IFaceBlackList); i += 2 {
+				iFaceBlackList[config.IFaceBlackList[i]] = struct{}{}
+			}
+			engine := connection.NewEngine(signalClient, config.StunTurnURLs, config.WgIface, config.WgAddr, iFaceBlackList)
 
 			err = engine.Start(myKey, config.Peers)
 

diff --git a/connection/connection.go b/connection/connection.go
@@ -29,6 +29,8 @@ type ConnConfig struct {
 	RemoteWgKey wgtypes.Key
 
 	StunTurnURLS []*ice.URL
+
+	iFaceBlackList map[string]struct{}
 }
 
 type IceCredentials struct {
@@ -88,6 +90,13 @@ func (conn *Connection) Open(timeout time.Duration) error {
 	a, err := ice.NewAgent(&ice.AgentConfig{
 		NetworkTypes: []ice.NetworkType{ice.NetworkTypeUDP4},
 		Urls:         conn.Config.StunTurnURLS,
+		InterfaceFilter: func(s string) bool {
+			if conn.Config.iFaceBlackList == nil {
+				return true
+			}
+			_, ok := conn.Config.iFaceBlackList[s]
+			return !ok
+		},
 	})
 	conn.agent = a
 
@@ -280,7 +289,7 @@ func (conn *Connection) listenOnConnectionStateChanges() error {
 				log.Errorf("failed selecting active ICE candidate pair %s", err)
 				return
 			}
-			log.Debugf("closed to peer %s via selected candidate pair %s", conn.Config.RemoteWgKey.String(), pair)
+			log.Infof("will connect to peer %s via a selected connnection candidate pair %s", conn.Config.RemoteWgKey.String(), pair)
 		} else if state == ice.ConnectionStateDisconnected || state == ice.ConnectionStateFailed {
 			// todo do we really wanna have a connection restart within connection itself? Think of moving it outside
 			err := conn.Close()

diff --git a/connection/engine.go b/connection/engine.go
@@ -23,20 +23,24 @@ type Engine struct {
 	wgIface string
 	// Wireguard local address
 	wgIp string
+
+	iFaceBlackList map[string]struct{}
 }
 
 type Peer struct {
 	WgPubKey     string
 	WgAllowedIps string
 }
 
-func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string) *Engine {
+func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string,
+	iFaceBlackList map[string]struct{}) *Engine {
 	return &Engine{
-		stunsTurns: stunsTurns,
-		signal:     signal,
-		wgIface:    wgIface,
-		wgIp:       wgAddr,
-		conns:      map[string]*Connection{},
+		stunsTurns:     stunsTurns,
+		signal:         signal,
+		wgIface:        wgIface,
+		wgIp:           wgAddr,
+		conns:          map[string]*Connection{},
+		iFaceBlackList: iFaceBlackList,
 	}
 }
 
@@ -101,13 +105,14 @@ func (e *Engine) openPeerConnection(wgPort int, myKey wgtypes.Key, peer Peer) (*
 
 	remoteKey, _ := wgtypes.ParseKey(peer.WgPubKey)
 	connConfig := &ConnConfig{
-		WgListenAddr: fmt.Sprintf("127.0.0.1:%d", wgPort),
-		WgPeerIp:     e.wgIp,
-		WgIface:      e.wgIface,
-		WgAllowedIPs: peer.WgAllowedIps,
-		WgKey:        myKey,
-		RemoteWgKey:  remoteKey,
-		StunTurnURLS: e.stunsTurns,
+		WgListenAddr:   fmt.Sprintf("127.0.0.1:%d", wgPort),
+		WgPeerIp:       e.wgIp,
+		WgIface:        e.wgIface,
+		WgAllowedIPs:   peer.WgAllowedIps,
+		WgKey:          myKey,
+		RemoteWgKey:    remoteKey,
+		StunTurnURLS:   e.stunsTurns,
+		iFaceBlackList: e.iFaceBlackList,
 	}
 
 	signalOffer := func(uFrag string, pwd string) error {