breaking: refactor from service-based advertising to prefixed-based

core/ipc.go

@@ -78,16 +78,15 @@ func HandleNylonIPCGet(s *state.State, rw *bufio.ReadWriter) error {
 		slices.Sort(rt)
 		sb.WriteString(strings.Join(rt, "\n") + "\n")
 
-		// print services
-		sb.WriteString("\n\nAdvertised Services:\n")
+		// print advertised prefixes
+		sb.WriteString("\n\nAdvertised Prefixes:\n")
 		rt = make([]string, 0)
-		for sid, adv := range s.Advertised {
-			prefix := s.GetSvcPrefix(sid)
+		for prefix, adv := range s.Advertised {
 			timeRem := adv.Expiry.Sub(time.Now())
 			if timeRem > time.Hour*24 {
-				rt = append(rt, fmt.Sprintf(" - %s as %s expires never nh %s", sid, prefix, adv.NodeId))
+				rt = append(rt, fmt.Sprintf(" - %s expires never nh %s", prefix, adv.NodeId))
 			} else {
-				rt = append(rt, fmt.Sprintf(" - %s as %s expires %.2fs nh %s", sid, prefix, timeRem.Seconds(), adv.NodeId))
+				rt = append(rt, fmt.Sprintf(" - %s expires %.2fs nh %s", prefix, timeRem.Seconds(), adv.NodeId))
 			}
 		}
 		slices.Sort(rt)

core/nylon_passive.go

@@ -24,26 +24,29 @@ func scanPassivePeers(s *state.State) error {
 			// If this device switches to another nylon node, that node will start advertising the client, and we will stop holding the route
 
 			hasOtherAdvertisers := false
-			for _, neigh := range s.Neighbours {
-				for _, route := range neigh.Routes {
-					if route.ServiceId == state.ServiceId(*nid) && route.NodeId != s.Id && route.FD.Metric != state.INF {
-						hasOtherAdvertisers = true
-						break
+			ncfg := s.GetNode(*nid)
+			for _, prefix := range ncfg.Prefixes {
+				for _, neigh := range s.Neighbours {
+					for _, route := range neigh.Routes {
+						if route.Prefix == prefix && route.NodeId != s.Id && route.FD.Metric != state.INF {
+							hasOtherAdvertisers = true
+							goto foundAdvertiser
+						}
 					}
 				}
 			}
+		foundAdvertiser:
 
 			// TODO: we could make this expire after a longer period of time, like 24h. However, this would require our passive client to wait for the full route propagation time after 24 hours. (Might cause unexpected interruptions)
 
 			recentlyUpdated := time.Now().Sub(peer.LastReceivedPacket()) < state.ClientDeadThreshold
-			recentlyAdvertised := r.hasRecentlyAdvertised(state.ServiceId(*nid))
-
-			if s.IsClient(*nid) && (recentlyUpdated || !hasOtherAdvertisers && recentlyAdvertised) {
+			if s.IsClient(*nid) {
 				// we have a passive client
-				ncfg := s.GetNode(*nid)
-
-				for _, newSvc := range ncfg.Services {
-					r.updatePassiveClient(s, newSvc, *nid, !recentlyUpdated)
+				for _, newPrefix := range ncfg.Prefixes {
+					recentlyAdvertised := r.hasRecentlyAdvertised(newPrefix)
+					if recentlyUpdated || !hasOtherAdvertisers && recentlyAdvertised {
+						r.updatePassiveClient(s, newPrefix, *nid, !recentlyUpdated)
+					}
 				}
 			}
 		}

core/nylon_tc.go

@@ -69,7 +69,7 @@ func (n *Nylon) InstallTC(s *state.State) {
 
 	// bounce back packets destined for the current node
 	n.Device.InstallFilter(func(dev *device.Device, packet *device.TCElement) (device.TCAction, error) {
-		entry, ok := r.LoopbackTable.Lookup(packet.GetDst())
+		entry, ok := r.ExitTable.Lookup(packet.GetDst())
 		// we should only accept packets destined to us, but not our passive clients
 		if ok && entry.Nh == s.Id {
 			//dev.Log.Verbosef("BounceCur packet: %v -> %v", packet.GetSrc(), packet.GetDst())

core/nylon_wireguard.go

@@ -83,36 +83,54 @@ listen_port=%d
 	// configure system networking
 
 	if !s.NoNetConfigure {
-		// configure self
-		selfSvc := make(map[state.ServiceId]struct{})
-
-		for _, svc := range s.GetRouter(s.Id).Services {
-			prefix := s.GetSvcPrefix(svc)
-			selfSvc[svc] = struct{}{}
-			err = ConfigureAlias(itfName, prefix)
+		// run pre-up commands
+		for _, cmd := range s.PreUp {
+			err = ExecSplit(s.Log, cmd)
 			if err != nil {
-				return err
+				s.Log.Error("failed to run pre-up command", "err", err)
 			}
 		}
 
-		if len(s.GetRouter(s.Id).Services) == 0 {
-			return fmt.Errorf("no address configured for self")
+		for _, addr := range s.GetRouter(s.Id).Addresses {
+			err := ConfigureAlias(s.Log, itfName, addr)
+			if err != nil {
+				s.Log.Error("failed to configure alias", "err", err)
+			}
 		}
 
-		err = InitInterface(itfName)
+		err = InitInterface(s.Log, itfName)
 
 		if err != nil {
 			return err
 		}
 
-		// configure services
-		for svc, prefix := range s.Services {
-			if _, ok := selfSvc[svc]; ok {
-				continue
+		// configure prefixes
+		include := append(s.GetPrefixes(), s.IncludeIPs...)
+		if len(s.IncludeIPs) != 0 {
+			include = s.IncludeIPs
+		}
+		for _, inc := range include {
+			s.Log.Debug("Include Prefix", "prefix", inc.String())
+		}
+		for _, excl := range s.ExcludeIPs {
+			s.Log.Debug("Exclude Prefix", "prefix", excl.String())
+		}
+		computed := state.ComputeSplitTunnel(include, s.ExcludeIPs)
+		for _, pre := range computed {
+			s.Log.Debug("Computed Prefix", "prefix", pre.String())
+		}
+		for _, prefix := range computed {
+			err := ConfigureRoute(s.Log, n.Tun, itfName, prefix)
+			if err != nil {
+				s.Log.Error("failed to configure route", "err", err)
 			}
-			err = ConfigureRoute(n.Tun, itfName, prefix)
+		}
+
+		// run post-up commands
+		for _, cmd := range s.PostUp {
+			err = ExecSplit(s.Log, cmd)
 			if err != nil {
-				return err
+				s.Log.Error("failed to run post-up command", "err", err)
 			}
 		}
 	}
@@ -125,7 +143,25 @@ listen_port=%d
 }
 
 func (n *Nylon) cleanupWireGuard(s *state.State) error {
-	return CleanupWireGuardDevice(s, n)
+	// run pre-down commands
+	for _, cmd := range s.PreUp {
+		err := ExecSplit(s.Log, cmd)
+		if err != nil {
+			s.Log.Error("failed to run pre-down command", "err", err)
+		}
+	}
+	err := CleanupWireGuardDevice(s, n)
+	if err != nil {
+		return err
+	}
+	// run post-down commands
+	for _, cmd := range s.PostDown {
+		err = ExecSplit(s.Log, cmd)
+		if err != nil {
+			s.Log.Error("failed to run post-down command", "err", err)
+		}
+	}
+	return nil
 }
 
 func UpdateWireGuard(s *state.State) error {