spec: add forwardee's allowedips to forwarder's allowedips

nyiyui · Jan 12, 2025 · 6818595 · 6818595
1 parent 3c9a3dd
commit 6818595
Showing 1 changed file with 29 additions and 3 deletions.
diff --git a/spec/compile.go b/spec/compile.go
@@ -32,6 +32,18 @@ func (sc SpecCensored) CompileMachine(name string, ignoreIncomplete bool) (goal.
 				}
 			}
 		}
+		forwardsFor := make([][]int, len(sn.Devices))
+		for i, snd := range sn.Devices {
+			if i == sndI {
+				continue
+			}
+			if snd.PublicKey == (goal.Key{}) {
+				continue
+			}
+			if snd.ForwarderAndEndpointChosen && snd.UsesForwarder {
+				forwardsFor[snd.ForwarderChosenIndex] = append(forwardsFor[snd.ForwarderChosenIndex], i)
+			}
+		}
 		peers := make([]goal.InterfacePeer, 0, len(sn.Devices)-1)
 		for i, snd := range sn.Devices {
 			if i == sndI {
@@ -54,24 +66,38 @@ func (sc SpecCensored) CompileMachine(name string, ignoreIncomplete bool) (goal.
 				} else {
 					forwarder := sn.Devices[snd.ForwarderChosenIndex]
 					if !forwarder.ForwarderAndEndpointChosen {
+						// NOTE: this shouldn't happen; the forwarder should have been checked before this
 						if ignoreIncomplete {
 							zap.S().Debugf("%s/%s has forwarder %s/%s which does not have a chosen forwarder and endpoint, ignore.", sn.Name, snd.Name, sn.Name, forwarder.Name)
 							continue
 						} else {
 							return goal.Machine{}, fmt.Errorf("%s/%s has forwarder %s/%s which does not have a chosen forwarder and endpoint", sn.Name, snd.Name, sn.Name, forwarder.Name)
 						}
 					}
-					endpoint = forwarder.Endpoints[forwarder.EndpointChosenIndex]
+					continue
+				}
+			}
+			allowedIPs := snd.Addresses
+			thisForwardsFor := forwardsFor[i]
+			for _, j := range thisForwardsFor {
+				forwardee := sn.Devices[j]
+				if forwardee.PublicKey == (goal.Key{}) {
+					if ignoreIncomplete {
+						zap.S().Debugf("%s/%s has forwarder %s/%s which has unset PublicKey, ignore.", sn.Name, snd.Name, sn.Name, forwardee.Name)
+						continue
+					} else {
+						return goal.Machine{}, fmt.Errorf("%s/%s has forwarder %s/%s which has unset PublicKey", sn.Name, snd.Name, sn.Name, forwardee.Name)
+					}
 				}
+				allowedIPs = append(allowedIPs, forwardee.Addresses...)
 			}
 			peers = append(peers, goal.InterfacePeer{
 				Name:                snd.Name,
 				PublicKey:           snd.PublicKey,
 				PresharedKey:        snd.PresharedKey,
 				Endpoint:            endpoint,
 				PersistentKeepalive: snd.PersistentKeepalive,
-				AllowedIPs:          snd.Addresses,
-				// TODO: forwarding: add forwarding addresses to goal.InterfacePeer.AllowedIPs
+				AllowedIPs:          allowedIPs,
 			})
 		}
 		gm.Interfaces = append(gm.Interfaces, goal.Interface{