Skip to content

Commit

Permalink
Minor performance improvement when watching for device changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@NHAS
NHAS committed Jan 7, 2024
1 parent 8d136ea commit ad95a8c
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 10 deletions.
3 changes: 3 additions & 0 deletions internal/router/bpf.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,7 @@ func xdpAddRoute(usersRouteTable *ebpf.Map, userAcls config.Acl) error {
if err != nil {
return fmt.Errorf("error putting route key in inner map: %s", err)
}

}
}

Expand All @@ -317,6 +318,7 @@ func xdpUserExists(userid [20]byte) error {

// Returns the inner LPM trie map that was created for the user
func addInnerMapTo(key interface{}, spec *ebpf.MapSpec, table *ebpf.Map) (*ebpf.Map, error) {

inner, err := ebpf.NewMap(spec)
if err != nil {
return nil, fmt.Errorf("%s creating new map: %s", table.String(), err)
Expand Down Expand Up @@ -350,6 +352,7 @@ func AddUser(username string, acls config.Acl) error {
}

func setMaps(userid [20]byte, userAcls config.Acl) error {

// Adds LPM trie to existing map (hashmap to map)
policiesInnerTable, err := addInnerMapTo(userid, routesMapSpec, xdpObjects.PoliciesTable)
if err != nil {
Expand Down
30 changes: 21 additions & 9 deletions internal/router/init.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,17 @@ func Setup(error chan<- error, iptables bool) (err error) {

go func() {
startup := true
cache := map[string]string{}
d, err := data.GetAllDevices()
if err != nil {
error <- err
return
}

for _, device := range d {
cache[device.Address] = device.Endpoint.String()
}

for {

dev, err := ctrl.Device(config.Values().Wireguard.DevName)
Expand All @@ -60,16 +71,17 @@ func Setup(error chan<- error, iptables bool) (err error) {

ip := p.AllowedIPs[0].IP.String()

d, err := data.GetDeviceByAddress(ip)
if err != nil {
log.Println("unable to get previous device endpoint for ", ip, err)
if err := Deauthenticate(ip); err != nil {
log.Println(ip, "unable to remove forwards for device: ", err)
}
continue
}
if cache[ip] != p.Endpoint.String() {
cache[ip] = p.Endpoint.String()

if d.Endpoint.String() != p.Endpoint.String() {
d, err := data.GetDeviceByAddress(ip)
if err != nil {
log.Println("unable to get previous device endpoint for ", ip, err)
if err := Deauthenticate(ip); err != nil {
log.Println(ip, "unable to remove forwards for device: ", err)
}
continue
}

err = data.UpdateDeviceEndpoint(p.AllowedIPs[0].IP.String(), p.Endpoint)
if err != nil {
Expand Down
1 change: 1 addition & 0 deletions internal/routetypes/parser.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ func ParseRules(mfa, public, deny []string) (result []Rule, err error) {

cache := map[string]int{}
// Add

for _, rule := range mfa {
r, err := parseRule(0, rule)
if err != nil {
Expand Down
1 change: 0 additions & 1 deletion internal/webserver/web.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ import (
)

func Start(errChan chan<- error) error {

//https://blog.cloudflare.com/exposing-go-on-the-internet/
tlsConfig := &tls.Config{
// Causes servers to use Go's default ciphersuite preferences,
Expand Down

0 comments on commit ad95a8c

Please sign in to comment.