HA Network Routes: prevent routing directly-accessible networks throu…

…gh VPN interface fixes: #598
netbirdio · Dec 7, 2022 · 4e6823f · 4e6823f
1 parent 6b417a8
commit 4e6823f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/client/internal/routemanager/client.go b/client/internal/routemanager/client.go
@@ -3,12 +3,13 @@ package routemanager
 import (
 	"context"
 	"fmt"
+	"net/netip"
+
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/status"
 	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/route"
 	log "github.com/sirupsen/logrus"
-	"net/netip"
 )
 
 type routerPeerStatus struct {
@@ -52,7 +53,7 @@ func newClientNetworkWatcher(ctx context.Context, wgInterface *iface.WGIface, st
 	return client
 }
 
-func getClientNetworkID(input *route.Route) string {
+func getHANetworkID(input *route.Route) string {
 	return input.NetID + "-" + input.Network.String()
 }
 

diff --git a/client/internal/routemanager/manager.go b/client/internal/routemanager/manager.go
@@ -3,13 +3,14 @@ package routemanager
 import (
 	"context"
 	"fmt"
+	"runtime"
+	"sync"
+
 	"github.com/netbirdio/netbird/client/status"
 	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/route"
 	log "github.com/sirupsen/logrus"
-	"runtime"
-	"sync"
 )
 
 // Manager is a route manager interface
@@ -147,10 +148,17 @@ func (m *DefaultManager) UpdateRoutes(updateSerial uint64, newRoutes []*route.Ro
 
 		newClientRoutesIDMap := make(map[string][]*route.Route)
 		newServerRoutesMap := make(map[string]*route.Route)
+		ownNetworkIDs := make(map[string]bool)
 
 		for _, newRoute := range newRoutes {
-			// only linux is supported for now
 			if newRoute.Peer == m.pubKey {
+				ownNetworkIDs[getHANetworkID(newRoute)] = true
+			}
+		}
+
+		for _, newRoute := range newRoutes {
+			if ownNetworkIDs[getHANetworkID(newRoute)] {
+				// only linux is supported for now
 				if runtime.GOOS != "linux" {
 					log.Warnf("received a route to manage, but agent doesn't support router mode on %s OS", runtime.GOOS)
 					continue
@@ -164,7 +172,7 @@ func (m *DefaultManager) UpdateRoutes(updateSerial uint64, newRoutes []*route.Ro
 						system.NetbirdVersion(), newRoute.Network)
 					continue
 				}
-				clientNetworkID := getClientNetworkID(newRoute)
+				clientNetworkID := getHANetworkID(newRoute)
 				newClientRoutesIDMap[clientNetworkID] = append(newClientRoutesIDMap[clientNetworkID], newRoute)
 			}
 		}