Merge pull request #45 from netfoundry/v0.7.2-release-candidate

V0.7.2 release candidate
netfoundry · May 30, 2024 · 3a2be51 · 3a2be51
2 parents e84d1c2 + ef5f7c7
commit 3a2be51
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 31 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,24 @@
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+# [0.7.2] - 2024-05-28
+
+###
+
+- Refactored to include resolver ip in ifindex_tun struct
+  ```
+  struct ifindex_tun {
+    uint32_t index;
+    char ifname[IF_NAMESIZE];
+    char cidr[16];
+    uint32_t resolver;
+    char mask[3];
+    bool verbose;
+  };
+  ```
+  - Fixed issue: incorrect setting in ziti-fw-init.service.  after=network.target should have been 
+    After=network.target
+
 # [0.7.1] - 2024-05-28
 
 ###

diff --git a/files/services/ziti-fw-init.service b/files/services/ziti-fw-init.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Ziti-FW-Init
 Requires=network.target
-after=network.target
+After=network.target
 
 [Service]
 User=root

diff --git a/src/zfw.c b/src/zfw.c
@@ -182,7 +182,7 @@ char *log_file_name;
 char *object_file;
 char *direction_string;
 
-const char *argp_program_version = "0.7.1";
+const char *argp_program_version = "0.7.2";
 struct ring_buffer *ring_buffer;
 
 __u32 if_list[MAX_IF_LIST_ENTRIES];
@@ -246,11 +246,11 @@ struct ifindex_ip4
 };
 
 /*value to ifindex_tun_map*/
-struct ifindex_tun
-{
+struct ifindex_tun {
     uint32_t index;
     char ifname[IF_NAMESIZE];
     char cidr[16];
+    uint32_t resolver;
     char mask[3];
     bool verbose;
 };
@@ -964,10 +964,17 @@ bool set_tun_diag()
             {
                 return false;
             }
+            char *tun_resolver = nitoa(ntohl(o_tdiag.resolver));
             printf("%s: %d\n", o_tdiag.ifname, o_tdiag.index);
             printf("--------------------------\n");
             printf("%-24s:%d\n", "verbose", o_tdiag.verbose);
             printf("%-24s:%s\n", "cidr", o_tdiag.cidr);
+            if(tun_resolver){
+                printf("%-24s:%s\n", "resolver", tun_resolver);
+                free(tun_resolver);
+            }else{
+                printf("%-24s:%s\n", "resolver", "");
+            }
             printf("%-24s:%s\n", "mask", o_tdiag.mask);
             printf("--------------------------\n\n");
         }
@@ -1904,6 +1911,7 @@ bool interface_map()
                             change_detected = true;
                         }
                         free(tuncidr_string);
+                        o_iftun.resolver = htonl(tun_net_integer + 2);
                     }
 
                     if (change_detected)

diff --git a/src/zfw_tc_ingress.c b/src/zfw_tc_ingress.c
@@ -205,6 +205,7 @@ struct ifindex_tun {
     uint32_t index;
     char ifname[IFNAMSIZ];
     char cidr[16];
+    uint32_t resolver;
     char mask[3];
     bool verbose;
 };

diff --git a/src/zfw_tunnel_wrapper.c b/src/zfw_tunnel_wrapper.c
@@ -89,6 +89,7 @@ const char *wildcard_port_map_path = "/sys/fs/bpf/tc/globals/wildcard_port_map";
 int ctrl_socket, event_socket;
 char tunip_string[16]="";
 char tunip_mask_string[10]="";
+uint32_t tun_resolver_ip = 0;
 struct in_addr tun_cidr = {0};
 char *tun_ifname;
 bool transparent;
@@ -128,7 +129,6 @@ bool check_diag();
 bool in_service_set(__u16 tproxy_port, unsigned char protocol, char *service_id);
 bool rule_exists(uint32_t dst_ip, uint8_t dplen, uint32_t src_ip, uint8_t splen,
  uint16_t low_port, uint16_t high_port, uint8_t protocol);
-uint32_t get_resolver_ip(char *ziti_cidr);
 int process_bind(json_object *jobj, char *action);
 int process_routes(char *service_id);
 void if_list_ext_delete_key(struct port_extension_key key);
@@ -195,6 +195,7 @@ struct ifindex_tun {
     uint32_t index;
     char ifname[IFNAMSIZ];
     char cidr[16];
+    uint32_t resolver;
     char mask[3];
     bool verbose;
 };
@@ -1135,26 +1136,6 @@ int process_bind(json_object *jobj, char *action)
     return 0;
 }
 
- uint32_t get_resolver_ip(char *ziti_cidr){
-    uint32_t cidr[4];
-        int bits;
-        int ret = sscanf(ziti_cidr, "%d.%d.%d.%d", &cidr[0], &cidr[1], &cidr[2], &cidr[3]);
-        if (ret != 4) {
-            printf(" %s Unable to determine ziti_dns resolver address: Bad CIDR FORMAT\n", ziti_cidr);
-            return 0;
-        }
-
-        uint32_t address_bytes = 0;
-        for (int i = 0; i < 4; i++) {
-            address_bytes <<= 8U;
-            address_bytes |= (cidr[i] & 0xFFU);
-        }
-        uint32_t ziti_dns_resolver_ip = 0;
-        ziti_dns_resolver_ip = address_bytes + 2;
-        return ziti_dns_resolver_ip;
-}
-
-
 void delete_wild_key(struct wildcard_port_key *key){
     union bpf_attr map;
     memset(&map, 0, sizeof(map));
@@ -1340,18 +1321,17 @@ int process_dial(json_object *jobj, char *action){
                                             char mask[10];
                                             if(is_host)
                                             {
-                                                uint32_t resolver = get_resolver_ip(tunip_string);
-                                                if(!rule_exists(resolver, 32, 0, 0, 53, 53, IPPROTO_UDP)){
-                                                    if(resolver){
-                                                        char *resolver_ip = nitoa(resolver);
+                                                if(tun_resolver_ip){
+                                                    if(!rule_exists(tun_resolver_ip, 32, 0, 0, 53, 53, IPPROTO_UDP)){
+                                                        char *resolver_ip = nitoa(tun_resolver_ip);
                                                         if(resolver_ip){
                                                             zfw_update(resolver_ip, "32", "53", "53", "udp", "0000000000000000000000",action);
                                                             free(resolver_ip);
                                                             printf("-----------------Resolver Rule Entered -------------------\n");
                                                         }
+                                                    }else{
+                                                        printf("-----------------Resolver Rule Exists -------------------\n");
                                                     }
-                                                }else{
-                                                    printf("-----------------Resolver Rule Exists -------------------\n");
                                                 }
                                                 struct json_object *hostname_obj = json_object_object_get(address_obj, "HostName");
                                                 printf("\n\nHost intercept: Skipping ebpf\n");       
@@ -1554,6 +1534,7 @@ int run(){
                 if((sizeof(o_tunif.cidr) > 0) && (sizeof(o_tunif.mask) >0)){
                     sprintf(tunip_string, "%s" , o_tunif.cidr);
                     sprintf(tunip_mask_string, "%s", o_tunif.mask);
+                    tun_resolver_ip = ntohl(o_tunif.resolver);
                     if (!inet_aton(tunip_string, &tun_cidr)){
                         printf("Invalid ziti tunnel IP\n");
                     }

diff --git a/src/zfw_xdp_tun_ingress.c b/src/zfw_xdp_tun_ingress.c
@@ -76,6 +76,7 @@ struct ifindex_tun {
     uint32_t index;
     char ifname[IFNAMSIZ];
     char cidr[16];
+    uint32_t resolver;
     char mask[3];
     bool verbose;
 };