From e65e261cd39fc12685678fc59da5e4109c2c8fb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bogdan-=C8=98tefan=20Neac=C5=9Fu?= Date: Tue, 22 Oct 2024 12:31:25 +0300 Subject: [PATCH] Push private ip before inserting (#5008) --- .../authenticator/src/mixnet_listener.rs | 15 ++++++--------- .../authenticator/src/peer_manager.rs | 11 ++--------- 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/service-providers/authenticator/src/mixnet_listener.rs b/service-providers/authenticator/src/mixnet_listener.rs index 44b4421729..304d30584c 100644 --- a/service-providers/authenticator/src/mixnet_listener.rs +++ b/service-providers/authenticator/src/mixnet_listener.rs @@ -7,6 +7,7 @@ use std::{ }; use crate::{error::AuthenticatorError, peer_manager::PeerManager}; +use defguard_wireguard_rs::net::IpAddrMask; use defguard_wireguard_rs::{host::Peer, key::Key}; use futures::StreamExt; use nym_authenticator_requests::{ @@ -235,7 +236,9 @@ impl MixnetListener { return Err(AuthenticatorError::MacVerificationFailure); } - let peer = Peer::new(Key::new(final_message.gateway_client.pub_key.to_bytes())); + let mut peer = Peer::new(Key::new(final_message.gateway_client.pub_key.to_bytes())); + peer.allowed_ips + .push(IpAddrMask::new(final_message.gateway_client.private_ip, 32)); // If gateway does ecash verification and client sends a credential, we do the additional // credential verification. Later this will become mandatory. @@ -260,11 +263,7 @@ impl MixnetListener { return Err(e); } let public_key = peer.public_key.to_string(); - if let Err(e) = self - .peer_manager - .add_peer(peer, &final_message.gateway_client, Some(client_id)) - .await - { + if let Err(e) = self.peer_manager.add_peer(peer, Some(client_id)).await { ecash_verifier .storage() .remove_wireguard_peer(&public_key) @@ -272,9 +271,7 @@ impl MixnetListener { return Err(e); } } else { - self.peer_manager - .add_peer(peer, &final_message.gateway_client, None) - .await?; + self.peer_manager.add_peer(peer, None).await?; } registred_and_free .registration_in_progres diff --git a/service-providers/authenticator/src/peer_manager.rs b/service-providers/authenticator/src/peer_manager.rs index 4cb66d5e18..091d795b77 100644 --- a/service-providers/authenticator/src/peer_manager.rs +++ b/service-providers/authenticator/src/peer_manager.rs @@ -2,7 +2,7 @@ // SPDX-License-Identifier: Apache-2.0 use crate::error::*; -use defguard_wireguard_rs::{host::Peer, key::Key, net::IpAddrMask}; +use defguard_wireguard_rs::{host::Peer, key::Key}; use futures::channel::oneshot; use nym_authenticator_requests::latest::registration::{GatewayClient, RemainingBandwidthData}; use nym_wireguard::{ @@ -24,15 +24,8 @@ impl PeerManager { wireguard_gateway_data, } } - pub async fn add_peer( - &mut self, - mut peer: Peer, - client: &GatewayClient, - client_id: Option, - ) -> Result<()> { + pub async fn add_peer(&mut self, peer: Peer, client_id: Option) -> Result<()> { let (response_tx, response_rx) = oneshot::channel(); - peer.allowed_ips - .push(IpAddrMask::new(client.private_ip, 32)); let msg = PeerControlRequest::AddPeer { peer, client_id,