// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package agent
import (
"fmt"
"net"
"github.com/hashicorp/consul/agent/structs"
)
type TranslateAddressAccept int
const (
TranslateAddressAcceptDomain TranslateAddressAccept = 1 << iota
TranslateAddressAcceptIPv4
TranslateAddressAcceptIPv6
TranslateAddressAcceptAny TranslateAddressAccept = ^ 0
)
// TranslateServicePort is used to provide the final, translated port for a service,
// depending on how the agent and the other node are configured. The dc
// parameter is the dc the datacenter this node is from.
func ( a * Agent ) TranslateServicePort ( dc string , port int , taggedAddresses map [ string ] structs . ServiceAddress ) int {
if a . config . TranslateWANAddrs && ( a . config . Datacenter != dc ) {
if wanAddr , ok := taggedAddresses [ structs . TaggedAddressWAN ] ; ok && wanAddr . Port != 0 {
return wanAddr . Port
}
}
return port
}
// TranslateServiceAddress is used to provide the final, translated address for a node,
// depending on how the agent and the other node are configured. The dc
// parameter is the dc the datacenter this node is from.
func ( a * Agent ) TranslateServiceAddress ( dc string , addr string , taggedAddresses map [ string ] structs . ServiceAddress , accept TranslateAddressAccept ) string {
def := addr
v4 := taggedAddresses [ structs . TaggedAddressLANIPv4 ] . Address
v6 := taggedAddresses [ structs . TaggedAddressLANIPv6 ] . Address
shouldUseWan := a . config . TranslateWANAddrs && ( a . config . Datacenter != dc )
if shouldUseWan {
if v , ok := taggedAddresses [ structs . TaggedAddressWAN ] ; ok {
def = v . Address
}
if v , ok := taggedAddresses [ structs . TaggedAddressWANIPv4 ] ; ok {
v4 = v . Address
}
if v , ok := taggedAddresses [ structs . TaggedAddressWANIPv6 ] ; ok {
v6 = v . Address
}
}
return translateAddressAccept ( accept , def , v4 , v6 )
}
// TranslateAddress is used to provide the final, translated address for a node,
// depending on how the agent and the other node are configured. The dc
// parameter is the dc the datacenter this node is from.
func ( a * Agent ) TranslateAddress ( dc string , addr string , taggedAddresses map [ string ] string , accept TranslateAddressAccept ) string {
def := addr
v4 := taggedAddresses [ structs . TaggedAddressLANIPv4 ]
v6 := taggedAddresses [ structs . TaggedAddressLANIPv6 ]
shouldUseWan := a . config . TranslateWANAddrs && ( a . config . Datacenter != dc )
if shouldUseWan {
if v , ok := taggedAddresses [ structs . TaggedAddressWAN ] ; ok {
def = v
}
if v , ok := taggedAddresses [ structs . TaggedAddressWANIPv4 ] ; ok {
v4 = v
}
if v , ok := taggedAddresses [ structs . TaggedAddressWANIPv6 ] ; ok {
v6 = v
}
}
return translateAddressAccept ( accept , def , v4 , v6 )
}
func translateAddressAccept ( accept TranslateAddressAccept , def , v4 , v6 string ) string {
switch {
case accept & TranslateAddressAcceptIPv6 > 0 && v6 != "" :
return v6
case accept & TranslateAddressAcceptIPv4 > 0 && v4 != "" :
return v4
case accept & TranslateAddressAcceptAny > 0 && def != "" :
return def
default :
defIP := net . ParseIP ( def )
switch {
case defIP != nil && defIP . To4 ( ) != nil && accept & TranslateAddressAcceptIPv4 > 0 :
return def
case defIP != nil && defIP . To4 ( ) == nil && accept & TranslateAddressAcceptIPv6 > 0 :
return def
case defIP == nil && accept & TranslateAddressAcceptDomain > 0 :
return def
}
}
return ""
}
// TranslateAddresses translates addresses in the given structure into the
// final, translated address, depending on how the agent and the other node are
// configured. The dc parameter is the datacenter this structure is from.
func ( a * Agent ) TranslateAddresses ( dc string , subj interface { } , accept TranslateAddressAccept ) {
// CAUTION - SUBTLE! An agent running on a server can, in some cases,
// return pointers directly into the immutable state store for
// performance (it's via the in-memory RPC mechanism). It's never safe
// to modify those values, so we short circuit here so that we never
// update any structures that are from our own datacenter. This works
// for address translation because we *never* need to translate local
// addresses, but this is super subtle, so we've piped all the in-place
// address translation into this function which makes sure this check is
// done. This also happens to skip looking at any of the incoming
// structure for the common case of not needing to translate, so it will
// skip a lot of work if no translation needs to be done.
if ! a . config . TranslateWANAddrs || ( a . config . Datacenter == dc ) {
return
}
// Translate addresses in-place, subject to the condition checked above
// which ensures this is safe to do since we are operating on a local
// copy of the data.
switch v := subj . ( type ) {
case structs . CheckServiceNodes :
for _ , entry := range v {
entry . Node . Address = a . TranslateAddress ( dc , entry . Node . Address , entry . Node . TaggedAddresses , accept )
entry . Service . Address = a . TranslateServiceAddress ( dc , entry . Service . Address , entry . Service . TaggedAddresses , accept )
entry . Service . Port = a . TranslateServicePort ( dc , entry . Service . Port , entry . Service . TaggedAddresses )
}
case * structs . Node :
v . Address = a . TranslateAddress ( dc , v . Address , v . TaggedAddresses , accept )
case structs . Nodes :
for _ , node := range v {
node . Address = a . TranslateAddress ( dc , node . Address , node . TaggedAddresses , accept )
}
case structs . ServiceNodes :
for _ , entry := range v {
entry . Address = a . TranslateAddress ( dc , entry . Address , entry . TaggedAddresses , accept )
entry . ServiceAddress = a . TranslateServiceAddress ( dc , entry . ServiceAddress , entry . ServiceTaggedAddresses , accept )
entry . ServicePort = a . TranslateServicePort ( dc , entry . ServicePort , entry . ServiceTaggedAddresses )
}
case * structs . NodeServices :
if v . Node != nil {
v . Node . Address = a . TranslateAddress ( dc , v . Node . Address , v . Node . TaggedAddresses , accept )
}
for _ , entry := range v . Services {
entry . Address = a . TranslateServiceAddress ( dc , entry . Address , entry . TaggedAddresses , accept )
entry . Port = a . TranslateServicePort ( dc , entry . Port , entry . TaggedAddresses )
}
case * structs . NodeServiceList :
if v . Node != nil {
v . Node . Address = a . TranslateAddress ( dc , v . Node . Address , v . Node . TaggedAddresses , accept )
}
for _ , entry := range v . Services {
entry . Address = a . TranslateServiceAddress ( dc , entry . Address , entry . TaggedAddresses , accept )
entry . Port = a . TranslateServicePort ( dc , entry . Port , entry . TaggedAddresses )
}
default :
panic ( fmt . Errorf ( "Unhandled type passed to address translator: %#v" , subj ) )
}
}