diff --git a/client/firewall/iptables/manager_linux.go b/client/firewall/iptables/manager_linux.go index 574c005a923..fae41d9c5a9 100644 --- a/client/firewall/iptables/manager_linux.go +++ b/client/firewall/iptables/manager_linux.go @@ -77,7 +77,14 @@ func (m *Manager) AddPeerFiltering( return m.aclMgr.AddPeerFiltering(ip, protocol, sPort, dPort, direction, action, ipsetName) } -func (m *Manager) AddRouteFiltering(sources []netip.Prefix, destination netip.Prefix, proto firewall.Protocol, sPort *firewall.Port, dPort *firewall.Port, direction firewall.RuleDirection, action firewall.Action) (firewall.Rule, error) { +func (m *Manager) AddRouteFiltering( + sources [] netip.Prefix, + destination netip.Prefix, + proto firewall.Protocol, + sPort *firewall.Port, + dPort *firewall.Port, + action firewall.Action, +) (firewall.Rule, error) { m.mutex.Lock() defer m.mutex.Unlock() @@ -85,7 +92,7 @@ func (m *Manager) AddRouteFiltering(sources []netip.Prefix, destination netip.Pr return nil, fmt.Errorf("unsupported IP version: %s", destination.Addr().String()) } - return m.router.AddRouteFiltering(sources, destination, proto, sPort, dPort, direction, action) + return m.router.AddRouteFiltering(sources, destination, proto, sPort, dPort, action) } // DeletePeerRule from the firewall by rule definition diff --git a/client/firewall/iptables/router_linux.go b/client/firewall/iptables/router_linux.go index e5c2dc4654d..737b207854b 100644 --- a/client/firewall/iptables/router_linux.go +++ b/client/firewall/iptables/router_linux.go @@ -97,10 +97,9 @@ func (r *router) AddRouteFiltering( proto firewall.Protocol, sPort *firewall.Port, dPort *firewall.Port, - direction firewall.RuleDirection, action firewall.Action, ) (firewall.Rule, error) { - ruleKey := id.GenerateRouteRuleKey(sources, destination, proto, sPort, dPort, direction, action) + ruleKey := id.GenerateRouteRuleKey(sources, destination, proto, sPort, dPort, action) if _, ok := r.rules[string(ruleKey)]; ok { return ruleKey, nil } @@ -119,7 +118,6 @@ func (r *router) AddRouteFiltering( Proto: proto, SPort: sPort, DPort: dPort, - Direction: direction, Action: action, SetName: setName, } @@ -444,25 +442,13 @@ func genRouteFilteringRuleSpec(params routeFilteringRuleParams) []string { var rule []string if params.SetName != "" { - if params.Direction == firewall.RuleDirectionIN { - rule = append(rule, "-m", "set", matchSet, params.SetName, "src") - } else { - rule = append(rule, "-m", "set", matchSet, params.SetName, "dst") - } + rule = append(rule, "-m", "set", matchSet, params.SetName, "src") } else if len(params.Sources) > 0 { source := params.Sources[0] - if params.Direction == firewall.RuleDirectionIN { - rule = append(rule, "-s", source.String()) - } else { - rule = append(rule, "-d", source.String()) - } + rule = append(rule, "-s", source.String()) } - if params.Direction == firewall.RuleDirectionIN { - rule = append(rule, "-d", params.Destination.String()) - } else { - rule = append(rule, "-s", params.Destination.String()) - } + rule = append(rule, "-d", params.Destination.String()) if params.Proto != firewall.ProtocolALL { rule = append(rule, "-p", strings.ToLower(string(params.Proto))) diff --git a/client/firewall/iptables/router_linux_test.go b/client/firewall/iptables/router_linux_test.go index abcdcc5c837..6cede09e2b9 100644 --- a/client/firewall/iptables/router_linux_test.go +++ b/client/firewall/iptables/router_linux_test.go @@ -297,7 +297,7 @@ func TestRouter_AddRouteFiltering(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - ruleKey, err := r.AddRouteFiltering(tt.sources, tt.destination, tt.proto, tt.sPort, tt.dPort, tt.direction, tt.action) + ruleKey, err := r.AddRouteFiltering(tt.sources, tt.destination, tt.proto, tt.sPort, tt.dPort, tt.action) require.NoError(t, err, "AddRouteFiltering failed") // Check if the rule is in the internal map @@ -319,7 +319,6 @@ func TestRouter_AddRouteFiltering(t *testing.T) { Proto: tt.proto, SPort: tt.sPort, DPort: tt.dPort, - Direction: tt.direction, Action: tt.action, SetName: "", } diff --git a/client/firewall/manager/firewall.go b/client/firewall/manager/firewall.go index 833043b324f..a6185d3708e 100644 --- a/client/firewall/manager/firewall.go +++ b/client/firewall/manager/firewall.go @@ -76,7 +76,7 @@ type Manager interface { // IsServerRouteSupported returns true if the firewall supports server side routing operations IsServerRouteSupported() bool - AddRouteFiltering(source []netip.Prefix, destination netip.Prefix, proto Protocol, sPort *Port, dPort *Port, direction RuleDirection, action Action) (Rule, error) + AddRouteFiltering(source []netip.Prefix, destination netip.Prefix, proto Protocol, sPort *Port, dPort *Port, action Action) (Rule, error) // DeleteRouteRule deletes a routing rule DeleteRouteRule(rule Rule) error diff --git a/client/firewall/nftables/manager_linux.go b/client/firewall/nftables/manager_linux.go index d011461039c..d2258ae0869 100644 --- a/client/firewall/nftables/manager_linux.go +++ b/client/firewall/nftables/manager_linux.go @@ -84,7 +84,7 @@ func (m *Manager) AddPeerFiltering( return m.aclManager.AddPeerFiltering(ip, proto, sPort, dPort, direction, action, ipsetName, comment) } -func (m *Manager) AddRouteFiltering(sources []netip.Prefix, destination netip.Prefix, proto firewall.Protocol, sPort *firewall.Port, dPort *firewall.Port, direction firewall.RuleDirection, action firewall.Action) (firewall.Rule, error) { +func (m *Manager) AddRouteFiltering(sources []netip.Prefix, destination netip.Prefix, proto firewall.Protocol, sPort *firewall.Port, dPort *firewall.Port, action firewall.Action) (firewall.Rule, error) { m.mutex.Lock() defer m.mutex.Unlock() @@ -92,7 +92,7 @@ func (m *Manager) AddRouteFiltering(sources []netip.Prefix, destination netip.Pr return nil, fmt.Errorf("unsupported IP version: %s", destination.Addr().String()) } - return m.router.AddRouteFiltering(sources, destination, proto, sPort, dPort, direction, action) + return m.router.AddRouteFiltering(sources, destination, proto, sPort, dPort, action) } // DeletePeerRule from the firewall by rule definition diff --git a/client/firewall/nftables/router_linux.go b/client/firewall/nftables/router_linux.go index 180743c786a..aa61e18585f 100644 --- a/client/firewall/nftables/router_linux.go +++ b/client/firewall/nftables/router_linux.go @@ -186,10 +186,9 @@ func (r *router) AddRouteFiltering( proto firewall.Protocol, sPort *firewall.Port, dPort *firewall.Port, - direction firewall.RuleDirection, action firewall.Action, ) (firewall.Rule, error) { - ruleKey := id.GenerateRouteRuleKey(sources, destination, proto, sPort, dPort, direction, action) + ruleKey := id.GenerateRouteRuleKey(sources, destination, proto, sPort, dPort, action) if _, ok := r.rules[string(ruleKey)]; ok { return ruleKey, nil } @@ -202,7 +201,7 @@ func (r *router) AddRouteFiltering( // If it's 0.0.0.0/0, we don't need to add any source matching case len(sources) == 1: // If there's only one source, we can use it directly - exprs = append(exprs, generateCIDRMatcherExpressions(direction == firewall.RuleDirectionIN, sources[0])...) + exprs = append(exprs, generateCIDRMatcherExpressions(true, sources[0])...) default: // If there are multiple sources, create or get an ipset var err error @@ -213,7 +212,7 @@ func (r *router) AddRouteFiltering( } // Handle destination - exprs = append(exprs, generateCIDRMatcherExpressions(direction == firewall.RuleDirectionOUT, destination)...) + exprs = append(exprs, generateCIDRMatcherExpressions(false, destination)...) // Handle protocol if proto != firewall.ProtocolALL { diff --git a/client/firewall/nftables/router_linux_test.go b/client/firewall/nftables/router_linux_test.go index 837a928f3a8..bbf92f3beaf 100644 --- a/client/firewall/nftables/router_linux_test.go +++ b/client/firewall/nftables/router_linux_test.go @@ -311,7 +311,7 @@ func TestRouter_AddRouteFiltering(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - ruleKey, err := r.AddRouteFiltering(tt.sources, tt.destination, tt.proto, tt.sPort, tt.dPort, tt.direction, tt.action) + ruleKey, err := r.AddRouteFiltering(tt.sources, tt.destination, tt.proto, tt.sPort, tt.dPort, tt.action) require.NoError(t, err, "AddRouteFiltering failed") // Check if the rule is in the internal map diff --git a/client/firewall/uspfilter/uspfilter.go b/client/firewall/uspfilter/uspfilter.go index 4d635dc2039..681058ea949 100644 --- a/client/firewall/uspfilter/uspfilter.go +++ b/client/firewall/uspfilter/uspfilter.go @@ -189,11 +189,11 @@ func (m *Manager) AddPeerFiltering( return []firewall.Rule{&r}, nil } -func (m *Manager) AddRouteFiltering(sources []netip.Prefix, destination netip.Prefix, proto firewall.Protocol, sPort *firewall.Port, dPort *firewall.Port, direction firewall.RuleDirection, action firewall.Action) (firewall.Rule, error) { +func (m *Manager) AddRouteFiltering(sources [] netip.Prefix, destination netip.Prefix, proto firewall.Protocol, sPort *firewall.Port, dPort *firewall.Port, action firewall.Action ) (firewall.Rule, error) { if m.nativeFirewall == nil { return nil, errRouteNotSupported } - return m.nativeFirewall.AddRouteFiltering(sources, destination, proto, sPort, dPort, direction, action) + return m.nativeFirewall.AddRouteFiltering(sources, destination, proto, sPort, dPort, action) } func (m *Manager) DeleteRouteRule(rule firewall.Rule) error { diff --git a/client/internal/acl/id/id.go b/client/internal/acl/id/id.go index f22d484572d..e27fce439fc 100644 --- a/client/internal/acl/id/id.go +++ b/client/internal/acl/id/id.go @@ -13,6 +13,13 @@ func (r RuleID) GetRuleID() string { return string(r) } -func GenerateRouteRuleKey(sources []netip.Prefix, destination netip.Prefix, proto manager.Protocol, sPort *manager.Port, dPort *manager.Port, direction manager.RuleDirection, action manager.Action) RuleID { - return RuleID(fmt.Sprintf("%s-%s-%s-%s-%s-%d-%d", sources, destination, proto, sPort, dPort, direction, action)) +func GenerateRouteRuleKey( + sources []netip.Prefix, + destination netip.Prefix, + proto manager.Protocol, + sPort *manager.Port, + dPort *manager.Port, + action manager.Action, +) RuleID { + return RuleID(fmt.Sprintf("%s-%s-%s-%s-%s-%d", sources, destination, proto, sPort, dPort, action)) } diff --git a/client/internal/acl/manager.go b/client/internal/acl/manager.go index a78299412cb..ce2a12af16f 100644 --- a/client/internal/acl/manager.go +++ b/client/internal/acl/manager.go @@ -225,17 +225,8 @@ func (d *DefaultManager) applyRouteACL(rule *mgmProto.RouteFirewallRule) (id.Rul } dPorts := convertPortInfo(rule.PortInfo) - direction := firewall.RuleDirection(rule.Direction) - - addedRule, err := d.firewall.AddRouteFiltering( - sources, - destination, - protocol, - nil, - dPorts, - direction, - action, - ) + + addedRule, err := d.firewall.AddRouteFiltering(sources, destination, protocol, nil, dPorts, action) if err != nil { return "", fmt.Errorf("add route rule: %w", err) } diff --git a/management/proto/management.pb.go b/management/proto/management.pb.go index 6cd324b22ae..672b2a10228 100644 --- a/management/proto/management.pb.go +++ b/management/proto/management.pb.go @@ -266,58 +266,6 @@ func (DeviceAuthorizationFlowProvider) EnumDescriptor() ([]byte, []int) { return file_management_proto_rawDescGZIP(), []int{21, 0} } -type RouteFirewallRule_NetworkType int32 - -const ( - RouteFirewallRule_UNKNOWN RouteFirewallRule_NetworkType = 0 - RouteFirewallRule_IPV4 RouteFirewallRule_NetworkType = 1 - RouteFirewallRule_IPV6 RouteFirewallRule_NetworkType = 2 - RouteFirewallRule_Domain RouteFirewallRule_NetworkType = 3 -) - -// Enum value maps for RouteFirewallRule_NetworkType. -var ( - RouteFirewallRule_NetworkType_name = map[int32]string{ - 0: "UNKNOWN", - 1: "IPV4", - 2: "IPV6", - 3: "Domain", - } - RouteFirewallRule_NetworkType_value = map[string]int32{ - "UNKNOWN": 0, - "IPV4": 1, - "IPV6": 2, - "Domain": 3, - } -) - -func (x RouteFirewallRule_NetworkType) Enum() *RouteFirewallRule_NetworkType { - p := new(RouteFirewallRule_NetworkType) - *p = x - return p -} - -func (x RouteFirewallRule_NetworkType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (RouteFirewallRule_NetworkType) Descriptor() protoreflect.EnumDescriptor { - return file_management_proto_enumTypes[5].Descriptor() -} - -func (RouteFirewallRule_NetworkType) Type() protoreflect.EnumType { - return &file_management_proto_enumTypes[5] -} - -func (x RouteFirewallRule_NetworkType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use RouteFirewallRule_NetworkType.Descriptor instead. -func (RouteFirewallRule_NetworkType) EnumDescriptor() ([]byte, []int) { - return file_management_proto_rawDescGZIP(), []int{35, 0} -} - type EncryptedMessage struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2822,20 +2770,16 @@ type RouteFirewallRule struct { // sourceRanges IP ranges of the routing peers. SourceRanges []string `protobuf:"bytes,1,rep,name=sourceRanges,proto3" json:"sourceRanges,omitempty"` - // Direction of the firewall. - Direction RuleDirection `protobuf:"varint,2,opt,name=direction,proto3,enum=management.RuleDirection" json:"direction,omitempty"` // Action to be taken by the firewall when the rule is applicable. - Action RuleAction `protobuf:"varint,3,opt,name=action,proto3,enum=management.RuleAction" json:"action,omitempty"` - // NetworkType of the routed network. - NetworkType RouteFirewallRule_NetworkType `protobuf:"varint,4,opt,name=networkType,proto3,enum=management.RouteFirewallRule_NetworkType" json:"networkType,omitempty"` + Action RuleAction `protobuf:"varint,2,opt,name=action,proto3,enum=management.RuleAction" json:"action,omitempty"` // Network prefix for the routed network. - Destination string `protobuf:"bytes,5,opt,name=destination,proto3" json:"destination,omitempty"` + Destination string `protobuf:"bytes,3,opt,name=destination,proto3" json:"destination,omitempty"` // Protocol of the routed network. - Protocol RuleProtocol `protobuf:"varint,6,opt,name=protocol,proto3,enum=management.RuleProtocol" json:"protocol,omitempty"` + Protocol RuleProtocol `protobuf:"varint,4,opt,name=protocol,proto3,enum=management.RuleProtocol" json:"protocol,omitempty"` // Details about the port. - PortInfo *PortInfo `protobuf:"bytes,7,opt,name=portInfo,proto3" json:"portInfo,omitempty"` - // IsDynamic indicate if the route is DNS route. - IsDynamic bool `protobuf:"varint,8,opt,name=isDynamic,proto3" json:"isDynamic,omitempty"` + PortInfo *PortInfo `protobuf:"bytes,5,opt,name=portInfo,proto3" json:"portInfo,omitempty"` + // IsDynamic indicates if the route is a DNS route. + IsDynamic bool `protobuf:"varint,6,opt,name=isDynamic,proto3" json:"isDynamic,omitempty"` } func (x *RouteFirewallRule) Reset() { @@ -2877,13 +2821,6 @@ func (x *RouteFirewallRule) GetSourceRanges() []string { return nil } -func (x *RouteFirewallRule) GetDirection() RuleDirection { - if x != nil { - return x.Direction - } - return RuleDirection_IN -} - func (x *RouteFirewallRule) GetAction() RuleAction { if x != nil { return x.Action @@ -2891,13 +2828,6 @@ func (x *RouteFirewallRule) GetAction() RuleAction { return RuleAction_ACCEPT } -func (x *RouteFirewallRule) GetNetworkType() RouteFirewallRule_NetworkType { - if x != nil { - return x.NetworkType - } - return RouteFirewallRule_UNKNOWN -} - func (x *RouteFirewallRule) GetDestination() string { if x != nil { return x.Destination @@ -3336,79 +3266,67 @@ var file_management_proto_rawDesc = []byte{ 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x42, 0x0f, 0x0a, 0x0d, 0x70, 0x6f, 0x72, - 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xd1, 0x03, 0x0a, 0x11, 0x52, + 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x8f, 0x02, 0x0a, 0x11, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x61, - 0x6e, 0x67, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, - 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x75, 0x6c, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, - 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x75, 0x6c, 0x65, 0x41, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4b, 0x0a, - 0x0b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, - 0x52, 0x6f, 0x75, 0x74, 0x65, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, - 0x65, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0b, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, - 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x08, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, - 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x75, 0x6c, 0x65, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x12, 0x30, 0x0a, 0x08, 0x70, 0x6f, 0x72, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, - 0x74, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x08, 0x70, 0x6f, 0x72, 0x74, - 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x73, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, - 0x63, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x44, 0x79, 0x6e, 0x61, 0x6d, - 0x69, 0x63, 0x22, 0x3a, 0x0a, 0x0b, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x54, 0x79, 0x70, - 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x08, - 0x0a, 0x04, 0x49, 0x50, 0x56, 0x34, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x49, 0x50, 0x56, 0x36, - 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x10, 0x03, 0x2a, 0x40, - 0x0a, 0x0c, 0x52, 0x75, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0b, - 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x41, - 0x4c, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x02, 0x12, 0x07, 0x0a, - 0x03, 0x55, 0x44, 0x50, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x49, 0x43, 0x4d, 0x50, 0x10, 0x04, - 0x2a, 0x20, 0x0a, 0x0d, 0x52, 0x75, 0x6c, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x06, 0x0a, 0x02, 0x49, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x55, 0x54, - 0x10, 0x01, 0x2a, 0x22, 0x0a, 0x0a, 0x52, 0x75, 0x6c, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x43, 0x45, 0x50, 0x54, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, - 0x44, 0x52, 0x4f, 0x50, 0x10, 0x01, 0x32, 0x90, 0x04, 0x0a, 0x11, 0x4d, 0x61, 0x6e, 0x61, 0x67, - 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x45, 0x0a, 0x05, - 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, - 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, + 0x6e, 0x67, 0x65, 0x73, 0x12, 0x2e, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, + 0x74, 0x2e, 0x52, 0x75, 0x6c, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, + 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, + 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x75, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, + 0x6f, 0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x30, 0x0a, 0x08, + 0x70, 0x6f, 0x72, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, + 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x6f, 0x72, 0x74, + 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x08, 0x70, 0x6f, 0x72, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1c, + 0x0a, 0x09, 0x69, 0x73, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x09, 0x69, 0x73, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x2a, 0x40, 0x0a, 0x0c, + 0x52, 0x75, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0b, 0x0a, 0x07, + 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4c, 0x4c, + 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x02, 0x12, 0x07, 0x0a, 0x03, 0x55, + 0x44, 0x50, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x49, 0x43, 0x4d, 0x50, 0x10, 0x04, 0x2a, 0x20, + 0x0a, 0x0d, 0x52, 0x75, 0x6c, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x06, 0x0a, 0x02, 0x49, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x55, 0x54, 0x10, 0x01, + 0x2a, 0x22, 0x0a, 0x0a, 0x52, 0x75, 0x6c, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0a, + 0x0a, 0x06, 0x41, 0x43, 0x43, 0x45, 0x50, 0x54, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x52, + 0x4f, 0x50, 0x10, 0x01, 0x32, 0x90, 0x04, 0x0a, 0x11, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, + 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x45, 0x0a, 0x05, 0x4c, 0x6f, + 0x67, 0x69, 0x6e, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x04, 0x53, 0x79, 0x6e, 0x63, 0x12, 0x1c, 0x2e, 0x6d, 0x61, - 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, - 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, + 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, + 0x00, 0x12, 0x46, 0x0a, 0x04, 0x53, 0x79, 0x6e, 0x63, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, - 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x0c, 0x47, - 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x12, 0x11, 0x2e, 0x6d, 0x61, - 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1d, - 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, - 0x33, 0x0a, 0x09, 0x69, 0x73, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x79, 0x12, 0x11, 0x2e, 0x6d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, - 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, - 0x74, 0x79, 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x1a, 0x47, 0x65, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, - 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, - 0x6f, 0x77, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, - 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, - 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, - 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, - 0x12, 0x58, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x50, 0x4b, 0x43, 0x45, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x1c, 0x2e, 0x6d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, - 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, + 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, + 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, + 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x0c, 0x47, 0x65, 0x74, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x12, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, + 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1d, 0x2e, 0x6d, + 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, + 0x09, 0x69, 0x73, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x79, 0x12, 0x11, 0x2e, 0x6d, 0x61, 0x6e, + 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x11, 0x2e, + 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, + 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x1a, 0x47, 0x65, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, + 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, + 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, + 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x12, 0x58, + 0x0a, 0x18, 0x47, 0x65, 0x74, 0x50, 0x4b, 0x43, 0x45, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, - 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x08, 0x53, 0x79, - 0x6e, 0x63, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, - 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, - 0x73, 0x61, 0x67, 0x65, 0x1a, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, - 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, + 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x08, 0x53, 0x79, 0x6e, 0x63, + 0x4d, 0x65, 0x74, 0x61, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, + 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, + 0x67, 0x65, 0x1a, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, + 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -3423,7 +3341,7 @@ func file_management_proto_rawDescGZIP() []byte { return file_management_proto_rawDescData } -var file_management_proto_enumTypes = make([]protoimpl.EnumInfo, 6) +var file_management_proto_enumTypes = make([]protoimpl.EnumInfo, 5) var file_management_proto_msgTypes = make([]protoimpl.MessageInfo, 37) var file_management_proto_goTypes = []interface{}{ (RuleProtocol)(0), // 0: management.RuleProtocol @@ -3431,113 +3349,110 @@ var file_management_proto_goTypes = []interface{}{ (RuleAction)(0), // 2: management.RuleAction (HostConfig_Protocol)(0), // 3: management.HostConfig.Protocol (DeviceAuthorizationFlowProvider)(0), // 4: management.DeviceAuthorizationFlow.provider - (RouteFirewallRule_NetworkType)(0), // 5: management.RouteFirewallRule.NetworkType - (*EncryptedMessage)(nil), // 6: management.EncryptedMessage - (*SyncRequest)(nil), // 7: management.SyncRequest - (*SyncResponse)(nil), // 8: management.SyncResponse - (*SyncMetaRequest)(nil), // 9: management.SyncMetaRequest - (*LoginRequest)(nil), // 10: management.LoginRequest - (*PeerKeys)(nil), // 11: management.PeerKeys - (*Environment)(nil), // 12: management.Environment - (*File)(nil), // 13: management.File - (*PeerSystemMeta)(nil), // 14: management.PeerSystemMeta - (*LoginResponse)(nil), // 15: management.LoginResponse - (*ServerKeyResponse)(nil), // 16: management.ServerKeyResponse - (*Empty)(nil), // 17: management.Empty - (*WiretrusteeConfig)(nil), // 18: management.WiretrusteeConfig - (*HostConfig)(nil), // 19: management.HostConfig - (*RelayConfig)(nil), // 20: management.RelayConfig - (*ProtectedHostConfig)(nil), // 21: management.ProtectedHostConfig - (*PeerConfig)(nil), // 22: management.PeerConfig - (*NetworkMap)(nil), // 23: management.NetworkMap - (*RemotePeerConfig)(nil), // 24: management.RemotePeerConfig - (*SSHConfig)(nil), // 25: management.SSHConfig - (*DeviceAuthorizationFlowRequest)(nil), // 26: management.DeviceAuthorizationFlowRequest - (*DeviceAuthorizationFlow)(nil), // 27: management.DeviceAuthorizationFlow - (*PKCEAuthorizationFlowRequest)(nil), // 28: management.PKCEAuthorizationFlowRequest - (*PKCEAuthorizationFlow)(nil), // 29: management.PKCEAuthorizationFlow - (*ProviderConfig)(nil), // 30: management.ProviderConfig - (*Route)(nil), // 31: management.Route - (*DNSConfig)(nil), // 32: management.DNSConfig - (*CustomZone)(nil), // 33: management.CustomZone - (*SimpleRecord)(nil), // 34: management.SimpleRecord - (*NameServerGroup)(nil), // 35: management.NameServerGroup - (*NameServer)(nil), // 36: management.NameServer - (*FirewallRule)(nil), // 37: management.FirewallRule - (*NetworkAddress)(nil), // 38: management.NetworkAddress - (*Checks)(nil), // 39: management.Checks - (*PortInfo)(nil), // 40: management.PortInfo - (*RouteFirewallRule)(nil), // 41: management.RouteFirewallRule - (*PortInfo_Range)(nil), // 42: management.PortInfo.Range - (*timestamppb.Timestamp)(nil), // 43: google.protobuf.Timestamp + (*EncryptedMessage)(nil), // 5: management.EncryptedMessage + (*SyncRequest)(nil), // 6: management.SyncRequest + (*SyncResponse)(nil), // 7: management.SyncResponse + (*SyncMetaRequest)(nil), // 8: management.SyncMetaRequest + (*LoginRequest)(nil), // 9: management.LoginRequest + (*PeerKeys)(nil), // 10: management.PeerKeys + (*Environment)(nil), // 11: management.Environment + (*File)(nil), // 12: management.File + (*PeerSystemMeta)(nil), // 13: management.PeerSystemMeta + (*LoginResponse)(nil), // 14: management.LoginResponse + (*ServerKeyResponse)(nil), // 15: management.ServerKeyResponse + (*Empty)(nil), // 16: management.Empty + (*WiretrusteeConfig)(nil), // 17: management.WiretrusteeConfig + (*HostConfig)(nil), // 18: management.HostConfig + (*RelayConfig)(nil), // 19: management.RelayConfig + (*ProtectedHostConfig)(nil), // 20: management.ProtectedHostConfig + (*PeerConfig)(nil), // 21: management.PeerConfig + (*NetworkMap)(nil), // 22: management.NetworkMap + (*RemotePeerConfig)(nil), // 23: management.RemotePeerConfig + (*SSHConfig)(nil), // 24: management.SSHConfig + (*DeviceAuthorizationFlowRequest)(nil), // 25: management.DeviceAuthorizationFlowRequest + (*DeviceAuthorizationFlow)(nil), // 26: management.DeviceAuthorizationFlow + (*PKCEAuthorizationFlowRequest)(nil), // 27: management.PKCEAuthorizationFlowRequest + (*PKCEAuthorizationFlow)(nil), // 28: management.PKCEAuthorizationFlow + (*ProviderConfig)(nil), // 29: management.ProviderConfig + (*Route)(nil), // 30: management.Route + (*DNSConfig)(nil), // 31: management.DNSConfig + (*CustomZone)(nil), // 32: management.CustomZone + (*SimpleRecord)(nil), // 33: management.SimpleRecord + (*NameServerGroup)(nil), // 34: management.NameServerGroup + (*NameServer)(nil), // 35: management.NameServer + (*FirewallRule)(nil), // 36: management.FirewallRule + (*NetworkAddress)(nil), // 37: management.NetworkAddress + (*Checks)(nil), // 38: management.Checks + (*PortInfo)(nil), // 39: management.PortInfo + (*RouteFirewallRule)(nil), // 40: management.RouteFirewallRule + (*PortInfo_Range)(nil), // 41: management.PortInfo.Range + (*timestamppb.Timestamp)(nil), // 42: google.protobuf.Timestamp } var file_management_proto_depIdxs = []int32{ - 14, // 0: management.SyncRequest.meta:type_name -> management.PeerSystemMeta - 18, // 1: management.SyncResponse.wiretrusteeConfig:type_name -> management.WiretrusteeConfig - 22, // 2: management.SyncResponse.peerConfig:type_name -> management.PeerConfig - 24, // 3: management.SyncResponse.remotePeers:type_name -> management.RemotePeerConfig - 23, // 4: management.SyncResponse.NetworkMap:type_name -> management.NetworkMap - 39, // 5: management.SyncResponse.Checks:type_name -> management.Checks - 14, // 6: management.SyncMetaRequest.meta:type_name -> management.PeerSystemMeta - 14, // 7: management.LoginRequest.meta:type_name -> management.PeerSystemMeta - 11, // 8: management.LoginRequest.peerKeys:type_name -> management.PeerKeys - 38, // 9: management.PeerSystemMeta.networkAddresses:type_name -> management.NetworkAddress - 12, // 10: management.PeerSystemMeta.environment:type_name -> management.Environment - 13, // 11: management.PeerSystemMeta.files:type_name -> management.File - 18, // 12: management.LoginResponse.wiretrusteeConfig:type_name -> management.WiretrusteeConfig - 22, // 13: management.LoginResponse.peerConfig:type_name -> management.PeerConfig - 39, // 14: management.LoginResponse.Checks:type_name -> management.Checks - 43, // 15: management.ServerKeyResponse.expiresAt:type_name -> google.protobuf.Timestamp - 19, // 16: management.WiretrusteeConfig.stuns:type_name -> management.HostConfig - 21, // 17: management.WiretrusteeConfig.turns:type_name -> management.ProtectedHostConfig - 19, // 18: management.WiretrusteeConfig.signal:type_name -> management.HostConfig - 20, // 19: management.WiretrusteeConfig.relay:type_name -> management.RelayConfig + 13, // 0: management.SyncRequest.meta:type_name -> management.PeerSystemMeta + 17, // 1: management.SyncResponse.wiretrusteeConfig:type_name -> management.WiretrusteeConfig + 21, // 2: management.SyncResponse.peerConfig:type_name -> management.PeerConfig + 23, // 3: management.SyncResponse.remotePeers:type_name -> management.RemotePeerConfig + 22, // 4: management.SyncResponse.NetworkMap:type_name -> management.NetworkMap + 38, // 5: management.SyncResponse.Checks:type_name -> management.Checks + 13, // 6: management.SyncMetaRequest.meta:type_name -> management.PeerSystemMeta + 13, // 7: management.LoginRequest.meta:type_name -> management.PeerSystemMeta + 10, // 8: management.LoginRequest.peerKeys:type_name -> management.PeerKeys + 37, // 9: management.PeerSystemMeta.networkAddresses:type_name -> management.NetworkAddress + 11, // 10: management.PeerSystemMeta.environment:type_name -> management.Environment + 12, // 11: management.PeerSystemMeta.files:type_name -> management.File + 17, // 12: management.LoginResponse.wiretrusteeConfig:type_name -> management.WiretrusteeConfig + 21, // 13: management.LoginResponse.peerConfig:type_name -> management.PeerConfig + 38, // 14: management.LoginResponse.Checks:type_name -> management.Checks + 42, // 15: management.ServerKeyResponse.expiresAt:type_name -> google.protobuf.Timestamp + 18, // 16: management.WiretrusteeConfig.stuns:type_name -> management.HostConfig + 20, // 17: management.WiretrusteeConfig.turns:type_name -> management.ProtectedHostConfig + 18, // 18: management.WiretrusteeConfig.signal:type_name -> management.HostConfig + 19, // 19: management.WiretrusteeConfig.relay:type_name -> management.RelayConfig 3, // 20: management.HostConfig.protocol:type_name -> management.HostConfig.Protocol - 19, // 21: management.ProtectedHostConfig.hostConfig:type_name -> management.HostConfig - 25, // 22: management.PeerConfig.sshConfig:type_name -> management.SSHConfig - 22, // 23: management.NetworkMap.peerConfig:type_name -> management.PeerConfig - 24, // 24: management.NetworkMap.remotePeers:type_name -> management.RemotePeerConfig - 31, // 25: management.NetworkMap.Routes:type_name -> management.Route - 32, // 26: management.NetworkMap.DNSConfig:type_name -> management.DNSConfig - 24, // 27: management.NetworkMap.offlinePeers:type_name -> management.RemotePeerConfig - 37, // 28: management.NetworkMap.FirewallRules:type_name -> management.FirewallRule - 41, // 29: management.NetworkMap.routesFirewallRules:type_name -> management.RouteFirewallRule - 25, // 30: management.RemotePeerConfig.sshConfig:type_name -> management.SSHConfig + 18, // 21: management.ProtectedHostConfig.hostConfig:type_name -> management.HostConfig + 24, // 22: management.PeerConfig.sshConfig:type_name -> management.SSHConfig + 21, // 23: management.NetworkMap.peerConfig:type_name -> management.PeerConfig + 23, // 24: management.NetworkMap.remotePeers:type_name -> management.RemotePeerConfig + 30, // 25: management.NetworkMap.Routes:type_name -> management.Route + 31, // 26: management.NetworkMap.DNSConfig:type_name -> management.DNSConfig + 23, // 27: management.NetworkMap.offlinePeers:type_name -> management.RemotePeerConfig + 36, // 28: management.NetworkMap.FirewallRules:type_name -> management.FirewallRule + 40, // 29: management.NetworkMap.routesFirewallRules:type_name -> management.RouteFirewallRule + 24, // 30: management.RemotePeerConfig.sshConfig:type_name -> management.SSHConfig 4, // 31: management.DeviceAuthorizationFlow.Provider:type_name -> management.DeviceAuthorizationFlow.provider - 30, // 32: management.DeviceAuthorizationFlow.ProviderConfig:type_name -> management.ProviderConfig - 30, // 33: management.PKCEAuthorizationFlow.ProviderConfig:type_name -> management.ProviderConfig - 35, // 34: management.DNSConfig.NameServerGroups:type_name -> management.NameServerGroup - 33, // 35: management.DNSConfig.CustomZones:type_name -> management.CustomZone - 34, // 36: management.CustomZone.Records:type_name -> management.SimpleRecord - 36, // 37: management.NameServerGroup.NameServers:type_name -> management.NameServer + 29, // 32: management.DeviceAuthorizationFlow.ProviderConfig:type_name -> management.ProviderConfig + 29, // 33: management.PKCEAuthorizationFlow.ProviderConfig:type_name -> management.ProviderConfig + 34, // 34: management.DNSConfig.NameServerGroups:type_name -> management.NameServerGroup + 32, // 35: management.DNSConfig.CustomZones:type_name -> management.CustomZone + 33, // 36: management.CustomZone.Records:type_name -> management.SimpleRecord + 35, // 37: management.NameServerGroup.NameServers:type_name -> management.NameServer 1, // 38: management.FirewallRule.Direction:type_name -> management.RuleDirection 2, // 39: management.FirewallRule.Action:type_name -> management.RuleAction 0, // 40: management.FirewallRule.Protocol:type_name -> management.RuleProtocol - 42, // 41: management.PortInfo.range:type_name -> management.PortInfo.Range - 1, // 42: management.RouteFirewallRule.direction:type_name -> management.RuleDirection - 2, // 43: management.RouteFirewallRule.action:type_name -> management.RuleAction - 5, // 44: management.RouteFirewallRule.networkType:type_name -> management.RouteFirewallRule.NetworkType - 0, // 45: management.RouteFirewallRule.protocol:type_name -> management.RuleProtocol - 40, // 46: management.RouteFirewallRule.portInfo:type_name -> management.PortInfo - 6, // 47: management.ManagementService.Login:input_type -> management.EncryptedMessage - 6, // 48: management.ManagementService.Sync:input_type -> management.EncryptedMessage - 17, // 49: management.ManagementService.GetServerKey:input_type -> management.Empty - 17, // 50: management.ManagementService.isHealthy:input_type -> management.Empty - 6, // 51: management.ManagementService.GetDeviceAuthorizationFlow:input_type -> management.EncryptedMessage - 6, // 52: management.ManagementService.GetPKCEAuthorizationFlow:input_type -> management.EncryptedMessage - 6, // 53: management.ManagementService.SyncMeta:input_type -> management.EncryptedMessage - 6, // 54: management.ManagementService.Login:output_type -> management.EncryptedMessage - 6, // 55: management.ManagementService.Sync:output_type -> management.EncryptedMessage - 16, // 56: management.ManagementService.GetServerKey:output_type -> management.ServerKeyResponse - 17, // 57: management.ManagementService.isHealthy:output_type -> management.Empty - 6, // 58: management.ManagementService.GetDeviceAuthorizationFlow:output_type -> management.EncryptedMessage - 6, // 59: management.ManagementService.GetPKCEAuthorizationFlow:output_type -> management.EncryptedMessage - 17, // 60: management.ManagementService.SyncMeta:output_type -> management.Empty - 54, // [54:61] is the sub-list for method output_type - 47, // [47:54] is the sub-list for method input_type - 47, // [47:47] is the sub-list for extension type_name - 47, // [47:47] is the sub-list for extension extendee - 0, // [0:47] is the sub-list for field type_name + 41, // 41: management.PortInfo.range:type_name -> management.PortInfo.Range + 2, // 42: management.RouteFirewallRule.action:type_name -> management.RuleAction + 0, // 43: management.RouteFirewallRule.protocol:type_name -> management.RuleProtocol + 39, // 44: management.RouteFirewallRule.portInfo:type_name -> management.PortInfo + 5, // 45: management.ManagementService.Login:input_type -> management.EncryptedMessage + 5, // 46: management.ManagementService.Sync:input_type -> management.EncryptedMessage + 16, // 47: management.ManagementService.GetServerKey:input_type -> management.Empty + 16, // 48: management.ManagementService.isHealthy:input_type -> management.Empty + 5, // 49: management.ManagementService.GetDeviceAuthorizationFlow:input_type -> management.EncryptedMessage + 5, // 50: management.ManagementService.GetPKCEAuthorizationFlow:input_type -> management.EncryptedMessage + 5, // 51: management.ManagementService.SyncMeta:input_type -> management.EncryptedMessage + 5, // 52: management.ManagementService.Login:output_type -> management.EncryptedMessage + 5, // 53: management.ManagementService.Sync:output_type -> management.EncryptedMessage + 15, // 54: management.ManagementService.GetServerKey:output_type -> management.ServerKeyResponse + 16, // 55: management.ManagementService.isHealthy:output_type -> management.Empty + 5, // 56: management.ManagementService.GetDeviceAuthorizationFlow:output_type -> management.EncryptedMessage + 5, // 57: management.ManagementService.GetPKCEAuthorizationFlow:output_type -> management.EncryptedMessage + 16, // 58: management.ManagementService.SyncMeta:output_type -> management.Empty + 52, // [52:59] is the sub-list for method output_type + 45, // [45:52] is the sub-list for method input_type + 45, // [45:45] is the sub-list for extension type_name + 45, // [45:45] is the sub-list for extension extendee + 0, // [0:45] is the sub-list for field type_name } func init() { file_management_proto_init() } @@ -4000,7 +3915,7 @@ func file_management_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_management_proto_rawDesc, - NumEnums: 6, + NumEnums: 5, NumMessages: 37, NumExtensions: 0, NumServices: 1, diff --git a/management/proto/management.proto b/management/proto/management.proto index 9b93440e9e3..fe6a828b1e5 100644 --- a/management/proto/management.proto +++ b/management/proto/management.proto @@ -443,34 +443,21 @@ message PortInfo { // RouteFirewallRule signifies a firewall rule applicable for a routed network. message RouteFirewallRule { // sourceRanges IP ranges of the routing peers. - repeated string sourceRanges = 1; - - // Direction of the firewall. - RuleDirection direction = 2; + repeated string sourceRanges = 1; // Action to be taken by the firewall when the rule is applicable. - RuleAction action = 3; - - // NetworkType of the routed network. - NetworkType networkType = 4; + RuleAction action = 2; // Network prefix for the routed network. - string destination = 5; + string destination = 3; // Protocol of the routed network. - RuleProtocol protocol = 6; + RuleProtocol protocol = 4; // Details about the port. - PortInfo portInfo = 7; + PortInfo portInfo = 5; - // IsDynamic indicate if the route is DNS route. - bool isDynamic = 8; - - enum NetworkType { - UNKNOWN = 0; - IPV4 = 1; - IPV6 = 2; - Domain = 3; - } + // IsDynamic indicates if the route is a DNS route. + bool isDynamic = 6; } diff --git a/management/server/route.go b/management/server/route.go index e68c0a138ed..4b1c5ffbfe8 100644 --- a/management/server/route.go +++ b/management/server/route.go @@ -26,9 +26,6 @@ type RouteFirewallRule struct { // SourceRanges IP ranges of the routing peers. SourceRanges []string - // Direction of the traffic - Direction int - // Action of the traffic when the rule is applicable Action string @@ -38,9 +35,6 @@ type RouteFirewallRule struct { // Protocol of the traffic Protocol string - // NetworkType string - NetworkType int - // Port of the traffic Port uint16 @@ -458,11 +452,9 @@ func getDefaultPermit(route *route.Route) []*RouteFirewallRule { } rule := RouteFirewallRule{ SourceRanges: sources, - Direction: firewallRuleDirectionIN, Action: string(PolicyTrafficActionAccept), Destination: route.Network.String(), Protocol: string(PolicyRuleProtocolALL), - NetworkType: int(route.NetworkType), IsDynamic: route.IsDynamic(), } @@ -519,11 +511,9 @@ func generateRouteFirewallRules(ctx context.Context, route *route.Route, rule *P baseRule := RouteFirewallRule{ SourceRanges: sourceRanges, - Direction: direction, Action: string(rule.Action), Destination: route.Network.String(), Protocol: string(rule.Protocol), - NetworkType: int(route.NetworkType), IsDynamic: route.IsDynamic(), } @@ -605,9 +595,7 @@ func toProtocolRoutesFirewallRules(rules []*RouteFirewallRule) []*proto.RouteFir rule := rules[i] result[i] = &proto.RouteFirewallRule{ SourceRanges: rule.SourceRanges, - Direction: getProtoDirection(rule.Direction), Action: getProtoAction(rule.Action), - NetworkType: getProtoNetworkType(rule.NetworkType), Destination: rule.Destination, Protocol: getProtoProtocol(rule.Protocol), PortInfo: getProtoPortInfo(rule), @@ -650,20 +638,6 @@ func getProtoProtocol(protocol string) proto.RuleProtocol { } } -// getProtoNetworkType converts the network type to proto.RouteFirewallRule_NetworkType. -func getProtoNetworkType(networkType int) proto.RouteFirewallRule_NetworkType { - switch route.NetworkType(networkType) { - case route.IPv4Network: - return proto.RouteFirewallRule_IPV4 - case route.IPv6Network: - return proto.RouteFirewallRule_IPV6 - case route.DomainNetwork: - return proto.RouteFirewallRule_Domain - default: - return proto.RouteFirewallRule_UNKNOWN - } -} - // getProtoPortInfo converts the port info to proto.PortInfo. func getProtoPortInfo(rule *RouteFirewallRule) *proto.PortInfo { var portInfo proto.PortInfo diff --git a/management/server/route_test.go b/management/server/route_test.go index 91f2abe3285..52bb8767809 100644 --- a/management/server/route_test.go +++ b/management/server/route_test.go @@ -1718,11 +1718,9 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) { fmt.Sprintf(AllowedIPsFormat, peerHIp), fmt.Sprintf(AllowedIPsFormat, peerBIp), }, - Direction: firewallRuleDirectionIN, Action: "accept", Destination: "192.168.0.0/16", Protocol: "all", - NetworkType: int(route.IPv4Network), Port: 80, }, { @@ -1731,11 +1729,9 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) { fmt.Sprintf(AllowedIPsFormat, peerHIp), fmt.Sprintf(AllowedIPsFormat, peerBIp), }, - Direction: firewallRuleDirectionIN, Action: "accept", Destination: "192.168.0.0/16", Protocol: "all", - NetworkType: int(route.IPv4Network), Port: 320, }, } @@ -1753,29 +1749,23 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) { expectedRoutesFirewallRules = []*RouteFirewallRule{ { SourceRanges: []string{"100.65.250.202/32", "100.65.13.186/32"}, - Direction: firewallRuleDirectionIN, Action: "accept", Destination: existingNetwork.String(), Protocol: "tcp", - NetworkType: int(route.IPv4Network), PortRange: RulePortRange{Start: 80, End: 350}, }, { SourceRanges: []string{"0.0.0.0/0"}, - Direction: firewallRuleDirectionIN, Action: "accept", Destination: "192.0.2.0/32", Protocol: "all", - NetworkType: int(route.DomainNetwork), IsDynamic: true, }, { SourceRanges: []string{"::/0"}, - Direction: firewallRuleDirectionIN, Action: "accept", Destination: "192.0.2.0/32", Protocol: "all", - NetworkType: int(route.DomainNetwork), IsDynamic: true, }, }