add support for overriding peer-exchange-port for individual hosts

This can also be used to disable PEX completely for non-unetd host entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/host.c b/host.c
index 996dbcf5982de7a0bfeff9c86eca38f920297c3b..e7a8e83a0476b2fc0e1b35daaca884db17e20713 100644 (file)
--- a/host.c
+++ b/host.c
@@ -92,6 +92,7 @@ network_host_create(struct network *net, struct blob_attr *attr)
                NETWORK_HOST_IPADDR,
                NETWORK_HOST_SUBNET,
                NETWORK_HOST_PORT,
+               NETWORK_HOST_PEX_PORT,
                NETWORK_HOST_ENDPOINT,
                NETWORK_HOST_GATEWAY,
                __NETWORK_HOST_MAX
@@ -102,6 +103,7 @@ network_host_create(struct network *net, struct blob_attr *attr)
                [NETWORK_HOST_IPADDR] = { "ipaddr", BLOBMSG_TYPE_ARRAY },
                [NETWORK_HOST_SUBNET] = { "subnet", BLOBMSG_TYPE_ARRAY },
                [NETWORK_HOST_PORT] = { "port", BLOBMSG_TYPE_INT32 },
+               [NETWORK_HOST_PEX_PORT] = { "peer-exchange-port", BLOBMSG_TYPE_INT32 },
                [NETWORK_HOST_ENDPOINT] = { "endpoint", BLOBMSG_TYPE_STRING },
                [NETWORK_HOST_GATEWAY] = { "gateway", BLOBMSG_TYPE_STRING },
        };
@@ -164,6 +166,10 @@ network_host_create(struct network *net, struct blob_attr *attr)
                peer->port = blobmsg_get_u32(cur);
        else
                peer->port = net->net_config.port;
+       if ((cur = tb[NETWORK_HOST_PEX_PORT]) != NULL)
+               peer->pex_port = blobmsg_get_u32(cur);
+       else
+               peer->pex_port = net->net_config.pex_port;
        if (endpoint)
                peer->endpoint = strcpy(endpoint_buf, endpoint);
        if (gateway)

diff --git a/host.h b/host.h
index b802d776c7088c63c0f99b92cacada22b620b13f..2f8f881d7e204fe91baf4640ef2f3193fd1db1b3 100644 (file)
--- a/host.h
+++ b/host.h
@@ -13,6 +13,7 @@ struct network_peer {
        struct blob_attr *ipaddr;
        struct blob_attr *subnet;
        int port;
+       int pex_port;
 
        struct {
                int connect_attempt;

diff --git a/pex.c b/pex.c
index 1ec140dc61175c19df36e94801c48abf84bb5ec7..62a30f48428822230739acc38a79240ccf8cc655 100644 (file)
--- a/pex.c
+++ b/pex.c
@@ -57,7 +57,7 @@ pex_get_peer_addr(struct sockaddr_in6 *sin6, struct network *net,
        *sin6 = (struct sockaddr_in6){
                .sin6_family = AF_INET6,
                .sin6_addr = peer->local_addr.in6,
-               .sin6_port = htons(net->net_config.pex_port),
+               .sin6_port = htons(peer->pex_port),
        };
 }
 
@@ -65,7 +65,8 @@ static void pex_msg_send(struct network *net, struct network_peer *peer)
 {
        struct sockaddr_in6 sin6 = {};
 
-       if (!peer || peer == &net->net_config.local_host->peer)
+       if (!peer || peer == &net->net_config.local_host->peer ||
+           !peer->pex_port)
                return;
 
        pex_get_peer_addr(&sin6, net, peer);
@@ -661,7 +662,7 @@ int network_pex_open(struct network *net)
 
        network_pex_open_auth_connect(net);
 
-       if (!local_host || !net->net_config.pex_port)
+       if (!local_host || !local_host->peer.pex_port)
                return 0;
 
        local = &local_host->peer;
@@ -675,7 +676,7 @@ int network_pex_open(struct network *net)
        sin6.sin6_family = AF_INET6;
        memcpy(&sin6.sin6_addr, &local->local_addr.in6,
               sizeof(local->local_addr.in6));
-       sin6.sin6_port = htons(net->net_config.pex_port);
+       sin6.sin6_port = htons(local_host->peer.pex_port);
 
        if (bind(fd, (struct sockaddr *)&sin6, sizeof(sin6)) < 0) {
                perror("bind");

diff --git a/scripts/unet-cli b/scripts/unet-cli
index f77f113819b6727227a2269d60c7ae0c9326fd96..535218a54617e322dd77ac213c37606d19fe4dc6 100755 (executable)
--- a/scripts/unet-cli
+++ b/scripts/unet-cli
@@ -50,11 +50,12 @@ Usage: ${basename(sourcepath())} [<flags>] <file> <command> [<args>] [<option>=<
      Options:
       - config options (create, set-config):
        port=<val>                              set tunnel port (default: ${defaults.port})
-       pex_port=<val>                          set peer-exchange port (default: ${defaults.pex_port})
+       pex_port=<val>                          set peer-exchange port (default: ${defaults.pex_port}, 0: disabled)
        keepalive=<val>                         set keepalive interval (seconds, 0: off, default: ${defaults.keepalive})
       - host options (add-host, add-ssh-host, set-host):
        key=<val>                               set host public key (required for add-host)
        port=<val>                              set host tunnel port number
+       pex_port=<val>                          set host peer-exchange port (default: network pex_port, 0: disabled)
        groups=[+|-]<val>[,<val>...]            set/add/remove groups that the host is a member of
        ipaddr=[+|-]<val>[,<val>...]            set/add/remove host ip addresses
        subnet=[+|-]<val>[,<val>...]            set/add/remove host announced subnets
@@ -224,6 +225,7 @@ function set_host(host) {
                subnet: "array",
                groups: "array",
        });
+       set_field("int", host, "peer-exchange-port", args.pex_port);
 }
 
 function set_service(service) {