From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 1A9EC1FF14F for ; Wed, 17 Jun 2026 13:10:57 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 95C8F1F88C; Wed, 17 Jun 2026 13:10:37 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Subject: [PATCH proxmox-ve-rs 09/13] fabric: wireguard: add helper for findings peer based on endpoint Date: Wed, 17 Jun 2026 13:10:06 +0200 Message-ID: <20260617111012.312710-10-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260617111012.312710-1-s.hanreich@proxmox.com> References: <20260617111012.312710-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1781694568927 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.597 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: QIPZA7OFUG4B5QQFT4SES4UZMPF2GTR7 X-Message-ID-Hash: QIPZA7OFUG4B5QQFT4SES4UZMPF2GTR7 X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This function will be used by the status reporting, which requires the ability to match an entry from the dump output to the respective node in the section config, in order to include the corresponding node/interface in its informational output. This helps users matching peers from the running WireGuard configuration to their respective section config entry. Signed-off-by: Stefan Hanreich --- proxmox-ve-config/src/sdn/fabric/mod.rs | 115 +++++++++++++++++- .../section_config/protocol/wireguard.rs | 8 ++ 2 files changed, 121 insertions(+), 2 deletions(-) diff --git a/proxmox-ve-config/src/sdn/fabric/mod.rs b/proxmox-ve-config/src/sdn/fabric/mod.rs index 22f19c7..d608266 100644 --- a/proxmox-ve-config/src/sdn/fabric/mod.rs +++ b/proxmox-ve-config/src/sdn/fabric/mod.rs @@ -7,6 +7,7 @@ use std::marker::PhantomData; use std::ops::Deref; use anyhow::Error; +use proxmox_network_types::endpoint::ServiceEndpoint; use section_config::protocol::wireguard::WireGuardProperties; use serde::{Deserialize, Serialize}; @@ -34,8 +35,9 @@ use crate::sdn::fabric::section_config::protocol::ospf::{ OspfNodePropertiesUpdater, OspfProperties, OspfPropertiesUpdater, }; use crate::sdn::fabric::section_config::protocol::wireguard::{ - WireGuardDeletableProperties, WireGuardNode, WireGuardNodeDeletableProperties, - WireGuardNodePeer, WireGuardNodeUpdater, WireGuardPropertiesUpdater, + WireGuardDeletableProperties, WireGuardInterfaceProperties, WireGuardNode, + WireGuardNodeDeletableProperties, WireGuardNodePeer, WireGuardNodeUpdater, + WireGuardPropertiesUpdater, }; use crate::sdn::fabric::section_config::{FabricOrNode, Section}; @@ -215,6 +217,115 @@ impl_entry!(Ospf, OspfProperties, OspfNodeProperties); impl_entry!(WireGuard, WireGuardProperties, WireGuardNode); impl_entry!(Bgp, BgpProperties, BgpNode); +impl Entry { + /// Search for a node in the fabric based on its endpoint. + /// + /// Searches for the node in the fabric configuration that has the given endpoint on a specific + /// node. Mainly useful for mapping the `wg show` output to a node entry in the section config + /// via the specified endpoint. + pub fn find_node_and_interface_by_endpoint( + &self, + local_node_id: &NodeId, + endpoint: &ServiceEndpoint, + ) -> Result)>, Error> { + let node = self.get_node(local_node_id)?; + + let Node::WireGuard(wireguard_node) = node else { + anyhow::bail!("no wireguard node with id {local_node_id} found"); + }; + + let WireGuardNode::Internal(internal_node) = wireguard_node.properties() else { + anyhow::bail!("wireguard node with id {local_node_id} is not an internal node"); + }; + + for peer in internal_node.peers() { + if let Some(peer_endpoint) = peer.endpoint() { + if endpoint == peer_endpoint { + let referenced_node = self.get_node(peer.node())?; + + return Ok(Some(match peer { + WireGuardNodePeer::Internal(internal_peer) => { + let referenced_wireguard_node = + self.node_section(&internal_peer.node)?; + + let WireGuardNode::Internal(referenced_internal_node) = + referenced_wireguard_node.properties() + else { + anyhow::bail!( + "referenced node {} is not a internal wireguard node", + internal_peer.node + ); + }; + + ( + referenced_node, + Some( + referenced_internal_node + .interfaces() + .find(|interface| { + interface.name() == &internal_peer.node_iface + }) + .ok_or_else(|| { + anyhow::anyhow!("referenced interface does not exist") + })?, + ), + ) + } + WireGuardNodePeer::External(_) => (referenced_node, None), + })); + } + } else { + let referenced_node = self.get_node(peer.node())?; + + match peer { + WireGuardNodePeer::Internal(internal_peer) => { + let referenced_wireguard_node = self.node_section(&internal_peer.node)?; + + let WireGuardNode::Internal(referenced_internal_node) = + referenced_wireguard_node.properties() + else { + anyhow::bail!( + "referenced node {} is not a internal wireguard node", + internal_peer.node + ); + }; + + let Some(ip_host) = &referenced_internal_node.endpoint else { + continue; + }; + + for interface in internal_node.interfaces() { + let node_endpoint = + ServiceEndpoint::new(&ip_host.to_string(), interface.listen_port)?; + + if &node_endpoint == endpoint { + return Ok(Some((referenced_node, Some(interface)))); + } + } + } + WireGuardNodePeer::External(external_peer) => { + let referenced_wireguard_node = self.node_section(&external_peer.node)?; + + let WireGuardNode::External(referenced_external_node) = referenced_wireguard_node.properties() + else { + anyhow::bail!( + "referenced node {} is not an external wireguard node", + external_peer.node + ); + }; + + if &referenced_external_node.endpoint == endpoint { + return Ok(Some((referenced_node, None))); + } + } + } + } + } + + return Ok(None); + } +} + /// All possible entries in a [`FabricConfig`]. /// /// It utilizes the [`Entry`] struct to validate proper combinations of [`FabricSection`] and diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs index a2d8c6e..38cc8f0 100644 --- a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs +++ b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs @@ -488,6 +488,14 @@ impl WireGuardNodePeer { } } + /// Returns the endpoint override for this peer definition, if it exists. + pub fn endpoint(&self) -> Option<&ServiceEndpoint> { + match self { + WireGuardNodePeer::Internal(internal_peer) => internal_peer.endpoint.as_ref(), + WireGuardNodePeer::External(external_peer) => external_peer.endpoint.as_ref(), + } + } + pub fn node_iface(&self) -> Option<&WireGuardInterfaceName> { match self { WireGuardNodePeer::Internal(internal_peer) => Some(&internal_peer.node_iface), -- 2.47.3