Allow specifying an interface to bind to: (#362)

## Description Users with multiple interfaces can limit listening to a single interface. ## Why is this needed Fixes: #361 ## How Has This Been Tested? ## How are existing users impacted? What migration steps/scripts do we need? ## Checklist: I have: - [ ] updated the documentation and/or roadmap (if required) - [ ] added unit or e2e tests - [ ] provided instructions on how to upgrade
tinkerbell · Nov 2, 2023 · fab9834 · fab9834
2 parents 75a4542 + 1cef6b6
commit fab9834
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 65 deletions.
diff --git a/README.md b/README.md
@@ -68,6 +68,7 @@ FLAGS
   -dhcp-enabled               [dhcp] enable DHCP server (default "true")
   -dhcp-http-ipxe-binary-url  [dhcp] HTTP ipxe binaries URL to use in DHCP packets (default "http://172.17.0.2:8080/ipxe/")
   -dhcp-http-ipxe-script-url  [dhcp] HTTP ipxe script URL to use in DHCP packets (default "http://172.17.0.2/auto.ipxe")
+  -dhcp-iface                 [dhcp] interface to bind to for DHCP requests
   -dhcp-ip-for-packet         [dhcp] ip address to use in DHCP packets (opt 54, etc) (default "172.17.0.2")
   -dhcp-syslog-ip             [dhcp] syslog server IP address to use in DHCP packets (opt 7) (default "172.17.0.2")
   -dhcp-tftp-ip               [dhcp] tftp server IP address to use in DHCP packets (opt 66, etc) (default "172.17.0.2:69")

diff --git a/cmd/smee/env.go b/cmd/smee/env.go
diff --git a/cmd/smee/flag.go b/cmd/smee/flag.go
@@ -1,8 +1,10 @@
 package main
 
 import (
+	"errors"
 	"flag"
 	"fmt"
+	"net"
 	"regexp"
 	"sort"
 	"strings"
@@ -107,6 +109,7 @@ func ipxeHTTPScriptFlags(c *config, fs *flag.FlagSet) {
 func dhcpFlags(c *config, fs *flag.FlagSet) {
 	fs.BoolVar(&c.dhcp.enabled, "dhcp-enabled", true, "[dhcp] enable DHCP server")
 	fs.StringVar(&c.dhcp.bindAddr, "dhcp-addr", "0.0.0.0:67", "[dhcp] local IP:Port to listen on for DHCP requests")
+	fs.StringVar(&c.dhcp.bindInterface, "dhcp-iface", "", "[dhcp] interface to bind to for DHCP requests")
 	fs.StringVar(&c.dhcp.ipForPacket, "dhcp-ip-for-packet", detectPublicIPv4(""), "[dhcp] IP address to use in DHCP packets (opt 54, etc)")
 	fs.StringVar(&c.dhcp.syslogIP, "dhcp-syslog-ip", detectPublicIPv4(""), "[dhcp] syslog server IP address to use in DHCP packets (opt 7)")
 	fs.StringVar(&c.dhcp.tftpIP, "dhcp-tftp-ip", detectPublicIPv4(":69"), "[dhcp] tftp server IP address to use in DHCP packets (opt 66, etc)")
@@ -143,3 +146,59 @@ func newCLI(cfg *config, fs *flag.FlagSet) *ffcli.Command {
 		UsageFunc:  customUsageFunc,
 	}
 }
+
+func detectPublicIPv4(extra string) string {
+	ip, err := autoDetectPublicIPv4()
+	if err != nil {
+		return ""
+	}
+
+	return fmt.Sprintf("%v%v", ip.String(), extra)
+}
+
+func autoDetectPublicIPv4() (net.IP, error) {
+	addrs, err := net.InterfaceAddrs()
+	if err != nil {
+		return nil, fmt.Errorf("unable to auto-detect public IPv4: %w", err)
+	}
+	for _, addr := range addrs {
+		ip, ok := addr.(*net.IPNet)
+		if !ok {
+			continue
+		}
+		v4 := ip.IP.To4()
+		if v4 == nil || !v4.IsGlobalUnicast() {
+			continue
+		}
+
+		return v4, nil
+	}
+
+	return nil, errors.New("unable to auto-detect public IPv4")
+}
+
+func parseTrustedProxies(trustedProxies string) (result []string) {
+	for _, cidr := range strings.Split(trustedProxies, ",") {
+		cidr = strings.TrimSpace(cidr)
+		if cidr == "" {
+			continue
+		}
+		_, _, err := net.ParseCIDR(cidr)
+		if err != nil {
+			// Its not a cidr, but maybe its an IP
+			if ip := net.ParseIP(cidr); ip != nil {
+				if ip.To4() != nil {
+					cidr += "/32"
+				} else {
+					cidr += "/128"
+				}
+			} else {
+				// not an IP, panic
+				panic("invalid ip cidr in TRUSTED_PROXIES cidr=" + cidr)
+			}
+		}
+		result = append(result, cidr)
+	}
+
+	return result
+}
diff --git a/cmd/smee/flag_test.go b/cmd/smee/flag_test.go
@@ -88,6 +88,7 @@ FLAGS
   -dhcp-enabled               [dhcp] enable DHCP server (default "true")
   -dhcp-http-ipxe-binary-url  [dhcp] HTTP ipxe binaries URL to use in DHCP packets (default "http://%[1]v:8080/ipxe/")
   -dhcp-http-ipxe-script-url  [dhcp] HTTP ipxe script URL to use in DHCP packets (default "http://%[1]v/auto.ipxe")
+  -dhcp-iface                 [dhcp] interface to bind to for DHCP requests
   -dhcp-ip-for-packet         [dhcp] IP address to use in DHCP packets (opt 54, etc) (default "%[1]v")
   -dhcp-syslog-ip             [dhcp] syslog server IP address to use in DHCP packets (opt 7) (default "%[1]v")
   -dhcp-tftp-ip               [dhcp] tftp server IP address to use in DHCP packets (opt 66, etc) (default "%[1]v:69")

diff --git a/cmd/smee/main.go b/cmd/smee/main.go
@@ -82,6 +82,7 @@ type ipxeHTTPScript struct {
 type dhcpConfig struct {
 	enabled           bool
 	bindAddr          string
+	bindInterface     string
 	ipForPacket       string
 	syslogIP          string
 	tftpIP            string
@@ -219,7 +220,7 @@ func main() {
 			if err != nil {
 				panic(fmt.Errorf("invalid tftp address for DHCP server: %w", err))
 			}
-			conn, err := server4.NewIPv4UDPConn("", net.UDPAddrFromAddrPort(bindAddr))
+			conn, err := server4.NewIPv4UDPConn(cfg.dhcp.bindInterface, net.UDPAddrFromAddrPort(bindAddr))
 			if err != nil {
 				panic(err)
 			}