From 6c036d1183b98f9ba0780466f6b935514d9ae052 Mon Sep 17 00:00:00 2001
From: Brian Picciano <me@mediocregopher.com>
Date: Thu, 12 Sep 2024 08:59:23 +0200
Subject: [PATCH] Check that two different networks aren't trying to use the
 same nebula port

---
 go/daemon/daecommon/config.go | 47 +++++++++++++++++++++++++++++------
 1 file changed, 39 insertions(+), 8 deletions(-)

diff --git a/go/daemon/daecommon/config.go b/go/daemon/daecommon/config.go
index ff27960..249450d 100644
--- a/go/daemon/daecommon/config.go
+++ b/go/daemon/daecommon/config.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"isle/bootstrap"
 	"isle/toolkit"
+	"net"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -148,6 +149,35 @@ type Config struct {
 	Networks map[string]NetworkConfig `yaml:"networks"`
 }
 
+// Validate asserts that the Config has no internal inconsistencies which would
+// render it unusable.
+func (c Config) Validate() error {
+	nebulaPorts := map[string]string{}
+
+	for id, network := range c.Networks {
+		if network.VPN.PublicAddr == "" {
+			continue
+		}
+
+		_, port, err := net.SplitHostPort(network.VPN.PublicAddr)
+		if err != nil {
+			return fmt.Errorf(
+				"invalid vpn.public_addr %q: %w", network.VPN.PublicAddr, err,
+			)
+		} else if otherID, ok := nebulaPorts[port]; ok {
+			return fmt.Errorf(
+				"two networks with the same vpn.public_addr: %q and %q",
+				id,
+				otherID,
+			)
+		}
+
+		nebulaPorts[port] = id
+	}
+
+	return nil
+}
+
 // CopyDefaultConfig copies the daemon config file embedded in the AppDir into
 // the given io.Writer.
 func CopyDefaultConfig(into io.Writer, appDirPath string) error {
@@ -182,15 +212,16 @@ func LoadConfig(userConfigPath string) (Config, error) {
 	}
 
 	{ // DEPRECATED
-		var config NetworkConfig
-		_ = yaml.Unmarshal(userConfigB, &config)
-		if !toolkit.IsZero(config) {
-			config.fillDefaults()
-			return Config{
+		var networkConfig NetworkConfig
+		_ = yaml.Unmarshal(userConfigB, &networkConfig)
+		if !toolkit.IsZero(networkConfig) {
+			networkConfig.fillDefaults()
+			config := Config{
 				Networks: map[string]NetworkConfig{
-					DeprecatedNetworkID: config,
+					DeprecatedNetworkID: networkConfig,
 				},
-			}, nil
+			}
+			return config, config.Validate()
 		}
 	}
 
@@ -205,7 +236,7 @@ func LoadConfig(userConfigPath string) (Config, error) {
 		config.Networks[id] = network
 	}
 
-	return config, nil
+	return config, config.Validate()
 }
 
 // BootstrapGarageHostForAlloc returns the bootstrap.GarageHostInstance which