add support for overriding peer-exchange-port for individual hosts

This can also be used to disable PEX completely for non-unetd host entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>

host.c

@@ -92,6 +92,7 @@ network_host_create(struct network *net, struct blob_attr *attr)
 		NETWORK_HOST_IPADDR,
 		NETWORK_HOST_SUBNET,
 		NETWORK_HOST_PORT,
+		NETWORK_HOST_PEX_PORT,
 		NETWORK_HOST_ENDPOINT,
 		NETWORK_HOST_GATEWAY,
 		__NETWORK_HOST_MAX
@@ -102,6 +103,7 @@ network_host_create(struct network *net, struct blob_attr *attr)
 		[NETWORK_HOST_IPADDR] = { "ipaddr", BLOBMSG_TYPE_ARRAY },
 		[NETWORK_HOST_SUBNET] = { "subnet", BLOBMSG_TYPE_ARRAY },
 		[NETWORK_HOST_PORT] = { "port", BLOBMSG_TYPE_INT32 },
+		[NETWORK_HOST_PEX_PORT] = { "peer-exchange-port", BLOBMSG_TYPE_INT32 },
 		[NETWORK_HOST_ENDPOINT] = { "endpoint", BLOBMSG_TYPE_STRING },
 		[NETWORK_HOST_GATEWAY] = { "gateway", BLOBMSG_TYPE_STRING },
 	};
@@ -164,6 +166,10 @@ network_host_create(struct network *net, struct blob_attr *attr)
 		peer->port = blobmsg_get_u32(cur);
 	else
 		peer->port = net->net_config.port;
+	if ((cur = tb[NETWORK_HOST_PEX_PORT]) != NULL)
+		peer->pex_port = blobmsg_get_u32(cur);
+	else
+		peer->pex_port = net->net_config.pex_port;
 	if (endpoint)
 		peer->endpoint = strcpy(endpoint_buf, endpoint);
 	if (gateway)

host.h

@@ -13,6 +13,7 @@ struct network_peer {
 	struct blob_attr *ipaddr;
 	struct blob_attr *subnet;
 	int port;
+	int pex_port;
 
 	struct {
 		int connect_attempt;

pex.c

@@ -57,15 +57,16 @@ pex_get_peer_addr(struct sockaddr_in6 *sin6, struct network *net,
 	*sin6 = (struct sockaddr_in6){
 		.sin6_family = AF_INET6,
 		.sin6_addr = peer->local_addr.in6,
-		.sin6_port = htons(net->net_config.pex_port),
+		.sin6_port = htons(peer->pex_port),
 	};
 }
 
 static void pex_msg_send(struct network *net, struct network_peer *peer)
 {
 	struct sockaddr_in6 sin6 = {};
 
-	if (!peer || peer == &net->net_config.local_host->peer)
+	if (!peer || peer == &net->net_config.local_host->peer ||
+	    !peer->pex_port)
 		return;
 
 	pex_get_peer_addr(&sin6, net, peer);
@@ -661,7 +662,7 @@ int network_pex_open(struct network *net)
 
 	network_pex_open_auth_connect(net);
 
-	if (!local_host || !net->net_config.pex_port)
+	if (!local_host || !local_host->peer.pex_port)
 		return 0;
 
 	local = &local_host->peer;
@@ -675,7 +676,7 @@ int network_pex_open(struct network *net)
 	sin6.sin6_family = AF_INET6;
 	memcpy(&sin6.sin6_addr, &local->local_addr.in6,
 	       sizeof(local->local_addr.in6));
-	sin6.sin6_port = htons(net->net_config.pex_port);
+	sin6.sin6_port = htons(local_host->peer.pex_port);
 
 	if (bind(fd, (struct sockaddr *)&sin6, sizeof(sin6)) < 0) {
 		perror("bind");

scripts/unet-cli

@@ -50,11 +50,12 @@ Usage: ${basename(sourcepath())} [<flags>] <file> <command> [<args>] [<option>=<
      Options:
       - config options (create, set-config):
 	port=<val>				set tunnel port (default: ${defaults.port})
-	pex_port=<val>				set peer-exchange port (default: ${defaults.pex_port})
+	pex_port=<val>				set peer-exchange port (default: ${defaults.pex_port}, 0: disabled)
 	keepalive=<val>				set keepalive interval (seconds, 0: off, default: ${defaults.keepalive})
       - host options (add-host, add-ssh-host, set-host):
 	key=<val>				set host public key (required for add-host)
 	port=<val>				set host tunnel port number
+	pex_port=<val>				set host peer-exchange port (default: network pex_port, 0: disabled)
 	groups=[+|-]<val>[,<val>...]		set/add/remove groups that the host is a member of
 	ipaddr=[+|-]<val>[,<val>...]		set/add/remove host ip addresses
 	subnet=[+|-]<val>[,<val>...]		set/add/remove host announced subnets
@@ -224,6 +225,7 @@ function set_host(host) {
 		subnet: "array",
 		groups: "array",
 	});
+	set_field("int", host, "peer-exchange-port", args.pex_port);
 }
 
 function set_service(service) {