minor change

logs and possible fix on absence of firewall rules
2026-04-07 01:53:51 -04:00 · 2025-11-27 20:53:00 +01:00 · 2025-11-27 20:40:49 +01:00
2 changed files with 23 additions and 6 deletions
--- a/management/server/types/networkmap.go
+++ b/management/server/types/networkmap.go
@@ -3,6 +3,8 @@ package types
 import (
 	"context"

+	"gvisor.dev/gvisor/pkg/log"
+
 	nbdns "github.com/netbirdio/netbird/dns"
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/telemetry"
@@ -29,7 +31,17 @@ func (a *Account) GetPeerNetworkMapExp(
 	metrics *telemetry.AccountManagerMetrics,
 ) *NetworkMap {
 	a.initNetworkMapBuilder(validatedPeers)
-	return a.NetworkMapCache.GetPeerNetworkMap(ctx, peerID, peersCustomZone, validatedPeers, metrics)
+	nmap := a.NetworkMapCache.GetPeerNetworkMap(ctx, peerID, peersCustomZone, validatedPeers, metrics)
+	if len(nmap.Peers) > 0 && len(nmap.FirewallRules) == 0 {
+		log.Debugf("NetworkMapBuilder: generated network map for peer %s with peers but no firewall rules, network serial %d", peerID, nmap.Network.Serial)
+		a.OnPeerDeletedUpdNetworkMapCache(peerID)
+		a.OnPeerAddedUpdNetworkMapCache(peerID)
+		nmap = a.NetworkMapCache.GetPeerNetworkMap(ctx, peerID, peersCustomZone, validatedPeers, metrics)
+		if len(nmap.Peers) > 0 && len(nmap.FirewallRules) == 0 {
+			log.Debugf("NetworkMapBuilder: regenerated network map for peer %s still has no firewall rules", peerID)
+		}
+	}
+	return nmap
 }

 func (a *Account) OnPeerAddedUpdNetworkMapCache(peerId string) error {
--- a/management/server/types/networkmapbuilder.go
+++ b/management/server/types/networkmapbuilder.go
@@ -224,6 +224,9 @@ func (b *NetworkMapBuilder) buildPeerACLView(account *Account, peerID string) {
 	}

 	allPotentialPeers, firewallRules := b.getPeerConnectionResources(account, peer, b.validatedPeers)
+	if len(allPotentialPeers) > 0 && len(firewallRules) == 0 {
+		log.Debugf("NetworkMapBuilder: peer %s - no fwrules was calculated for %d potential peers", peerID, len(allPotentialPeers))
+	}

 	isRouter, networkResourcesRoutes, sourcePeers := b.getNetworkResourcesForPeer(account, peer)

@@ -1013,6 +1016,8 @@ func (b *NetworkMapBuilder) assembleNetworkMap(
 	for _, ruleID := range aclView.FirewallRuleIDs {
 		if rule := b.cache.globalRules[ruleID]; rule != nil {
 			firewallRules = append(firewallRules, rule)
+		} else {
+			log.Debugf("NetworkMapBuilder: peer %s assembling network map has no fwrule %s in globalRules", peer.ID, ruleID)
 		}
 	}

@@ -1988,11 +1993,11 @@ func (b *NetworkMapBuilder) cleanupUnusedRules() {
 		}
 	}

-	for ruleID := range b.cache.globalRules {
-		if _, used := usedFirewallRules[ruleID]; !used {
-			delete(b.cache.globalRules, ruleID)
-		}
-	}
+	// for ruleID := range b.cache.globalRules {
+	// 	if _, used := usedFirewallRules[ruleID]; !used {
+	// 		delete(b.cache.globalRules, ruleID)
+	// 	}
+	// }

 	for ruleID := range b.cache.globalRouteRules {
 		if _, used := usedRouteRules[ruleID]; !used {
Author	SHA1	Message	Date
crn4	dae8a86f33	minor change	2025-11-27 20:53:00 +01:00
crn4	ad024659c1	logs and possible fix on absence of firewall rules	2025-11-27 20:40:49 +01:00