policy/matcher: fix bug using contains instead of overlap (#2556)

* policy/matcher: slices.ContainsFunc Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/matcher: slices.ContainsFunc, correct contains vs overlap Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy: add tests to validate fix for 2181 Fixes #2181 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-05-02 23:08:56 +03:00 · 2025-05-02 23:08:56 +03:00 · d810597414
commit d810597414
parent 93afb03f67
2 changed files with 110 additions and 30 deletions
--- a/hscontrol/policy/matcher/matcher.go
+++ b/hscontrol/policy/matcher/matcher.go
@ -3,6 +3,8 @@ package matcher
 import (
 	"net/netip"

+	"slices"
+
 	"github.com/juanfont/headscale/hscontrol/util"
 	"go4.org/netipx"
 	"tailscale.com/tailcfg"
@ -58,41 +60,17 @@ func MatchFromStrings(sources, destinations []string) Match {
 }

 func (m *Match) SrcsContainsIPs(ips ...netip.Addr) bool {
-	for _, ip := range ips {
-		if m.srcs.Contains(ip) {
-			return true
-		}
-	}
-
-	return false
+	return slices.ContainsFunc(ips, m.srcs.Contains)
 }

 func (m *Match) DestsContainsIP(ips ...netip.Addr) bool {
-	for _, ip := range ips {
-		if m.dests.Contains(ip) {
-			return true
-		}
-	}
-
-	return false
+	return slices.ContainsFunc(ips, m.dests.Contains)
 }

 func (m *Match) SrcsOverlapsPrefixes(prefixes ...netip.Prefix) bool {
-	for _, prefix := range prefixes {
-		if m.srcs.ContainsPrefix(prefix) {
-			return true
-		}
-	}
-
-	return false
+	return slices.ContainsFunc(prefixes, m.srcs.OverlapsPrefix)
 }

 func (m *Match) DestsOverlapsPrefixes(prefixes ...netip.Prefix) bool {
-	for _, prefix := range prefixes {
-		if m.dests.ContainsPrefix(prefix) {
-			return true
-		}
-	}
-
-	return false
+	return slices.ContainsFunc(prefixes, m.dests.OverlapsPrefix)
 }