eyjhb/headscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Allow when user has only a subnet route (#1734)

Browse source 
* Add test because of issue 1604

* Add peer for routes

* Revert previous change to try different way to add peer

* Add traces

* Remove traces

* Make sure tests have IPPrefix comparator

* Get allowedIps before loop

* Remove comment

* Add composite literals :)
This commit is contained in:
DeveloperDragon 2024-02-12 11:44:37 +01:00 committed by GitHub
parent 47405931c6
commit e3553aae50
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 79 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
hscontrol/types/node.go
View file

@ -208,6 +208,15 @@ func (node *Node) IsEphemeral() bool {
}
func (node *Node) CanAccess(filter []tailcfg.FilterRule, node2 *Node) bool {
allowedIPs := append([]netip.Addr{}, node2.IPAddresses...)
for _, route := range node2.Routes {
if route.Enabled {
allowedIPs = append(allowedIPs, netip.Prefix(route.Prefix).Addr())
}
}
for _, rule := range filter {
// TODO(kradalby): Cache or pregen this
matcher := matcher.MatchFromFilterRule(rule)
@ -216,7 +225,7 @@ func (node *Node) CanAccess(filter []tailcfg.FilterRule, node2 *Node) bool {
continue
}
if matcher.DestsContainsIP([]netip.Addr(node2.IPAddresses)) {
if matcher.DestsContainsIP(allowedIPs) {
return true
}
}