mirror of
https://github.com/juanfont/headscale.git
synced 2025-10-05 11:19:03 +02:00
bce4ab2e59
This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
71 lines
1.1 KiB
Go
71 lines
1.1 KiB
Go
package matcher
|
|
|
|
import (
|
|
"net/netip"
|
|
|
|
"github.com/juanfont/headscale/hscontrol/util"
|
|
"go4.org/netipx"
|
|
"tailscale.com/tailcfg"
|
|
)
|
|
|
|
type Match struct {
|
|
Srcs *netipx.IPSet
|
|
Dests *netipx.IPSet
|
|
}
|
|
|
|
func MatchFromFilterRule(rule tailcfg.FilterRule) Match {
|
|
dests := []string{}
|
|
for _, dest := range rule.DstPorts {
|
|
dests = append(dests, dest.IP)
|
|
}
|
|
|
|
return MatchFromStrings(rule.SrcIPs, dests)
|
|
}
|
|
|
|
func MatchFromStrings(sources, destinations []string) Match {
|
|
srcs := new(netipx.IPSetBuilder)
|
|
dests := new(netipx.IPSetBuilder)
|
|
|
|
for _, srcIP := range sources {
|
|
set, _ := util.ParseIPSet(srcIP, nil)
|
|
|
|
srcs.AddSet(set)
|
|
}
|
|
|
|
for _, dest := range destinations {
|
|
set, _ := util.ParseIPSet(dest, nil)
|
|
|
|
dests.AddSet(set)
|
|
}
|
|
|
|
srcsSet, _ := srcs.IPSet()
|
|
destsSet, _ := dests.IPSet()
|
|
|
|
match := Match{
|
|
Srcs: srcsSet,
|
|
Dests: destsSet,
|
|
}
|
|
|
|
return match
|
|
}
|
|
|
|
func (m *Match) SrcsContainsIPs(ips []netip.Addr) bool {
|
|
for _, ip := range ips {
|
|
if m.Srcs.Contains(ip) {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
func (m *Match) DestsContainsIP(ips []netip.Addr) bool {
|
|
for _, ip := range ips {
|
|
if m.Dests.Contains(ip) {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|