Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-11-10 01:20:58 +01:00
Code Issues Projects Releases Wiki Activity
e0107024e8
juanfont.headscale/hscontrol
History
copilot-swe-agent[bot] e0107024e8 Filter exit routes through ACL policy to fix issue #2788 
Exit nodes are now only visible to nodes that have permission to use them
according to ACL policy. Previously, exit routes (0.0.0.0/0 and ::/0) were
unconditionally added to the AllowedIPs field in the network map, making
exit nodes visible to all peers regardless of policy.

Changes:
- Modified buildTailPeers and WithSelfNode in builder.go to filter exit
  routes through policy.ReduceRoutes, same as primary routes
- Removed unconditional addition of exit routes in tail.go tailNode function
- Updated tail_test.go to reflect new behavior where exit routes are filtered

The fix ensures that exit nodes are only visible when a node has
autogroup:internet in their ACL destination rules.

Co-authored-by: kradalby <98431+kradalby@users.noreply.github.com>
2025-11-01 08:52:29 +00:00
..
assets
capver policy: fix autogroup:self propagation and optimize cache invalidation (#2807) 2025-10-23 17:57:41 +02:00
db expire nodes with a custom timestamp (#2828) 2025-11-01 08:09:13 +01:00
derp policy: fix autogroup:self propagation and optimize cache invalidation (#2807) 2025-10-23 17:57:41 +02:00
dns integration: replace time.Sleep with assert.EventuallyWithT (#2680) 2025-07-10 23:38:55 +02:00
mapper Filter exit routes through ACL policy to fix issue #2788 2025-11-01 08:52:29 +00:00
policy policy: fix autogroup:self propagation and optimize cache invalidation (#2807) 2025-10-23 17:57:41 +02:00
routes debug: add json and improve 2025-09-09 09:40:00 +02:00
state policy: fix autogroup:self propagation and optimize cache invalidation (#2807) 2025-10-23 17:57:41 +02:00
templates integration: replace time.Sleep with assert.EventuallyWithT (#2680) 2025-07-10 23:38:55 +02:00
types policy: fix autogroup:self propagation and optimize cache invalidation (#2807) 2025-10-23 17:57:41 +02:00
util stricter hostname validation and replace (#2383) 2025-10-22 13:50:39 +02:00
app.go hscontrol: add /version HTTP endpoint (#2821) 2025-10-27 10:41:34 +01:00
auth_test.go stability and race conditions in auth and node store (#2781) 2025-10-16 12:17:43 +02:00
auth.go stricter hostname validation and replace (#2383) 2025-10-22 13:50:39 +02:00
debug.go lint and leftover 2025-09-09 09:40:00 +02:00
grpcv1_test.go
grpcv1.go expire nodes with a custom timestamp (#2828) 2025-11-01 08:09:13 +01:00
handlers.go hscontrol: add /version HTTP endpoint (#2821) 2025-10-27 10:41:34 +01:00
metrics.go integration: replace time.Sleep with assert.EventuallyWithT (#2680) 2025-07-10 23:38:55 +02:00
noise.go lint and leftover 2025-09-09 09:40:00 +02:00
oidc.go fix: return valid AuthUrl in followup request on expired reg id 2025-10-11 05:57:39 +02:00
platform_config.go Return better web errors to the user (#2398) 2025-02-01 15:25:18 +01:00
poll.go stability and race conditions in auth and node store (#2781) 2025-10-16 12:17:43 +02:00
suite_test.go Redo OIDC configuration (#2020) 2024-10-02 14:50:17 +02:00
tailsql.go integration: replace time.Sleep with assert.EventuallyWithT (#2680) 2025-07-10 23:38:55 +02:00