mirror of
https://github.com/juanfont/headscale.git
synced 2025-11-27 20:04:00 +01:00
e0107024e8
Exit nodes are now only visible to nodes that have permission to use them according to ACL policy. Previously, exit routes (0.0.0.0/0 and ::/0) were unconditionally added to the AllowedIPs field in the network map, making exit nodes visible to all peers regardless of policy. Changes: - Modified buildTailPeers and WithSelfNode in builder.go to filter exit routes through policy.ReduceRoutes, same as primary routes - Removed unconditional addition of exit routes in tail.go tailNode function - Updated tail_test.go to reflect new behavior where exit routes are filtered The fix ensures that exit nodes are only visible when a node has autogroup:internet in their ACL destination rules. Co-authored-by: kradalby <98431+kradalby@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| batcher_lockfree.go | ||
| batcher_test.go | ||
| batcher.go | ||
| builder_test.go | ||
| builder.go | ||
| mapper_test.go | ||
| mapper.go | ||
| suite_test.go | ||
| tail_test.go | ||
| tail.go | ||
| utils.go | ||