MyFavMirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-11-21 01:59:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix exit node visibility issue - filter based on autogroup:internet permission

Browse Source 
- Modified tailNode/tailNodes functions to accept exitRouteFilterFunc parameter
- Added canUseExitRoutes helper to check for broad internet access permission
- Added DestsContainsPrefixes method to matcher for checking prefix containment
- Exit routes now only included in peer AllowedIPs when requesting node has internet access
- Added comprehensive unit tests for both scenarios (with and without autogroup:internet)

Fixes #2788

Co-authored-by: kradalby <98431+kradalby@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-11-01 08:53:35 +00:00
parent 309437fa14
commit 31bf3a6637
5 changed files with 422 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
hscontrol/mapper/tail_test.go
View File

@@ -221,6 +221,13 @@ func TestTailNode(t *testing.T) {
func(id types.NodeID) []netip.Prefix {
return primary.PrimaryRoutes(id)
},
func(id types.NodeID) []netip.Prefix {
// For tests, include exit routes if node has them
if id == tt.node.ID {
return tt.node.ExitRoutes()
}
return nil
},
cfg,
)
@@ -281,6 +288,9 @@ func TestNodeExpiry(t *testing.T) {
func(id types.NodeID) []netip.Prefix {
return []netip.Prefix{}
},
func(id types.NodeID) []netip.Prefix {
return []netip.Prefix{}
},
&types.Config{},
)
if err != nil {