mirror of
https://github.com/juanfont/headscale.git
synced 2025-05-22 10:01:52 -04:00
45e38cb080
* notifier: use convenience funcs Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy: reduce routes based on policy Fixes #2365 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * hsic: more helper methods Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy: more test cases Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: add route with filter acl integration test Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: correct route reduce test, now failing Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * mapper: compare peer routes against node Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * hs: more output to debug strings Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * types/node: slice.ContainsFunc Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy: more reduce route test Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * changelog: add entry for route filter Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
93 lines
1.9 KiB
Go
93 lines
1.9 KiB
Go
package matcher
|
|
|
|
import (
|
|
"net/netip"
|
|
"strings"
|
|
|
|
"slices"
|
|
|
|
"github.com/juanfont/headscale/hscontrol/util"
|
|
"go4.org/netipx"
|
|
"tailscale.com/tailcfg"
|
|
)
|
|
|
|
type Match struct {
|
|
srcs *netipx.IPSet
|
|
dests *netipx.IPSet
|
|
}
|
|
|
|
func (m Match) DebugString() string {
|
|
var sb strings.Builder
|
|
|
|
sb.WriteString("Match:\n")
|
|
sb.WriteString(" Sources:\n")
|
|
for _, prefix := range m.srcs.Prefixes() {
|
|
sb.WriteString(" " + prefix.String() + "\n")
|
|
}
|
|
sb.WriteString(" Destinations:\n")
|
|
for _, prefix := range m.dests.Prefixes() {
|
|
sb.WriteString(" " + prefix.String() + "\n")
|
|
}
|
|
return sb.String()
|
|
}
|
|
|
|
func MatchesFromFilterRules(rules []tailcfg.FilterRule) []Match {
|
|
matches := make([]Match, 0, len(rules))
|
|
for _, rule := range rules {
|
|
matches = append(matches, MatchFromFilterRule(rule))
|
|
}
|
|
return matches
|
|
}
|
|
|
|
func MatchFromFilterRule(rule tailcfg.FilterRule) Match {
|
|
dests := []string{}
|
|
for _, dest := range rule.DstPorts {
|
|
dests = append(dests, dest.IP)
|
|
}
|
|
|
|
return MatchFromStrings(rule.SrcIPs, dests)
|
|
}
|
|
|
|
func MatchFromStrings(sources, destinations []string) Match {
|
|
srcs := new(netipx.IPSetBuilder)
|
|
dests := new(netipx.IPSetBuilder)
|
|
|
|
for _, srcIP := range sources {
|
|
set, _ := util.ParseIPSet(srcIP, nil)
|
|
|
|
srcs.AddSet(set)
|
|
}
|
|
|
|
for _, dest := range destinations {
|
|
set, _ := util.ParseIPSet(dest, nil)
|
|
|
|
dests.AddSet(set)
|
|
}
|
|
|
|
srcsSet, _ := srcs.IPSet()
|
|
destsSet, _ := dests.IPSet()
|
|
|
|
match := Match{
|
|
srcs: srcsSet,
|
|
dests: destsSet,
|
|
}
|
|
|
|
return match
|
|
}
|
|
|
|
func (m *Match) SrcsContainsIPs(ips ...netip.Addr) bool {
|
|
return slices.ContainsFunc(ips, m.srcs.Contains)
|
|
}
|
|
|
|
func (m *Match) DestsContainsIP(ips ...netip.Addr) bool {
|
|
return slices.ContainsFunc(ips, m.dests.Contains)
|
|
}
|
|
|
|
func (m *Match) SrcsOverlapsPrefixes(prefixes ...netip.Prefix) bool {
|
|
return slices.ContainsFunc(prefixes, m.srcs.OverlapsPrefix)
|
|
}
|
|
|
|
func (m *Match) DestsOverlapsPrefixes(prefixes ...netip.Prefix) bool {
|
|
return slices.ContainsFunc(prefixes, m.dests.OverlapsPrefix)
|
|
}
|