diff --git a/hscontrol/policy/matcher/matcher.go b/hscontrol/policy/matcher/matcher.go index cb7eabc7..fd537834 100644 --- a/hscontrol/policy/matcher/matcher.go +++ b/hscontrol/policy/matcher/matcher.go @@ -49,7 +49,7 @@ func MatchesFromFilterRules(rules []tailcfg.FilterRule) []Match { // and [tailcfg.FilterRule.CapGrant][].Dsts: cap-grant-only rules (e.g. // tailscale.com/cap/relay) carry their destinations in CapGrant.Dsts and // would otherwise contribute nothing to peer-visibility derivation in -// [policy.BuildPeerMap] / [policy.ReduceNodes], hiding the cap target +// [policy.ReduceNodes], hiding the cap target // from the source unless a companion IP-level rule also exists. func MatchFromFilterRule(rule tailcfg.FilterRule) Match { srcs := new(netipx.IPSetBuilder) diff --git a/hscontrol/policy/policy.go b/hscontrol/policy/policy.go index 1778b79f..82e942f9 100644 --- a/hscontrol/policy/policy.go +++ b/hscontrol/policy/policy.go @@ -50,35 +50,6 @@ func ReduceRoutes( return result } -// BuildPeerMap builds a map of all peers that can be accessed by each node. -// -// Compared to [ReduceNodes], which builds the list per node, we end up with -// doing the full work for every node (O(n^2)), while this will reduce the -// list as we see relationships while building the map, making it O(n^2/2) -// in the end, but with less work per node. -func BuildPeerMap( - nodes views.Slice[types.NodeView], - matchers []matcher.Match, -) map[types.NodeID][]types.NodeView { - ret := make(map[types.NodeID][]types.NodeView, nodes.Len()) - - // Build the map of all peers according to the matchers. - for i := range nodes.Len() { - for j := i + 1; j < nodes.Len(); j++ { - if nodes.At(i).ID() == nodes.At(j).ID() { - continue - } - - if nodes.At(i).CanAccess(matchers, nodes.At(j)) || nodes.At(j).CanAccess(matchers, nodes.At(i)) { - ret[nodes.At(i).ID()] = append(ret[nodes.At(i).ID()], nodes.At(j)) - ret[nodes.At(j).ID()] = append(ret[nodes.At(j).ID()], nodes.At(i)) - } - } - } - - return ret -} - // ApproveRoutesWithPolicy checks if the node can approve the announced routes // and returns the new list of approved routes. The [PolicyManager] is consulted // via [PolicyManager.NodeCanApproveRoute].