Files
headscale/hscontrol
Kristoffer Dalby 8addacb06a policy/v2: add peer visibility compat tests for subnet-to-subnet ACLs
Add TestRoutesCompatPeerVisibility and TestRoutesCompatNoFalsePositivePeers
which use the Tailscale SaaS golden file data to validate the CanAccess /
ReduceNodes / ReduceRoutes code paths for subnet-to-subnet ACL scenarios.

These tests derive expected peer relationships from the golden file
captures: if Tailscale SaaS delivers filter rules to a node with SrcIPs
overlapping another node's subnet routes, those nodes must be peers. This
exercises the CanAccess fix where subnet routes are treated as source
identity, ensuring the fix is validated against real SaaS behavior.

Also fix buildRoutesUsersAndNodes to auto-assign unique node IDs when the
golden files don't provide them, which is required for ReduceNodes to
correctly skip self-comparisons.

Updates #3157
Updates #3169
2026-04-02 20:47:06 +00:00
..
2026-03-03 05:59:40 +01:00
2026-03-01 13:38:22 +01:00
2026-03-01 13:38:22 +01:00
2026-03-01 13:38:22 +01:00