public/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-05-24 19:18:41 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
f3f84a5a63ba69e31caee6bb5a4467dbbb47a63b
headscale/hscontrol/policy/matcher
History
Kristoffer Dalby c3df84e354 policy/matcher: include CapGrant.Dsts in match destinations 
MatchFromFilterRule only read DstPorts[].IP into the destination
IPSet. Cap-grant-only filter rules (e.g. tailscale.com/cap/relay)
carry their destinations in CapGrant[].Dsts, so the derived matchers
had empty dest sets and BuildPeerMap / ReduceNodes never exposed the
cap target to its source nodes. Without a companion IP-level grant
the relay node stayed invisible, so clients never tried to use it
and connections sat on DERP.

Union CapGrant[].Dsts into the destination IPSet alongside DstPorts.
Restores peer-visibility for any cap-grant-only relationship; the
peer-relay flow is the most visible instance.

Fixes #3256
2026-05-11 14:55:06 +01:00
..
matcher_test.go
policy/matcher: include CapGrant.Dsts in match destinations
2026-05-11 14:55:06 +01:00
matcher.go
policy/matcher: include CapGrant.Dsts in match destinations
2026-05-11 14:55:06 +01:00