mirror of
https://github.com/juanfont/headscale.git
synced 2026-04-08 05:57:46 +09:00
f74ea5b8ed
Add support for the Grant policy format as an alternative to ACL format, following Tailscale's policy v2 specification. Grants provide a more structured way to define network access rules with explicit separation of IP-based and capability-based permissions. Key changes: - Add Grant struct with Sources, Destinations, InternetProtocols (ip), and App (capabilities) fields - Add ProtocolPort type for unmarshaling protocol:port strings - Add Grant validation in Policy.validate() to enforce: - Mutual exclusivity of ip and app fields - Required ip or app field presence - Non-empty sources and destinations - Refactor compileFilterRules to support both ACLs and Grants - Convert ACLs to Grants internally via aclToGrants() for unified processing - Extract destinationsToNetPortRange() helper for cleaner code - Rename parseProtocol() to toIANAProtocolNumbers() for clarity - Add ProtocolNumberToName mapping for reverse lookups The Grant format allows policies to be written using either the legacy ACL format or the new Grant format. ACLs are converted to Grants internally, ensuring backward compatibility while enabling the new format's benefits. Updates #2180