Fix prefix length comparison bug in AutoApprovers route evaluation (#862)
This commit is contained in:
parent
0cf9c4ce8e
commit
8a07381e3a
3 changed files with 4 additions and 2 deletions
|
@ -19,6 +19,7 @@
|
|||
- Add support for generating pre-auth keys with tags [#767](https://github.com/juanfont/headscale/pull/767)
|
||||
- Add support for evaluating `autoApprovers` ACL entries when a machine is registered [#763](https://github.com/juanfont/headscale/pull/763)
|
||||
- Add config flag to allow Headscale to start if OIDC provider is down [#829](https://github.com/juanfont/headscale/pull/829)
|
||||
- Fix prefix length comparison bug in AutoApprovers route evaluation [#862](https://github.com/juanfont/headscale/pull/862)
|
||||
- Random node DNS suffix only applied if names collide in namespace. [#766](https://github.com/juanfont/headscale/issues/766)
|
||||
- Remove `ip_prefix` configuration option and warning [#899](https://github.com/juanfont/headscale/pull/899)
|
||||
- Add `dns_config.override_local_dns` option [#905](https://github.com/juanfont/headscale/pull/905)
|
||||
|
|
|
@ -125,7 +125,7 @@ func (autoApprovers *AutoApprovers) GetRouteApprovers(
|
|||
return nil, err
|
||||
}
|
||||
|
||||
if autoApprovedPrefix.Bits() >= prefix.Bits() &&
|
||||
if prefix.Bits() >= autoApprovedPrefix.Bits() &&
|
||||
autoApprovedPrefix.Contains(prefix.Masked().Addr()) {
|
||||
approverAliases = append(approverAliases, autoApproverAliases...)
|
||||
}
|
||||
|
|
|
@ -1132,7 +1132,8 @@ func (s *Suite) TestAutoApproveRoutes(c *check.C) {
|
|||
|
||||
defaultRoute := netip.MustParsePrefix("0.0.0.0/0")
|
||||
route1 := netip.MustParsePrefix("10.10.0.0/16")
|
||||
route2 := netip.MustParsePrefix("10.11.0.0/16")
|
||||
// Check if a subprefix of an autoapproved route is approved
|
||||
route2 := netip.MustParsePrefix("10.11.0.0/24")
|
||||
|
||||
machine := Machine{
|
||||
ID: 0,
|
||||
|
|
Loading…
Reference in a new issue