Fix prefix length comparison bug in AutoApprovers route evaluation (#862)
This commit is contained in:
parent
0cf9c4ce8e
commit
8a07381e3a
3 changed files with 4 additions and 2 deletions
|
@ -19,6 +19,7 @@
|
||||||
- Add support for generating pre-auth keys with tags [#767](https://github.com/juanfont/headscale/pull/767)
|
- Add support for generating pre-auth keys with tags [#767](https://github.com/juanfont/headscale/pull/767)
|
||||||
- Add support for evaluating `autoApprovers` ACL entries when a machine is registered [#763](https://github.com/juanfont/headscale/pull/763)
|
- Add support for evaluating `autoApprovers` ACL entries when a machine is registered [#763](https://github.com/juanfont/headscale/pull/763)
|
||||||
- Add config flag to allow Headscale to start if OIDC provider is down [#829](https://github.com/juanfont/headscale/pull/829)
|
- Add config flag to allow Headscale to start if OIDC provider is down [#829](https://github.com/juanfont/headscale/pull/829)
|
||||||
|
- Fix prefix length comparison bug in AutoApprovers route evaluation [#862](https://github.com/juanfont/headscale/pull/862)
|
||||||
- Random node DNS suffix only applied if names collide in namespace. [#766](https://github.com/juanfont/headscale/issues/766)
|
- Random node DNS suffix only applied if names collide in namespace. [#766](https://github.com/juanfont/headscale/issues/766)
|
||||||
- Remove `ip_prefix` configuration option and warning [#899](https://github.com/juanfont/headscale/pull/899)
|
- Remove `ip_prefix` configuration option and warning [#899](https://github.com/juanfont/headscale/pull/899)
|
||||||
- Add `dns_config.override_local_dns` option [#905](https://github.com/juanfont/headscale/pull/905)
|
- Add `dns_config.override_local_dns` option [#905](https://github.com/juanfont/headscale/pull/905)
|
||||||
|
|
|
@ -125,7 +125,7 @@ func (autoApprovers *AutoApprovers) GetRouteApprovers(
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if autoApprovedPrefix.Bits() >= prefix.Bits() &&
|
if prefix.Bits() >= autoApprovedPrefix.Bits() &&
|
||||||
autoApprovedPrefix.Contains(prefix.Masked().Addr()) {
|
autoApprovedPrefix.Contains(prefix.Masked().Addr()) {
|
||||||
approverAliases = append(approverAliases, autoApproverAliases...)
|
approverAliases = append(approverAliases, autoApproverAliases...)
|
||||||
}
|
}
|
||||||
|
|
|
@ -1132,7 +1132,8 @@ func (s *Suite) TestAutoApproveRoutes(c *check.C) {
|
||||||
|
|
||||||
defaultRoute := netip.MustParsePrefix("0.0.0.0/0")
|
defaultRoute := netip.MustParsePrefix("0.0.0.0/0")
|
||||||
route1 := netip.MustParsePrefix("10.10.0.0/16")
|
route1 := netip.MustParsePrefix("10.10.0.0/16")
|
||||||
route2 := netip.MustParsePrefix("10.11.0.0/16")
|
// Check if a subprefix of an autoapproved route is approved
|
||||||
|
route2 := netip.MustParsePrefix("10.11.0.0/24")
|
||||||
|
|
||||||
machine := Machine{
|
machine := Machine{
|
||||||
ID: 0,
|
ID: 0,
|
||||||
|
|
Loading…
Reference in a new issue