TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-05-29 10:48:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: allow Peer API access via either V4MasqAddr or V6MasqAddr when both are set

Browse Source 
This doesn't seem to have any immediate impact, but not allowing access via the IPv6 masquerade
address when an IPv4 masquerade address is also set seems like a bug.

Updates #cleanup
Updates #14570 (found when working on it)

Signed-off-by: Nick Khyl <nickk@tailscale.com>
This commit is contained in:
Nick Khyl 2025-01-14 11:04:55 -06:00 committed by Nick Khyl
parent cfda1ff709
commit 66269dc934
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ipn/ipnlocal/peerapi.go
View File

@ -233,11 +233,13 @@ func (h *peerAPIHandler) logf(format string, a ...any) {
// isAddressValid reports whether addr is a valid destination address for this // isAddressValid reports whether addr is a valid destination address for this
// node originating from the peer. // node originating from the peer.
func (h *peerAPIHandler) isAddressValid(addr netip.Addr) bool { func (h *peerAPIHandler) isAddressValid(addr netip.Addr) bool {
if v, ok := h.peerNode.SelfNodeV4MasqAddrForThisPeer().GetOk(); ok { if !addr.IsValid() {
return v == addr return false
} }
if v, ok := h.peerNode.SelfNodeV6MasqAddrForThisPeer().GetOk(); ok { v4MasqAddr, hasMasqV4 := h.peerNode.SelfNodeV4MasqAddrForThisPeer().GetOk()
return v == addr v6MasqAddr, hasMasqV6 := h.peerNode.SelfNodeV6MasqAddrForThisPeer().GetOk()
if hasMasqV4 || hasMasqV6 {
return addr == v4MasqAddr || addr == v6MasqAddr
} }
pfx := netip.PrefixFrom(addr, addr.BitLen()) pfx := netip.PrefixFrom(addr, addr.BitLen())
return views.SliceContains(h.selfNode.Addresses(), pfx) return views.SliceContains(h.selfNode.Addresses(), pfx)