TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-13 14:43:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: filter peers with bad signatures when tka is enabled

Browse Source 
Signed-off-by: Tom DNetto <tom@tailscale.com>
This commit is contained in:
Tom DNetto
2022-10-04 10:51:45 -07:00
committed by Tom
parent 01ebef0f4f
commit 73db56af52
4 changed files with 101 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ipn/ipnlocal/local.go
View File

@@ -778,6 +778,9 @@ func (b *LocalBackend) setClientStatus(st controlclient.Status) {
if err := b.tkaSyncIfNeededLocked(st.NetMap); err != nil {
b.logf("[v1] TKA sync error: %v", err)
}
if !envknob.TKASkipSignatureCheck() {
b.tkaFilterNetmapLocked(st.NetMap)
}
if b.findExitNodeIDLocked(st.NetMap) {
prefsChanged = true
}