TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-12 05:37:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: allowed suggested exit nodes policy (#12240)

Browse Source 
Updates tailscale/corp#19681

Signed-off-by: Claire Wang <claire@tailscale.com>
This commit is contained in:
Claire Wang
2024-05-27 16:22:36 -04:00
committed by GitHub
parent 5ad0dad15e
commit f1d10c12ac
2 changed files with 147 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ipn/ipnlocal/local.go
View File

@@ -6453,8 +6453,17 @@ func suggestExitNode(report *netcheck.Report, netMap *netmap.NetworkMap, r *rand
if report.PreferredDERP == 0 {
return res, ErrNoPreferredDERP
}
var allowedCandidates set.Set[string]
if allowed, err := syspolicy.GetStringArray(syspolicy.AllowedSuggestedExitNodes, nil); err != nil {
return res, fmt.Errorf("unable to read %s policy: %w", syspolicy.AllowedSuggestedExitNodes, err)
} else if allowed != nil {
allowedCandidates = set.SetOf(allowed)
}
candidates := make([]tailcfg.NodeView, 0, len(netMap.Peers))
for _, peer := range netMap.Peers {
if allowedCandidates != nil && !allowedCandidates.Contains(string(peer.StableID())) {
continue
}
if peer.CapMap().Has(tailcfg.NodeAttrSuggestExitNode) && tsaddr.ContainsExitRoutes(peer.AllowedIPs()) {
candidates = append(candidates, peer)
}