eliott/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale synced 2026-04-25 17:15:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ded51a4d30e92d4e23fcd09636cbe5666606a2d9
headscale/hscontrol/policy/policyutil/doc.go
Kristoffer Dalby ded51a4d30 policyutil: fix reduceCapGrantRule and add route reduction 
reduceCapGrantRule was dropping rules whose CapGrant IPs overlap a
subnet route; treat subnet routes as part of node identity so those rules
survive reduction. ReduceFilterRules now also reduces route-reachable
destinations.

Updates #3157
2026-04-17 16:31:49 +01:00

10 lines
428 B
Go
Raw Blame History

// Package policyutil contains pure functions that transform compiled
// policy rules for a specific node. The headline function is
// ReduceFilterRules, which filters global rules down to those relevant
// to one node.
//
// A node's SubnetRoutes (approved, non-exit) participate in rule
// matching so subnet routers receive filter rules for destinations
// their subnets cover — the fix for issue #3169.
package policyutil
Reference in New Issue View Git Blame Copy Permalink