ipn,ipn/local: always accept routes for Tailscale Services (cgnat range) (#18173)
Updates #18198 Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk> Co-authored-by: James Tucker <raggi@tailscale.com>
This commit is contained in:
Tom Meadows
GitHub
@@ -13,6 +13,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"tailscale.com/net/tsaddr"
|
||||
"tailscale.com/tailcfg"
|
||||
"tailscale.com/tka"
|
||||
"tailscale.com/types/key"
|
||||
@@ -154,8 +155,11 @@ func (nm *NetworkMap) SelfNodeOrZero() tailcfg.NodeView {
|
||||
// AnyPeersAdvertiseRoutes reports whether any peer is advertising non-exit node routes.
|
||||
func (nm *NetworkMap) AnyPeersAdvertiseRoutes() bool {
|
||||
for _, p := range nm.Peers {
|
||||
if p.PrimaryRoutes().Len() > 0 {
|
||||
return true
|
||||
// NOTE: (ChaosInTheCRD) if the peer being advertised is a tailscale ip, we ignore it in this check
|
||||
for _, r := range p.PrimaryRoutes().All() {
|
||||
if !tsaddr.IsTailscaleIP(r.Addr()) || !r.IsSingleIP() {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
|
||||
Reference in New Issue
Block a user