Ingress for VIPirbekrm/splitkeys

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
author: Irbe Krumina <irbe@tailscale.com> 2024-02-23 16:14:18 +0000
committer: Irbe Krumina <irbe@tailscale.com> 2024-02-25 09:03:35 +0000
commit: 350d37286d8b881ad9aa882ef3ccc977d2481d43 (patch)
tree: 6aad14d3a80d111688b1c8158f213708955dc172 /ipn
parent: ab1eb428d92551c9df1bd556f397eead286f855e (diff)
download: tailscale-irbekrm/splitkeys.tar.xz
tailscale-irbekrm/splitkeys.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go
index b8aa769a1..681fb687d 100644
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -3299,9 +3299,13 @@ func (b *LocalBackend) handlePeerAPIConn(remote, local netip.AddrPort, c net.Con
 	return
 }
 
-func (b *LocalBackend) isLocalIP(ip netip.Addr) bool {
+func (b *LocalBackend) isLocallyAvailable(ip netip.Addr) bool {
 	nm := b.NetMap()
-	return nm != nil && views.SliceContains(nm.GetAddresses(), netip.PrefixFrom(ip, ip.BitLen()))
+	if nm == nil {
+		return false
+	}
+	pfx := netip.PrefixFrom(ip, ip.BitLen())
+	return views.SliceContains(nm.SelfNode.AllowedIPs(), pfx)
 }
 
 var (
@@ -3319,7 +3323,7 @@ func (b *LocalBackend) TCPHandlerForDst(src, dst netip.AddrPort) (handler func(c
 		}
 		return b.HandleQuad100Port80Conn, opts
 	}
-	if !b.isLocalIP(dst.Addr()) {
+	if !b.isLocallyAvailable(dst.Addr()) {
 		return nil, nil
 	}
 	if dst.Port() == 22 && b.ShouldRunSSH() {
author	Irbe Krumina <irbe@tailscale.com>	2024-02-23 16:14:18 +0000
committer	Irbe Krumina <irbe@tailscale.com>	2024-02-25 09:03:35 +0000
commit	350d37286d8b881ad9aa882ef3ccc977d2481d43 (patch)
tree	6aad14d3a80d111688b1c8158f213708955dc172 /ipn
parent	ab1eb428d92551c9df1bd556f397eead286f855e (diff)
download	tailscale-irbekrm/splitkeys.tar.xz tailscale-irbekrm/splitkeys.zip