policy: reduce routes based on policy

Fixes #2365 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2026-04-21 08:11:43 +02:00 · 2025-05-03 10:11:30 +02:00
parent 388bf5c7b9
commit 0d17cdd8cb
9 changed files with 269 additions and 10 deletions
--- a/hscontrol/mapper/mapper.go
+++ b/hscontrol/mapper/mapper.go
@@ -546,7 +546,7 @@ func appendPeerChanges(
 	// If there are filter rules present, see if there are any nodes that cannot
 	// access each-other at all and remove them from the peers.
 	if len(filter) > 0 {
-		changed = policy.FilterNodesByACL(node, changed, matchers)
+		changed = policy.ReduceNodes(node, changed, matchers)
 	}

 	profiles := generateUserProfiles(node, changed)