From bc9877ce28a4f70330ff46531df13017ee56ae19 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Wed, 18 Mar 2026 10:39:55 +0000 Subject: [PATCH] policy/v2: use bare IPs in autogroup:self DstPorts Use ip.String() instead of netip.PrefixFrom(ip, ip.BitLen()).String() when building DstPorts for autogroup:self destinations. This produces bare IPs like "100.90.199.68" instead of CIDR notation like "100.90.199.68/32", matching the Tailscale FilterRule wire format. Updates #2180 --- hscontrol/policy/v2/filter.go | 4 ++-- hscontrol/policy/v2/filter_test.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hscontrol/policy/v2/filter.go b/hscontrol/policy/v2/filter.go index 3d366334..30e7acbc 100644 --- a/hscontrol/policy/v2/filter.go +++ b/hscontrol/policy/v2/filter.go @@ -3,7 +3,6 @@ package v2 import ( "errors" "fmt" - "net/netip" "slices" "strconv" "strings" @@ -135,6 +134,7 @@ func (pol *Policy) destinationsToNetPortRange( if pref.IsSingleIP() { pr.IP = pref.Addr().String() } + ret = append(ret, pr) } } @@ -260,7 +260,7 @@ func (pol *Policy) compileGrantWithAutogroupSelf( for _, port := range ipp.Ports { for _, ip := range n.IPs() { destPorts = append(destPorts, tailcfg.NetPortRange{ - IP: netip.PrefixFrom(ip, ip.BitLen()).String(), + IP: ip.String(), Ports: port, }) } diff --git a/hscontrol/policy/v2/filter_test.go b/hscontrol/policy/v2/filter_test.go index 6805d9da..17f39e23 100644 --- a/hscontrol/policy/v2/filter_test.go +++ b/hscontrol/policy/v2/filter_test.go @@ -1846,7 +1846,7 @@ func TestAutogroupSelfWithSpecificUserSource(t *testing.T) { actualDestIPs = append(actualDestIPs, dst.IP) } - expectedDestIPs := []string{"100.64.0.1/32", "100.64.0.2/32"} + expectedDestIPs := []string{"100.64.0.1", "100.64.0.2"} assert.ElementsMatch(t, expectedDestIPs, actualDestIPs) node2 := nodes[2].View()