policy/v2: use bare IPs in autogroup:self DstPorts

Use ip.String() instead of netip.PrefixFrom(ip, ip.BitLen()).String() when building DstPorts for autogroup:self destinations. This produces bare IPs like "100.90.199.68" instead of CIDR notation like "100.90.199.68/32", matching the Tailscale FilterRule wire format. Updates #2180
2026-04-19 15:21:35 +02:00 · 2026-03-18 10:39:55 +00:00
parent e3ab288351
commit bc9877ce28
2 changed files with 3 additions and 3 deletions
--- a/hscontrol/policy/v2/filter.go
+++ b/hscontrol/policy/v2/filter.go
@@ -3,7 +3,6 @@ package v2
 import (
 	"errors"
 	"fmt"
 	"net/netip"
 	"slices"
 	"strconv"
 	"strings"
@@ -135,6 +134,7 @@ func (pol *Policy) destinationsToNetPortRange(
 				if pref.IsSingleIP() {
 					pr.IP = pref.Addr().String()
 				}
 				ret = append(ret, pr)
 			}
 		}
@@ -260,7 +260,7 @@ func (pol *Policy) compileGrantWithAutogroupSelf(
 						for _, port := range ipp.Ports {
 							for _, ip := range n.IPs() {
 								destPorts = append(destPorts, tailcfg.NetPortRange{
-									IP:    netip.PrefixFrom(ip, ip.BitLen()).String(),
+									IP:    ip.String(),
 									Ports: port,
 								})
 							}
--- a/hscontrol/policy/v2/filter_test.go
+++ b/hscontrol/policy/v2/filter_test.go
@@ -1846,7 +1846,7 @@ func TestAutogroupSelfWithSpecificUserSource(t *testing.T) {
 		actualDestIPs = append(actualDestIPs, dst.IP)
 	}
-	expectedDestIPs := []string{"100.64.0.1/32", "100.64.0.2/32"}
+	expectedDestIPs := []string{"100.64.0.1", "100.64.0.2"}
 	assert.ElementsMatch(t, expectedDestIPs, actualDestIPs)
 	node2 := nodes[2].View()