HostInfo.remoteCidr should only be populated with the entire vpn ip address issued in the certificate

2025-12-30 18:48:28 +01:00 · 2025-10-07 17:11:26 -05:00
parent 22af56f156
commit d400d9a5ec
2 changed files with 37 additions and 2 deletions
--- a/hostmap.go
+++ b/hostmap.go
@@ -714,8 +714,7 @@ func (i *HostInfo) CreateRemoteCIDR(c *cert.NebulaCertificate) {
 		//TODO: IPV6-WORK what to do when ip is invalid?
 		nip, _ := netip.AddrFromSlice(ip.IP)
 		nip = nip.Unmap()
-		bits, _ := ip.Mask.Size()
-		remoteCidr.Insert(netip.PrefixFrom(nip, bits), struct{}{})
+		remoteCidr.Insert(netip.PrefixFrom(nip, nip.BitLen()), struct{}{})
 	}

 	for _, n := range c.Details.Subnets {