From 7dd4c048c3ccc5185c37d3b4e3f41705c0aa6b76 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Tue, 18 Feb 2025 22:10:03 +0400 Subject: [PATCH] add mutex around peer tags --- controllers/hosts.go | 2 +- logic/acls.go | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/controllers/hosts.go b/controllers/hosts.go index 1346b654..17f23e3b 100644 --- a/controllers/hosts.go +++ b/controllers/hosts.go @@ -316,7 +316,7 @@ func hostUpdateFallback(w http.ResponseWriter, r *http.Request) { var hostUpdate models.HostUpdate err = json.NewDecoder(r.Body).Decode(&hostUpdate) if err != nil { - logger.Log(0, r.Header.Get("user"), "failed to update a host:", err.Error()) + slog.Error("failed to update a host:", "user", r.Header.Get("user"), "error", err.Error(), "host", currentHost.Name) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) return } diff --git a/logic/acls.go b/logic/acls.go index 024344dc..50be27ec 100644 --- a/logic/acls.go +++ b/logic/acls.go @@ -17,6 +17,7 @@ import ( var ( aclCacheMutex = &sync.RWMutex{} aclCacheMap = make(map[string]models.Acl) + aclTagsMutex = &sync.RWMutex{} ) func MigrateAclPolicies() { @@ -575,8 +576,10 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool { if peer.IsStatic { peer = peer.StaticNode.ConvertToStaticNode() } + aclTagsMutex.RLock() peerTags := maps.Clone(peer.Tags) nodeTags := maps.Clone(node.Tags) + aclTagsMutex.RUnlock() if checkDefaultPolicy { // check default policy if all allowed return true defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy) @@ -658,8 +661,10 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool) if peer.IsStatic { peer = peer.StaticNode.ConvertToStaticNode() } + aclTagsMutex.RLock() peerTags := maps.Clone(peer.Tags) nodeTags := maps.Clone(node.Tags) + aclTagsMutex.RUnlock() if checkDefaultPolicy { // check default policy if all allowed return true defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)