Skip to content

feat(daemon): wire rate-limit whitelist CLI flags + env (PILOT-343/344/345)#225

Merged
TeoSlayer merged 3 commits into
mainfrom
fix/pilot-343-344-345-daemon-whitelist-wiring
Jun 7, 2026
Merged

feat(daemon): wire rate-limit whitelist CLI flags + env (PILOT-343/344/345)#225
TeoSlayer merged 3 commits into
mainfrom
fix/pilot-343-344-345-daemon-whitelist-wiring

Conversation

@TeoSlayer

Copy link
Copy Markdown
Collaborator

Operator-facing wiring for the whitelists added in PR #222/#223/#224. Adds:

  • d.SetReplyWhitelist and d.SetRekeyWhitelist proxy methods on Daemon
  • tm.SetReplyWhitelist proxy on TunnelManager → keyexchange.Manager
  • CLI flags -syn-whitelist, -reply-whitelist, -rekey-whitelist accepting comma-separated decimal node IDs
  • Env var fallbacks: PILOT_SYN_WHITELIST, PILOT_REPLY_WHITELIST, PILOT_REKEY_WHITELIST
  • parseNodeIDs + applyNodeIDWhitelist helpers in cmd/daemon
  • Whitelists applied BEFORE d.Start() so the first inbound frame already sees them
  • Garbage tokens log a warning and are skipped — a typo in env won't fail-fast the daemon
  • Empty default preserves backwards compatibility

@TeoSlayer TeoSlayer requested a review from Alexgodoroja as a code owner June 7, 2026 07:45
@TeoSlayer TeoSlayer merged commit ecf5dd6 into main Jun 7, 2026
8 checks passed
@TeoSlayer TeoSlayer deleted the fix/pilot-343-344-345-daemon-whitelist-wiring branch June 7, 2026 07:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant