Return error from EncodePrefix instead of silently clamping bits

2026-04-16 07:16:38 +00:00 · 2026-04-10 06:51:55 +02:00
parent 456298864c
commit 6c5ff88569
6 changed files with 72 additions and 41 deletions
--- a/client/internal/debug/debug.go
+++ b/client/internal/debug/debug.go
@@ -1262,7 +1262,9 @@ func anonymizePeerConfig(config *mgmProto.PeerConfig, anonymizer *anonymize.Anon

 	if v6Prefix, err := netiputil.DecodePrefix(config.GetAddressV6()); err == nil {
 		anonV6 := anonymizer.AnonymizeIP(v6Prefix.Addr())
-		config.AddressV6 = netiputil.EncodePrefix(netip.PrefixFrom(anonV6, v6Prefix.Bits()))
+		if b, err := netiputil.EncodePrefix(netip.PrefixFrom(anonV6, v6Prefix.Bits())); err == nil {
+			config.AddressV6 = b
+		}
 	}

 	anonymizeSSHConfig(config.SshConfig)
--- a/client/internal/debug/debug_test.go
+++ b/client/internal/debug/debug_test.go
@@ -20,6 +20,13 @@ import (
 	"github.com/netbirdio/netbird/shared/netiputil"
 )

+func mustEncodePrefix(t *testing.T, p netip.Prefix) []byte {
+	t.Helper()
+	b, err := netiputil.EncodePrefix(p)
+	require.NoError(t, err)
+	return b
+}
+
 func TestAnonymizeStateFile(t *testing.T) {
 	testState := map[string]json.RawMessage{
 		"null_state": json.RawMessage("null"),
@@ -278,7 +285,7 @@ func TestAnonymizeNetworkMap(t *testing.T) {
 	networkMap := &mgmProto.NetworkMap{
 		PeerConfig: &mgmProto.PeerConfig{
 			Address:   "203.0.113.5",
-			AddressV6: netiputil.EncodePrefix(origV6Prefix),
+			AddressV6: mustEncodePrefix(t, origV6Prefix),
 			Dns:       "1.2.3.4",
 			Fqdn:      "peer1.corp.example.com",
 			SshConfig: &mgmProto.SSHConfig{
--- a/client/internal/engine_test.go
+++ b/client/internal/engine_test.go
@@ -1701,6 +1701,13 @@ func getPeers(e *Engine) int {
 	return len(e.peerStore.PeersPubKey())
 }

+func mustEncodePrefix(t *testing.T, p netip.Prefix) []byte {
+	t.Helper()
+	b, err := netiputil.EncodePrefix(p)
+	require.NoError(t, err)
+	return b
+}
+
 func TestEngine_hasIPv6Changed(t *testing.T) {
 	v4Only := wgaddr.MustParseWGAddress("100.64.0.1/16")

@@ -1723,7 +1730,7 @@ func TestEngine_hasIPv6Changed(t *testing.T) {
 		{
 			name:     "no v6 before, v6 added",
 			current:  v4Only,
-			confV6:   netiputil.EncodePrefix(netip.MustParsePrefix("fd00::1/64")),
+			confV6:   mustEncodePrefix(t, netip.MustParsePrefix("fd00::1/64")),
 			expected: true,
 		},
 		{
@@ -1735,19 +1742,19 @@ func TestEngine_hasIPv6Changed(t *testing.T) {
 		{
 			name:     "had v6, same v6",
 			current:  v4v6,
-			confV6:   netiputil.EncodePrefix(netip.MustParsePrefix("fd00::1/64")),
+			confV6:   mustEncodePrefix(t, netip.MustParsePrefix("fd00::1/64")),
 			expected: false,
 		},
 		{
 			name:     "had v6, different v6",
 			current:  v4v6,
-			confV6:   netiputil.EncodePrefix(netip.MustParsePrefix("fd00::2/64")),
+			confV6:   mustEncodePrefix(t, netip.MustParsePrefix("fd00::2/64")),
 			expected: true,
 		},
 		{
 			name:     "same v6 addr, different prefix length",
 			current:  v4v6,
-			confV6:   netiputil.EncodePrefix(netip.MustParsePrefix("fd00::1/80")),
+			confV6:   mustEncodePrefix(t, netip.MustParsePrefix("fd00::1/80")),
 			expected: true,
 		},
 		{