Don't send non-associated CIDRs to peers

[afics]

Hi,

is there a reason all CIDRs are visible to all clients? My assumption is that in order to work a client only needs to see its associated CIDR and its own (+ any up to the root cidr) in order to work. Did I get that wrong?

If my assumption is true I would prefer to "hide" non-associated CIDRs from peers that don't need to see them. This cloud also be an optimization for networks with many CIDRs.

Regards, Armin

[mcginty]

Yeah! I can see how that makes more sense from a least-privilege perspective.