node selfupdate and fix subnet router when ACL is enabled (#1673)

Fixes #1604 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-01-18 17:30:25 +01:00 · 2024-01-18 17:30:25 +01:00 · 1e22f17f36
commit 1e22f17f36
parent 65376e2842
9 changed files with 506 additions and 0 deletions
--- a/hscontrol/poll.go
+++ b/hscontrol/poll.go
@ -153,6 +153,8 @@ func (h *Headscale) handlePoll(
 					return
 				}

+				// Send an update to all peers to propagate the new routes
+				// available.
 				stateUpdate := types.StateUpdate{
 					Type:        types.StatePeerChanged,
 					ChangeNodes: types.Nodes{node},
@ -164,6 +166,19 @@ func (h *Headscale) handlePoll(
 						node.MachineKey.String())
 				}

+				// Send an update to the node itself with to ensure it
+				// has an updated packetfilter allowing the new route
+				// if it is defined in the ACL.
+				selfUpdate := types.StateUpdate{
+					Type:        types.StateSelfUpdate,
+					ChangeNodes: types.Nodes{node},
+				}
+				if selfUpdate.Valid() {
+					h.nodeNotifier.NotifyByMachineKey(
+						selfUpdate,
+						node.MachineKey)
+				}
+
 				return
 			}
 		}
@ -378,6 +393,16 @@ func (h *Headscale) handlePoll(
 			var data []byte
 			var err error

+			// Ensure the node object is updated, for example, there
+			// might have been a hostinfo update in a sidechannel
+			// which contains data needed to generate a map response.
+			node, err = h.db.GetNodeByMachineKey(node.MachineKey)
+			if err != nil {
+				logErr(err, "Could not get machine from db")
+
+				return
+			}
+
 			switch update.Type {
 			case types.StateFullUpdate:
 				logInfo("Sending Full MapResponse")