From 2afba0233b6de070bf78518d2a95f8e3e39c5c24 Mon Sep 17 00:00:00 2001
From: Fatih Acar <facar@scaleway.com>
Date: Tue, 20 Dec 2022 10:08:32 +0100
Subject: [PATCH] fix(routes): ensure routes are correctly propagated

When using Tailscale v1.34.1, enabling or disabling a route does not
effectively add or remove the route from the node's routing table.
We must restart tailscale on the node to have a netmap update.

Fix this by refreshing last state change so that a netmap diff is sent.

Also do not include secondary routes in allowedIPs, otherwise secondary
routes might be used by nodes instead of the primary route.

Signed-off-by: Fatih Acar <facar@scaleway.com>
---
 machine.go | 10 +++-------
 routes.go  |  7 +++++++
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/machine.go b/machine.go
index 1f958cce..bc01714d 100644
--- a/machine.go
+++ b/machine.go
@@ -675,19 +675,14 @@ func (h *Headscale) toNode(
 		[]netip.Prefix{},
 		addrs...) // we append the node own IP, as it is required by the clients
 
-	enabledRoutes, err := h.GetEnabledRoutes(&machine)
-	if err != nil {
-		return nil, err
-	}
-
-	allowedIPs = append(allowedIPs, enabledRoutes...)
-
 	primaryRoutes, err := h.getMachinePrimaryRoutes(&machine)
 	if err != nil {
 		return nil, err
 	}
 	primaryPrefixes := Routes(primaryRoutes).toPrefixes()
 
+	allowedIPs = append(allowedIPs, primaryPrefixes...)
+
 	var derp string
 	if machine.HostInfo.NetInfo != nil {
 		derp = fmt.Sprintf("127.3.3.40:%d", machine.HostInfo.NetInfo.PreferredDERP)
@@ -1057,6 +1052,7 @@ func (h *Headscale) EnableRoutes(machine *Machine, routeStrs ...string) error {
 		}
 	}
 
+	h.setLastStateChangeToNow()
 	return nil
 }
 
diff --git a/routes.go b/routes.go
index f59a6039..e4f74e6b 100644
--- a/routes.go
+++ b/routes.go
@@ -215,6 +215,7 @@ func (h *Headscale) handlePrimarySubnetFailover() error {
 		log.Error().Err(err).Msg("error getting routes")
 	}
 
+	routesChanged := false
 	for pos, route := range routes {
 		if route.isExitRoute() {
 			continue
@@ -235,6 +236,7 @@ func (h *Headscale) handlePrimarySubnetFailover() error {
 					return err
 				}
 
+				routesChanged = true
 				continue
 			}
 		}
@@ -306,9 +308,14 @@ func (h *Headscale) handlePrimarySubnetFailover() error {
 
 				return err
 			}
+
+			routesChanged = true
 		}
 	}
 
+	if routesChanged {
+		h.setLastStateChangeToNow()
+	}
 	return nil
 }