From e109cf9fdd405153a8d8c0ec52a87d7c8ce8689b Mon Sep 17 00:00:00 2001
From: shayne <shayne@tailscale.com>
Date: Sat, 11 Mar 2023 16:07:22 -0500
Subject: [PATCH] tsnet/tsnet: clear ipn.ServeConfig on Up for tsnet apps
 (#7534)

We persist the ServeConfig, even for tsnet apps. It's quite possible for
the ServeConfig to be out of step with the code. Example: If you run
`ListenFunnel` then later turn it off, the ServeConfig will still show
it enabled, the admin console will show it enabled, but the packet
handler will reject the packets.

Workaround by clearing the ServeConfig in `tsnet.Up`

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
---
 tsnet/tsnet.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tsnet/tsnet.go b/tsnet/tsnet.go
index b7ff8a1b4..2b5389894 100644
--- a/tsnet/tsnet.go
+++ b/tsnet/tsnet.go
@@ -277,6 +277,14 @@ func (s *Server) Up(ctx context.Context) (*ipnstate.Status, error) {
 				if len(status.TailscaleIPs) == 0 {
 					return nil, errors.New("tsnet.Up: running, but no ip")
 				}
+
+				// Clear the persisted serve config state to prevent stale configuration
+				// from code changes. This is a temporary workaround until we have a better
+				// way to handle this. (2023-03-11)
+				if err := lc.SetServeConfig(ctx, new(ipn.ServeConfig)); err != nil {
+					return nil, fmt.Errorf("tsnet.Up: %w", err)
+				}
+
 				return status, nil
 			}
 			// TODO: in the future, return an error on ipn.NeedsLogin