Update packetfilter when peers change

Previously we did not update the packet filter when nodes changed, which would cause new nodes to be missing from packet filters of old nodes. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
juanfont · Sep 19, 2023 · 3b0749a · 3b0749a
1 parent a8079a2
commit 3b0749a
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 11 deletions.
diff --git a/hscontrol/mapper/mapper.go b/hscontrol/mapper/mapper.go
@@ -382,28 +382,31 @@ func (m *Mapper) DERPMapResponse(
 func (m *Mapper) PeerChangedResponse(
 	mapRequest tailcfg.MapRequest,
 	machine *types.Machine,
-	machineKeys []uint64,
+	machineIDs []uint64,
 	pol *policy.ACLPolicy,
 ) ([]byte, error) {
 	var err error
-	changed := make(types.Machines, len(machineKeys))
+	changed := make(types.Machines, len(machineIDs))
 	lastSeen := make(map[tailcfg.NodeID]bool)
-	for idx, machineKey := range machineKeys {
-		peer, err := m.db.GetMachineByID(machineKey)
-		if err != nil {
-			return nil, err
-		}
 
-		changed[idx] = *peer
+	peersList, err := m.db.ListPeers(machine)
+	if err != nil {
+		return nil, err
+	}
+
+	peers := peersList.IDMap()
+
+	for idx, machineID := range machineIDs {
+		changed[idx] = peers[machineID]
 
 		// We have just seen the node, let the peers update their list.
-		lastSeen[tailcfg.NodeID(peer.ID)] = true
+		lastSeen[tailcfg.NodeID(machineID)] = true
 	}
 
-	rules, _, err := policy.GenerateFilterAndSSHRules(
+	rules, sshPolicy, err := policy.GenerateFilterAndSSHRules(
 		pol,
 		machine,
-		changed,
+		peersList,
 	)
 	if err != nil {
 		return nil, err
@@ -434,6 +437,8 @@ func (m *Mapper) PeerChangedResponse(
 
 	resp := m.baseMapResponse(machine)
 	resp.PeersChanged = tailPeers
+	resp.PacketFilter = policy.ReduceFilterRules(machine, rules)
+	resp.SSHPolicy = sshPolicy
 	// resp.PeerSeenChange = lastSeen
 
 	return m.marshalMapResponse(mapRequest, &resp, machine, mapRequest.Compress)

diff --git a/hscontrol/types/machine.go b/hscontrol/types/machine.go
@@ -353,3 +353,13 @@ func (machines MachinesP) String() string {
 
 	return fmt.Sprintf("[ %s ](%d)", strings.Join(temp, ", "), len(temp))
 }
+
+func (machines Machines) IDMap() map[uint64]Machine {
+	ret := map[uint64]Machine{}
+
+	for _, machine := range machines {
+		ret[machine.ID] = machine
+	}
+
+	return ret
+}