Disable and Delete route must affect both exit routes (IPv4 and IPv6)

Fixed linting
This commit is contained in:
Juan Font 2023-05-07 10:17:16 +00:00
parent 7338775de7
commit 02ab0df2de
2 changed files with 81 additions and 4 deletions

View file

@ -106,6 +106,10 @@ func (h *Headscale) DisableRoute(id uint64) error {
return err return err
} }
// Tailscale requires both IPv4 and IPv6 exit routes to
// be enabled at the same time, as per
// https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002
if !route.isExitRoute() {
route.Enabled = false route.Enabled = false
route.IsPrimary = false route.IsPrimary = false
err = h.db.Save(route).Error err = h.db.Save(route).Error
@ -116,12 +120,35 @@ func (h *Headscale) DisableRoute(id uint64) error {
return h.handlePrimarySubnetFailover() return h.handlePrimarySubnetFailover()
} }
routes, err := h.GetMachineRoutes(&route.Machine)
if err != nil {
return err
}
for i := range routes {
if routes[i].isExitRoute() {
routes[i].Enabled = false
routes[i].IsPrimary = false
err = h.db.Save(&routes[i]).Error
if err != nil {
return err
}
}
}
return h.handlePrimarySubnetFailover()
}
func (h *Headscale) DeleteRoute(id uint64) error { func (h *Headscale) DeleteRoute(id uint64) error {
route, err := h.GetRoute(id) route, err := h.GetRoute(id)
if err != nil { if err != nil {
return err return err
} }
// Tailscale requires both IPv4 and IPv6 exit routes to
// be enabled at the same time, as per
// https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002
if !route.isExitRoute() {
if err := h.db.Unscoped().Delete(&route).Error; err != nil { if err := h.db.Unscoped().Delete(&route).Error; err != nil {
return err return err
} }
@ -129,6 +156,25 @@ func (h *Headscale) DeleteRoute(id uint64) error {
return h.handlePrimarySubnetFailover() return h.handlePrimarySubnetFailover()
} }
routes, err := h.GetMachineRoutes(&route.Machine)
if err != nil {
return err
}
routesToDelete := []Route{}
for _, r := range routes {
if r.isExitRoute() {
routesToDelete = append(routesToDelete, r)
}
}
if err := h.db.Unscoped().Delete(&routesToDelete).Error; err != nil {
return err
}
return h.handlePrimarySubnetFailover()
}
func (h *Headscale) DeleteMachineRoutes(m *Machine) error { func (h *Headscale) DeleteMachineRoutes(m *Machine) error {
routes, err := h.GetMachineRoutes(m) routes, err := h.GetMachineRoutes(m)
if err != nil { if err != nil {

View file

@ -457,6 +457,37 @@ func (s *Suite) TestAllowedIPRoutes(c *check.C) {
c.Assert(foundExitNodeV4, check.Equals, true) c.Assert(foundExitNodeV4, check.Equals, true)
c.Assert(foundExitNodeV6, check.Equals, true) c.Assert(foundExitNodeV6, check.Equals, true)
// Now we disable only one of the exit routes
// and we see if both are disabled
var exitRouteV4 Route
for _, route := range routes {
if route.isExitRoute() && netip.Prefix(route.Prefix) == prefixExitNodeV4 {
exitRouteV4 = route
break
}
}
err = app.DisableRoute(uint64(exitRouteV4.ID))
c.Assert(err, check.IsNil)
enabledRoutes1, err = app.GetEnabledRoutes(&machine1)
c.Assert(err, check.IsNil)
c.Assert(len(enabledRoutes1), check.Equals, 1)
// and now we delete only one of the exit routes
// and we check if both are deleted
routes, err = app.GetMachineRoutes(&machine1)
c.Assert(err, check.IsNil)
c.Assert(len(routes), check.Equals, 4)
err = app.DeleteRoute(uint64(exitRouteV4.ID))
c.Assert(err, check.IsNil)
routes, err = app.GetMachineRoutes(&machine1)
c.Assert(err, check.IsNil)
c.Assert(len(routes), check.Equals, 2)
} }
func (s *Suite) TestDeleteRoutes(c *check.C) { func (s *Suite) TestDeleteRoutes(c *check.C) {