[client] Fix legacy routes when connecting to management servers older than v0.30.0 (#3854)

2025-06-20 09:47:49 +02:00 · 2025-05-21 13:48:55 +02:00 · 2025-05-21 13:48:55 +02:00 · e806d9de38
commit e806d9de38
parent daa8380df9
2 changed files with 8 additions and 6 deletions
--- a/client/internal/acl/manager.go
+++ b/client/internal/acl/manager.go
@ -76,12 +76,6 @@ func (d *DefaultManager) ApplyFiltering(networkMap *mgmProto.NetworkMap, dnsRout
 	d.applyPeerACLs(networkMap)
 	// If we got empty rules list but management did not set the networkMap.FirewallRulesIsEmpty flag,
 	// then the mgmt server is older than the client, and we need to allow all traffic for routes
 	isLegacy := len(networkMap.RoutesFirewallRules) == 0 && !networkMap.RoutesFirewallRulesIsEmpty
 	if err := d.firewall.SetLegacyManagement(isLegacy); err != nil {
 		log.Errorf("failed to set legacy management flag: %v", err)
 	}
 	if err := d.applyRouteACLs(networkMap.RoutesFirewallRules, dnsRouteFeatureFlag); err != nil {
 		log.Errorf("Failed to apply route ACLs: %v", err)
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@ -978,6 +978,14 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
 				log.Errorf("failed to update local IPs: %v", err)
 			}
 		}
 		// If we got empty rules list but management did not set the networkMap.FirewallRulesIsEmpty flag,
 		// then the mgmt server is older than the client, and we need to allow all traffic for routes.
 		// This needs to be toggled before applying routes.
 		isLegacy := len(networkMap.RoutesFirewallRules) == 0 && !networkMap.RoutesFirewallRulesIsEmpty
 		if err := e.firewall.SetLegacyManagement(isLegacy); err != nil {
 			log.Errorf("failed to set legacy management flag: %v", err)
 		}
 	}
 	dnsRouteFeatureFlag := toDNSFeatureFlag(networkMap)