types: include ExitRoutes in HasNetworkChanges

When exit routes are approved, SubnetRoutes remains empty because exit routes (0.0.0.0/0, ::/0) are classified separately. Without checking ExitRoutes, the PolicyManager cache is not invalidated on exit route approval, causing stale filter rules that lack via grant entries for autogroup:internet destinations. Updates #2180
2026-04-07 21:47:46 +09:00 · 2026-03-26 18:21:16 +00:00
parent a76b4bd46c
commit 15c1cfd778
2 changed files with 35 additions and 0 deletions
--- a/hscontrol/types/node.go
+++ b/hscontrol/types/node.go
@@ -1030,6 +1030,10 @@ func (nv NodeView) HasNetworkChanges(other NodeView) bool {
 		return true
 	}

+	if !slices.Equal(nv.ExitRoutes(), other.ExitRoutes()) {
+		return true
+	}
+
 	return false
 }

--- a/hscontrol/types/node_test.go
+++ b/hscontrol/types/node_test.go
@@ -958,6 +958,37 @@ func TestHasNetworkChanges(t *testing.T) {
 			},
 			changed: false,
 		},
+		{
+			name: "ExitRoutes approved",
+			old: &Node{
+				ID:       1,
+				IPv4:     mustIPPtr("100.64.0.1"),
+				Hostinfo: &tailcfg.Hostinfo{RoutableIPs: []netip.Prefix{netip.MustParsePrefix("0.0.0.0/0"), netip.MustParsePrefix("::/0")}},
+			},
+			new: &Node{
+				ID:             1,
+				IPv4:           mustIPPtr("100.64.0.1"),
+				Hostinfo:       &tailcfg.Hostinfo{RoutableIPs: []netip.Prefix{netip.MustParsePrefix("0.0.0.0/0"), netip.MustParsePrefix("::/0")}},
+				ApprovedRoutes: []netip.Prefix{netip.MustParsePrefix("0.0.0.0/0"), netip.MustParsePrefix("::/0")},
+			},
+			changed: true,
+		},
+		{
+			name: "ExitRoutes unchanged when SubnetRoutes change",
+			old: &Node{
+				ID:             1,
+				IPv4:           mustIPPtr("100.64.0.1"),
+				Hostinfo:       &tailcfg.Hostinfo{RoutableIPs: []netip.Prefix{netip.MustParsePrefix("0.0.0.0/0"), netip.MustParsePrefix("::/0"), netip.MustParsePrefix("10.0.0.0/24")}},
+				ApprovedRoutes: []netip.Prefix{netip.MustParsePrefix("0.0.0.0/0"), netip.MustParsePrefix("::/0")},
+			},
+			new: &Node{
+				ID:             1,
+				IPv4:           mustIPPtr("100.64.0.1"),
+				Hostinfo:       &tailcfg.Hostinfo{RoutableIPs: []netip.Prefix{netip.MustParsePrefix("0.0.0.0/0"), netip.MustParsePrefix("::/0"), netip.MustParsePrefix("10.0.0.0/24")}},
+				ApprovedRoutes: []netip.Prefix{netip.MustParsePrefix("0.0.0.0/0"), netip.MustParsePrefix("::/0"), netip.MustParsePrefix("10.0.0.0/24")},
+			},
+			changed: true,
+		},
 	}

 	for _, tt := range tests {