[client] Enhance SyncRequest with NetworkMap serial tracking

- Added `networkMapSerial` field to `SyncRequest` for tracking the last known network map serial number.
- Updated `GrpcClient` to store and utilize the last network map serial during sync operations, optimizing synchronization processes.
- Improved handling of system info updates to ensure accurate metadata is sent with sync requests.

shared/management/client/grpc.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"google.golang.org/grpc/codes"
@@ -44,6 +45,8 @@ type GrpcClient struct {
 	conn                  *grpc.ClientConn
 	connStateCallback     ConnStateNotifier
 	connStateCallbackLock sync.RWMutex
+	// lastNetworkMapSerial stores last seen network map serial to optimize sync
+	lastNetworkMapSerial uint64
 }
 
 // NewClient creates a new client to Management service
@@ -216,11 +219,34 @@ func (c *GrpcClient) GetNetworkMap(sysInfo *system.Info) (*proto.NetworkMap, err
 		return nil, fmt.Errorf("invalid msg, required network map")
 	}
 
+	// update last seen serial
+	atomic.StoreUint64(&c.lastNetworkMapSerial, decryptedResp.GetNetworkMap().GetSerial())
+
 	return decryptedResp.GetNetworkMap(), nil
 }
 
 func (c *GrpcClient) connectToStream(ctx context.Context, serverPubKey wgtypes.Key, sysInfo *system.Info) (proto.ManagementService_SyncClient, error) {
-	req := &proto.SyncRequest{Meta: infoToMetaData(sysInfo)}
+	// Always compute latest system info to ensure up-to-date PeerSystemMeta on first and subsequent syncs
+	recomputed := system.GetInfo(c.ctx)
+	if sysInfo != nil {
+		recomputed.SetFlags(
+			sysInfo.RosenpassEnabled,
+			sysInfo.RosenpassPermissive,
+			&sysInfo.ServerSSHAllowed,
+			sysInfo.DisableClientRoutes,
+			sysInfo.DisableServerRoutes,
+			sysInfo.DisableDNS,
+			sysInfo.DisableFirewall,
+			sysInfo.BlockLANAccess,
+			sysInfo.BlockInbound,
+			sysInfo.LazyConnectionEnabled,
+		)
+		// carry over posture files if any were computed
+		if len(sysInfo.Files) > 0 {
+			recomputed.Files = sysInfo.Files
+		}
+	}
+	req := &proto.SyncRequest{Meta: infoToMetaData(recomputed), NetworkMapSerial: atomic.LoadUint64(&c.lastNetworkMapSerial)}
 
 	myPrivateKey := c.key
 	myPublicKey := myPrivateKey.PublicKey()
@@ -258,6 +284,11 @@ func (c *GrpcClient) receiveEvents(stream proto.ManagementService_SyncClient, se
 			return err
 		}
 
+		// track latest network map serial if present
+		if decryptedResp.GetNetworkMap() != nil {
+			atomic.StoreUint64(&c.lastNetworkMapSerial, decryptedResp.GetNetworkMap().GetSerial())
+		}
+
 		if err := msgHandler(decryptedResp); err != nil {
 			log.Errorf("failed handling an update message received from Management Service: %v", err.Error())
 		}

shared/management/proto/management.proto

@@ -63,6 +63,8 @@ message EncryptedMessage {
 message SyncRequest {
   // Meta data of the peer
   PeerSystemMeta meta = 1;
+  // Optional: last known NetworkMap serial number on the client
+  uint64 networkMapSerial = 2;
 }
 
 // SyncResponse represents a state that should be applied to the local peer (e.g. Netbird servers config as well as local peer and remote peers configs)