cmd/tailscaled, net/dns, wgengine/router: start Windows child processes with DETACHED_PROCESS when I/O is being piped

When we're starting child processes on Windows that are CLI programs that
don't need to output to a console, we should pass in DETACHED_PROCESS as a
CreationFlag on SysProcAttr. This prevents the OS from even creating a console
for the child (and paying the associated time/space penalty for new conhost
processes). This is more efficient than letting the OS create the console
window and then subsequently trying to hide it, which we were doing at a few
callsites.

Fixes #12270

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
pull/12428/head
Aaron Klotz 6 months ago
parent 4cdc4ed7db
commit 3511d1f8a2

@ -435,6 +435,9 @@ func babysitProc(ctx context.Context, args []string, logf logger.Logf) {
startTime := time.Now() startTime := time.Now()
log.Printf("exec: %#v %v", executable, args) log.Printf("exec: %#v %v", executable, args)
cmd := exec.Command(executable, args...) cmd := exec.Command(executable, args...)
cmd.SysProcAttr = &syscall.SysProcAttr{
CreationFlags: windows.DETACHED_PROCESS,
}
// Create a pipe object to use as the subproc's stdin. // Create a pipe object to use as the subproc's stdin.
// When the writer goes away, the reader gets EOF. // When the writer goes away, the reader gets EOF.

@ -6,10 +6,17 @@ package dns
import ( import (
"fmt" "fmt"
"os/exec" "os/exec"
"syscall"
"golang.org/x/sys/windows"
) )
func flushCaches() error { func flushCaches() error {
out, err := exec.Command("ipconfig", "/flushdns").CombinedOutput() cmd := exec.Command("ipconfig", "/flushdns")
cmd.SysProcAttr = &syscall.SysProcAttr{
CreationFlags: windows.DETACHED_PROCESS,
}
out, err := cmd.CombinedOutput()
if err != nil { if err != nil {
return fmt.Errorf("%v (output: %s)", err, out) return fmt.Errorf("%v (output: %s)", err, out)
} }

@ -373,7 +373,9 @@ func (m *windowsManager) SetDNS(cfg OSConfig) error {
t0 := time.Now() t0 := time.Now()
m.logf("running ipconfig /registerdns ...") m.logf("running ipconfig /registerdns ...")
cmd := exec.Command("ipconfig", "/registerdns") cmd := exec.Command("ipconfig", "/registerdns")
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} cmd.SysProcAttr = &syscall.SysProcAttr{
CreationFlags: windows.DETACHED_PROCESS,
}
err := cmd.Run() err := cmd.Run()
d := time.Since(t0).Round(time.Millisecond) d := time.Since(t0).Round(time.Millisecond)
if err != nil { if err != nil {
@ -385,7 +387,9 @@ func (m *windowsManager) SetDNS(cfg OSConfig) error {
t0 = time.Now() t0 = time.Now()
m.logf("running ipconfig /flushdns ...") m.logf("running ipconfig /flushdns ...")
cmd = exec.Command("ipconfig", "/flushdns") cmd = exec.Command("ipconfig", "/flushdns")
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} cmd.SysProcAttr = &syscall.SysProcAttr{
CreationFlags: windows.DETACHED_PROCESS,
}
err = cmd.Run() err = cmd.Run()
d = time.Since(t0).Round(time.Millisecond) d = time.Since(t0).Round(time.Millisecond)
if err != nil { if err != nil {

@ -228,8 +228,8 @@ func wslRun(cmd *exec.Cmd) (err error) {
} }
cmd.SysProcAttr = &syscall.SysProcAttr{ cmd.SysProcAttr = &syscall.SysProcAttr{
Token: syscall.Token(token), CreationFlags: windows.CREATE_NO_WINDOW,
HideWindow: true, Token: syscall.Token(token),
} }
return cmd.Run() return cmd.Run()
} }

@ -233,7 +233,9 @@ func (ft *firewallTweaker) runFirewall(args ...string) (time.Duration, error) {
t0 := time.Now() t0 := time.Now()
args = append([]string{"advfirewall", "firewall"}, args...) args = append([]string{"advfirewall", "firewall"}, args...)
cmd := exec.Command(ft.getNetshPath(), args...) cmd := exec.Command(ft.getNetshPath(), args...)
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} cmd.SysProcAttr = &syscall.SysProcAttr{
CreationFlags: windows.DETACHED_PROCESS,
}
b, err := cmd.CombinedOutput() b, err := cmd.CombinedOutput()
if err != nil { if err != nil {
err = fmt.Errorf("%w: %v", err, string(b)) err = fmt.Errorf("%w: %v", err, string(b))
@ -356,6 +358,9 @@ func (ft *firewallTweaker) doSet(local []string, killswitch bool, clear bool, pr
return err return err
} }
proc := exec.Command(exe, "/firewall", ft.tunGUID.String()) proc := exec.Command(exe, "/firewall", ft.tunGUID.String())
proc.SysProcAttr = &syscall.SysProcAttr{
CreationFlags: windows.DETACHED_PROCESS,
}
in, err := proc.StdinPipe() in, err := proc.StdinPipe()
if err != nil { if err != nil {
return err return err

Loading…
Cancel
Save