cmd/tailscaled: flush DNS if FlushDNSOnSessionUnlock is true upon receiving a session change notification

In this PR, we move the syspolicy.FlushDNSOnSessionUnlock check from service startup to when a session change notification is received. This ensures that the most recent policy setting value is used if it has changed since the service started. We also plan to handle session change notifications for unrelated reasons and need to decouple notification subscriptions from DNS anyway. Updates #12687 Updates tailscale/corp#18342 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2 days ago · 50bf32a0ba
parent 8e5cfbe4ab
commit 50bf32a0ba
1 changed files with 10 additions and 11 deletions
--- a/cmd/tailscaled/tailscaled_windows.go
+++ b/cmd/tailscaled/tailscaled_windows.go
@ -160,10 +160,7 @@ func (service *ipnService) Execute(args []string, r <-chan svc.ChangeRequest, ch
 	changes <- svc.Status{State: svc.StartPending}
 	syslogf("Service start pending")
-	svcAccepts := svc.AcceptStop
+	svcAccepts := svc.AcceptStop | svc.AcceptSessionChange
 	if flushDNSOnSessionUnlock, _ := syspolicy.GetBoolean(syspolicy.FlushDNSOnSessionUnlock, false); flushDNSOnSessionUnlock {
 		svcAccepts |= svc.AcceptSessionChange
 	}
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@ -371,13 +368,15 @@ func handleSessionChange(chgRequest svc.ChangeRequest) {
 		return
 	}
-	log.Printf("Received WTS_SESSION_UNLOCK event, initiating DNS flush.")
+	if flushDNSOnSessionUnlock, _ := syspolicy.GetBoolean(syspolicy.FlushDNSOnSessionUnlock, false); flushDNSOnSessionUnlock {
-	go func() {
+		log.Printf("Received WTS_SESSION_UNLOCK event, initiating DNS flush.")
-		err := dns.Flush()
+		go func() {
-		if err != nil {
+			err := dns.Flush()
-			log.Printf("Error flushing DNS on session unlock: %v", err)
+			if err != nil {
-		}
+				log.Printf("Error flushing DNS on session unlock: %v", err)
-	}()
+			}
 		}()
 	}
 }
 var (