ipn/ipnlocal: restart the map poll when posture checking is enabled

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
This commit is contained in:
Anton Tolchanov 2023-11-13 17:18:55 +00:00
parent 86c8ab7502
commit c712b4917e
2 changed files with 14 additions and 3 deletions

View File

@ -290,9 +290,9 @@ func (c *Auto) cancelMapCtxLocked() {
} }
} }
// restartMap cancels the existing mapPoll and liteUpdates, and then starts a // RestartMap cancels the existing mapPoll and liteUpdates, and then starts a
// new one. // new one.
func (c *Auto) restartMap() { func (c *Auto) RestartMap() {
c.mu.Lock() c.mu.Lock()
c.cancelMapCtxLocked() c.cancelMapCtxLocked()
synced := c.inMapPoll synced := c.inMapPoll
@ -397,7 +397,7 @@ func (c *Auto) authRoutine() {
c.mu.Unlock() c.mu.Unlock()
c.sendStatus("authRoutine-success", nil, "", nil) c.sendStatus("authRoutine-success", nil, "", nil)
c.restartMap() c.RestartMap()
bo.BackOff(ctx, nil) bo.BackOff(ctx, nil)
} }
} }

View File

@ -3085,6 +3085,17 @@ func (b *LocalBackend) setPrefsLockedOnEntry(caller string, newp *ipn.Prefs) ipn
b.authReconfig() b.authReconfig()
} }
// Control collects posture identity from a client when a map poll is
// established. While most real clients will have this set via MDM, during
// testing someone might just run `tailscale set --posture-checking=true`,
// and we'd like them to start seeing their serial number in control
// immediately. To do that, if posture checking is getting enabled, we
// re-start the map poll. Not great, but I guess better than asking clients
// to restart the client when they set --posture-checking=true.
if !oldp.PostureChecking() && newp.PostureChecking {
b.ccAuto.RestartMap()
}
b.send(ipn.Notify{Prefs: &prefs}) b.send(ipn.Notify{Prefs: &prefs})
return prefs return prefs
} }