ipn/{ipnlocal,localapi}: ensure watcher is installed before /watch-ipn-bus/ responds with 200

This change delays the first flush in the /watch-ipn-bus/ handler until after the watcher has been successfully installed on the IPN bus. It does this by adding a new onWatchAdded callback to LocalBackend.WatchNotifications(). Without this, the endpoint returns a 200 almost immediatly, and only then installs a watcher for IPN events. This means there's a small window where events could be missed by clients after calling WatchIPNBus(). Fixes tailscale/corp#8594. Signed-off-by: salman <salman@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2023-01-17 20:59:03 +00:00
parent 3eb986fe05
commit eec734a578
3 changed files with 48 additions and 5 deletions
--- a/ipn/localapi/localapi.go
+++ b/ipn/localapi/localapi.go
@@ -721,7 +721,6 @@ func (h *Handler) serveWatchIPNBus(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
-	f.Flush()

 	var mask ipn.NotifyWatchOpt
 	if s := r.FormValue("mask"); s != "" {
@@ -733,7 +732,7 @@ func (h *Handler) serveWatchIPNBus(w http.ResponseWriter, r *http.Request) {
 		mask = ipn.NotifyWatchOpt(v)
 	}
 	ctx := r.Context()
-	h.b.WatchNotifications(ctx, mask, func(roNotify *ipn.Notify) (keepGoing bool) {
+	h.b.WatchNotifications(ctx, mask, f.Flush, func(roNotify *ipn.Notify) (keepGoing bool) {
 		js, err := json.Marshal(roNotify)
 		if err != nil {
 			h.logf("json.Marshal: %v", err)