fix(apple): Reset cached system resolvers while tunnel is reasserting (#3274)

Fixes an issue where the DNS resolvers returned could be Connlib's if the network connectivity changed while Firezone was connected.
2026-01-27 10:18:54 +00:00 · 2024-01-16 23:01:50 -08:00
parent 98930cc1ba
commit 41bdc1f0f9
1 changed files with 8 additions and 8 deletions
--- a/swift/apple/FirezoneNetworkExtension/Adapter.swift
+++ b/swift/apple/FirezoneNetworkExtension/Adapter.swift
@@ -294,8 +294,14 @@ extension Adapter {
    self.networkSettings?.apply(
      on: self.packetTunnelProvider,
      logger: self.logger,
-      completionHandler: nil
-    )
+      completionHandler: { _ in
+        // We can only get the system's default resolvers before connlib starts, and then they'll
+        // be overwritten by the ones from connlib. So cache them here for getSystemDefaultResolvers
+        // to retrieve them later.
+        self.callbackHandler.setSystemDefaultResolvers(
+          resolvers: Resolv().getservers().map(Resolv.getnameinfo)
+        )
+      })
  }

  private func beginPathMonitoring() {
@@ -339,12 +345,6 @@ extension Adapter {
      self.logger.log("Adapter.didReceivePathUpdate: Back online. Starting connlib.")

      do {
-        // We can only get the system's default resolvers before connlib starts, and then they'll
-        // be overwritten by the ones from connlib. So cache them here for getSystemDefaultResolvers
-        // to retrieve them later.
-        self.callbackHandler.setSystemDefaultResolvers(
-          resolvers: Resolv().getservers().map(Resolv.getnameinfo)
-        )
        self.state = .startingTunnel(
          session: try WrappedSession.connect(
            controlPlaneURLString,