cmd/tailscaled: disable netns in userspace-networking mode

Updates #2827 Updates #2822 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago · 382b349c54
parent 31c1331415
commit 382b349c54
7 changed files with 23 additions and 0 deletions
--- a/cmd/tailscaled/tailscaled.go
+++ b/cmd/tailscaled/tailscaled.go
@ -32,6 +32,7 @@ import (
 	"tailscale.com/ipn/ipnserver"
 	"tailscale.com/logpolicy"
 	"tailscale.com/net/dns"
+	"tailscale.com/net/netns"
 	"tailscale.com/net/socks5/tssocks"
 	"tailscale.com/net/tstun"
 	"tailscale.com/paths"
@ -296,6 +297,9 @@ func run() error {
 		logf("wgengine.New: %v", err)
 		return err
 	}
+	if useNetstack {
+		netns.Disable()
+	}

 	var ns *netstack.Impl
 	if useNetstack || wrapNetstack {
--- a/net/netns/netns.go
+++ b/net/netns/netns.go
@ -19,12 +19,23 @@ import (
 	"net"

 	"inet.af/netaddr"
+	"tailscale.com/syncs"
 )

+var disabled syncs.AtomicBool
+
+// Disable disables netns for the process.
+func Disable() {
+	disabled.Set(true)
+}
+
 // Listener returns a new net.Listener with its Control hook func
 // initialized as necessary to run in logical network namespace that
 // doesn't route back into Tailscale.
 func Listener() *net.ListenConfig {
+	if disabled.Get() {
+		return new(net.ListenConfig)
+	}
 	return &net.ListenConfig{Control: control}
 }

@ -41,6 +52,9 @@ func NewDialer() Dialer {
 // handles using a SOCKS if configured in the environment with
 // ALL_PROXY.
 func FromDialer(d *net.Dialer) Dialer {
+	if disabled.Get() {
+		return d
+	}
 	d.Control = control
 	if wrapDialer != nil {
 		return wrapDialer(d)
--- a/tstest/integration/tailscaled_deps_test_darwin.go
+++ b/tstest/integration/tailscaled_deps_test_darwin.go
@ -43,6 +43,7 @@ import (
 	_ "tailscale.com/logpolicy"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"
--- a/tstest/integration/tailscaled_deps_test_freebsd.go
+++ b/tstest/integration/tailscaled_deps_test_freebsd.go
@ -41,6 +41,7 @@ import (
 	_ "tailscale.com/logpolicy"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"
--- a/tstest/integration/tailscaled_deps_test_linux.go
+++ b/tstest/integration/tailscaled_deps_test_linux.go
@ -41,6 +41,7 @@ import (
 	_ "tailscale.com/logpolicy"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"
--- a/tstest/integration/tailscaled_deps_test_openbsd.go
+++ b/tstest/integration/tailscaled_deps_test_openbsd.go
@ -41,6 +41,7 @@ import (
 	_ "tailscale.com/logpolicy"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"
--- a/tstest/integration/tailscaled_deps_test_windows.go
+++ b/tstest/integration/tailscaled_deps_test_windows.go
@ -45,6 +45,7 @@ import (
 	_ "tailscale.com/logtail/backoff"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"