netns,wgengine: add OpenBSD support to netns via an rtable

When an exit node has been set and a new default route is added,
create a new rtable in the default rdomain and add the current
default route via its physical interface.  When control() is
requesting a connection not go through the exit-node default route,
we can use the SO_RTABLE socket option to force it through the new
rtable we created.

Updates #17321

Signed-off-by: joshua stein <jcs@jcs.org>
This commit is contained in:
joshua stein
2026-02-22 17:13:58 -06:00
committed by Brad Fitzpatrick
parent 7370c24eb4
commit 518d241700
11 changed files with 231 additions and 20 deletions
+2 -3
View File
@@ -1,11 +1,10 @@
// Copyright (c) Tailscale Inc & contributors
// SPDX-License-Identifier: BSD-3-Clause
// Common code for FreeBSD. This might also work on other
// BSD systems (e.g. OpenBSD) but has not been tested.
// Common code for FreeBSD and OpenBSD.
// Not used on iOS or macOS. See defaultroute_darwin.go.
//go:build freebsd
//go:build freebsd || openbsd
package netmon
+1 -1
View File
@@ -4,7 +4,7 @@
// Common code for FreeBSD and Darwin. This might also work on other
// BSD systems (e.g. OpenBSD) but has not been tested.
//go:build darwin || freebsd
//go:build darwin || freebsd || openbsd
package netmon
@@ -1,9 +1,9 @@
// Copyright (c) Tailscale Inc & contributors
// SPDX-License-Identifier: BSD-3-Clause
// This might work on other BSDs, but only tested on FreeBSD.
// FreeBSD and OpenBSD routing table functions.
//go:build freebsd
//go:build freebsd || openbsd
package netmon
+1 -1
View File
@@ -1,7 +1,7 @@
// Copyright (c) Tailscale Inc & contributors
// SPDX-License-Identifier: BSD-3-Clause
//go:build !linux && !windows && !darwin && !freebsd && !android
//go:build !linux && !windows && !darwin && !freebsd && !android && !openbsd
package netmon