cmd/tailscaled: disable netns in userspace-networking mode

Updates #2827
Updates #2822

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

cmd/tailscaled/tailscaled.go

@@ -32,6 +32,7 @@ import (
 	"tailscale.com/ipn/ipnserver"
 	"tailscale.com/logpolicy"
 	"tailscale.com/net/dns"
+	"tailscale.com/net/netns"
 	"tailscale.com/net/socks5/tssocks"
 	"tailscale.com/net/tstun"
 	"tailscale.com/paths"
@@ -296,6 +297,9 @@ func run() error {
 		logf("wgengine.New: %v", err)
 		return err
 	}
+	if useNetstack {
+		netns.Disable()
+	}
 
 	var ns *netstack.Impl
 	if useNetstack || wrapNetstack {

net/netns/netns.go

@@ -19,12 +19,23 @@ import (
 	"net"
 
 	"inet.af/netaddr"
+	"tailscale.com/syncs"
 )
 
+var disabled syncs.AtomicBool
+
+// Disable disables netns for the process.
+func Disable() {
+	disabled.Set(true)
+}
+
 // Listener returns a new net.Listener with its Control hook func
 // initialized as necessary to run in logical network namespace that
 // doesn't route back into Tailscale.
 func Listener() *net.ListenConfig {
+	if disabled.Get() {
+		return new(net.ListenConfig)
+	}
 	return &net.ListenConfig{Control: control}
 }
 
@@ -41,6 +52,9 @@ func NewDialer() Dialer {
 // handles using a SOCKS if configured in the environment with
 // ALL_PROXY.
 func FromDialer(d *net.Dialer) Dialer {
+	if disabled.Get() {
+		return d
+	}
 	d.Control = control
 	if wrapDialer != nil {
 		return wrapDialer(d)

tstest/integration/tailscaled_deps_test_darwin.go

@@ -43,6 +43,7 @@ import (
 	_ "tailscale.com/logpolicy"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"

tstest/integration/tailscaled_deps_test_freebsd.go

@@ -41,6 +41,7 @@ import (
 	_ "tailscale.com/logpolicy"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"

tstest/integration/tailscaled_deps_test_linux.go

@@ -41,6 +41,7 @@ import (
 	_ "tailscale.com/logpolicy"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"

tstest/integration/tailscaled_deps_test_openbsd.go

@@ -41,6 +41,7 @@ import (
 	_ "tailscale.com/logpolicy"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"

tstest/integration/tailscaled_deps_test_windows.go

@@ -45,6 +45,7 @@ import (
 	_ "tailscale.com/logtail/backoff"
 	_ "tailscale.com/net/dns"
 	_ "tailscale.com/net/interfaces"
+	_ "tailscale.com/net/netns"
 	_ "tailscale.com/net/portmapper"
 	_ "tailscale.com/net/socks5/tssocks"
 	_ "tailscale.com/net/tshttpproxy"