wgengine/router: default to a fake router on android

The regular android app constructs its own wgengine with additional FFI shims, so this default codepath only affects other handcrafted buids like tsnet, which do not let the caller customize the innards of wgengine. Android >=14 forbids the use of netlink sockets, which makes the standard linux router fail to initialize. Fixes #9836 Signed-off-by: David Anderson <dave@tailscale.com>
2025-08-11 13:18:53 +00:00 · 2025-03-19 10:47:25 -07:00
parent 917bcdba79
commit 66664b3167
2 changed files with 31 additions and 0 deletions
--- a/wgengine/router/router_android.go
+++ b/wgengine/router/router_android.go
@@ -0,0 +1,29 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build android
+
+package router
+
+import (
+	"github.com/tailscale/wireguard-go/tun"
+	"tailscale.com/health"
+	"tailscale.com/net/netmon"
+	"tailscale.com/types/logger"
+)
+
+func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, netMon *netmon.Monitor, health *health.Tracker) (Router, error) {
+	// Note, this codepath is _not_ used when building the android app
+	// from github.com/tailscale/tailscale-android. The android app
+	// constructs its own wgengine with a custom router implementation
+	// that plugs into Android networking APIs.
+	//
+	// In practice, the only place this fake router gets used is when
+	// you build a tsnet app for android, in which case we don't want
+	// to touch the OS network stack and a no-op router is correct.
+	return NewFake(logf), nil
+}
+
+func cleanUp(logf logger.Logf, interfaceName string) {
+	// Nothing to do here.
+}
--- a/wgengine/router/router_linux.go
+++ b/wgengine/router/router_linux.go
@@ -1,6 +1,8 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause

+//go:build !android
+
 package router

 import (