net/netns, net/interfaces: explicitly bind sockets to the default interface on all Darwin variants

We were previously only doing this for tailscaled-on-Darwin, but it also appears to help on iOS. Otherwise, when we rebind magicsock UDP connections after a cellular -> WiFi interface change they still keep using cellular one. To do this correctly when using exit nodes, we need to exclude the Tailscale interface when getting the default route, otherwise packets cannot leave the tunnel. There are native macOS/iOS APIs that we can use to do this, so we allow those clients to override the implementation of DefaultRouteInterfaceIndex. Updates #6565, may also help with #5156 Signed-off-by: Mihai Parparita <mihai@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2022-11-29 17:54:45 -08:00
parent cb525a1aad
commit 79f3a5d753
4 changed files with 52 additions and 61 deletions
--- a/net/interfaces/interfaces_bsd.go
+++ b/net/interfaces/interfaces_bsd.go
@@ -20,6 +20,7 @@ import (
 	"golang.org/x/net/route"
 	"golang.org/x/sys/unix"
 	"tailscale.com/net/netaddr"
+	"tailscale.com/syncs"
 )

 func defaultRoute() (d DefaultRouteDetails, err error) {
@@ -36,7 +37,17 @@ func defaultRoute() (d DefaultRouteDetails, err error) {
 	return d, nil
 }

+// DefaultRouteInterfaceIndex returns the index of the network interface that
+// owns the default route. It returns the first IPv4 or IPv6 default route it
+// finds (it does not prefer one or the other).
 func DefaultRouteInterfaceIndex() (int, error) {
+	if f := defaultRouteInterfaceIndexFunc.Load(); f != nil {
+		if ifIndex := f(); ifIndex != 0 {
+			return ifIndex, nil
+		}
+		// Fallthrough if we can't use the alternate implementation.
+	}
+
 	// $ netstat -nr
 	// Routing tables
 	// Internet:
@@ -71,6 +82,16 @@ func DefaultRouteInterfaceIndex() (int, error) {
 	return 0, errors.New("no gateway index found")
 }

+var defaultRouteInterfaceIndexFunc syncs.AtomicValue[func() int]
+
+// SetDefaultRouteInterfaceIndexFunc allows an alternate implementation of 
+// DefaultRouteInterfaceIndex to be provided. If none is set, or if f() returns a 0
+// (indicating an unknown interface index), then the default implementation (that parses
+// the routing table) will be used.
+func SetDefaultRouteInterfaceIndexFunc(f func() int) {
+	defaultRouteInterfaceIndexFunc.Store(f)
+}
+
 func init() {
 	likelyHomeRouterIP = likelyHomeRouterIPBSDFetchRIB
 }