net/tsdial: move macOS/iOS peerapi sockopt logic from LocalBackend

Change-Id: I812cae027c40c70cdc701427b1a1850cd9bcd60c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-10-09 08:01:31 +00:00 · 2021-12-01 12:07:20 -08:00
parent 25eab78573
commit ad3d6e31f0
7 changed files with 63 additions and 54 deletions
--- a/net/tsdial/peerapi_macios_ext.go
+++ b/net/tsdial/peerapi_macios_ext.go
@@ -0,0 +1,43 @@
+// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file's built on iOS and on two of three macOS build variants:
+// the two GUI variants that both use Extensions (Network Extension
+// and System Extension). It's not used on tailscaled-on-macOS.
+
+//go:build ts_macext && (darwin || ios)
+// +build ts_macext
+// +build darwin ios
+
+package tsdial
+
+import (
+	"errors"
+	"net"
+	"syscall"
+
+	"tailscale.com/net/netns"
+)
+
+func init() {
+	peerDialControlFunc = peerDialControlFuncNetworkExtension
+}
+
+func peerDialControlFuncNetworkExtension(d *Dialer) func(network, address string, c syscall.RawConn) error {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	index := -1
+	if x, ok := d.interfaceIndexLocked(d.tunName); ok {
+		index = x
+	}
+	var lc net.ListenConfig
+	netns.SetListenConfigInterfaceIndex(&lc, index)
+	return func(network, address string, c syscall.RawConn) error {
+		if index == -1 {
+			return errors.New("failed to find TUN interface to bind to")
+		}
+		return lc.Control(network, address, c)
+	}
+}
--- a/net/tsdial/tsdial.go
+++ b/net/tsdial/tsdial.go
@@ -67,6 +67,22 @@ func (d *Dialer) SetLinkMonitor(mon *monitor.Mon) {
 	d.linkMon = mon
 }

+func (d *Dialer) interfaceIndexLocked(ifName string) (index int, ok bool) {
+	if d.linkMon == nil {
+		return 0, false
+	}
+	st := d.linkMon.InterfaceState()
+	iface, ok := st.Interface[ifName]
+	if !ok {
+		return 0, false
+	}
+	return iface.Index, true
+}
+
+// peerDialControlFunc is non-nil on platforms that require a way to
+// bind to dial out to other peers.
+var peerDialControlFunc func(*Dialer) func(network, address string, c syscall.RawConn) error
+
 // PeerDialControlFunc returns a function
 // that can assigned to net.Dialer.Control to set sockopts or whatnot
 // to make a dial escape the current platform's network sandbox.
@@ -76,19 +92,10 @@ func (d *Dialer) SetLinkMonitor(mon *monitor.Mon) {
 // Notably, this is non-nil on iOS and macOS when run as a Network or
 // System Extension (the GUI variants).
 func (d *Dialer) PeerDialControlFunc() func(network, address string, c syscall.RawConn) error {
-	gf, _ := d.peerDialControlFuncAtomic.Load().(func() func(network, address string, c syscall.RawConn) error)
-	if gf == nil {
+	if peerDialControlFunc == nil {
 		return nil
 	}
-	return gf()
-}
-
-// SetPeerDialControlFuncGetter sets a function that returns, for the
-// current network configuration at the time it's called, a function
-// that can assigned to net.Dialer.Control to set sockopts or whatnot
-// to make a dial escape the current platform's network sandbox.
-func (d *Dialer) SetPeerDialControlFuncGetter(getFunc func() func(network, address string, c syscall.RawConn) error) {
-	d.peerDialControlFuncAtomic.Store(getFunc)
+	return peerDialControlFunc(d)
 }

 // SetDNSMap sets the current map of DNS names learned from the netmap.