ipn/ipnlocal: prefer to use one CGNAT route on the Mac

Together with 06aa141632 this minimizes
the number of NEPacketTunnelNetworkSettings updates that we have to do,
and thus avoids Chrome interrupting outstanding requests due to
(perceived) network changes.

Updates #3102

Signed-off-by: Mihai Parparita <mihai@tailscale.com>

net/interfaces/interfaces.go

@@ -720,3 +720,25 @@ func DefaultRouteInterface() (string, error) {
 func DefaultRoute() (DefaultRouteDetails, error) {
 	return defaultRoute()
 }
+
+// HasCGNATInterface reports whether there are any non-Tailscale interfaces that
+// use a CGNAT IP range.
+func HasCGNATInterface() (bool, error) {
+	hasCGNATInterface := false
+	cgnatRange := tsaddr.CGNATRange()
+	err := ForeachInterface(func(i Interface, pfxs []netaddr.IPPrefix) {
+		if hasCGNATInterface || !i.IsUp() || isTailscaleInterface(i.Name, pfxs) {
+			return
+		}
+		for _, pfx := range pfxs {
+			if cgnatRange.Overlaps(pfx) {
+				hasCGNATInterface = true
+				break
+			}
+		}
+	})
+	if err != nil {
+		return false, err
+	}
+	return hasCGNATInterface, nil
+}