mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-01 22:15:51 +00:00
5114df415e
This allows tailscaled's own traffic to bypass Tailscale-managed routes, so that things like tailscale-provided default routes don't break tailscaled itself. Progress on #144. Signed-off-by: David Anderson <danderson@tailscale.com>
42 lines
1.3 KiB
Go
42 lines
1.3 KiB
Go
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// Package netns contains the common code for using the Go net package
|
|
// in a logical "network namespace" to avoid routing loops where
|
|
// Tailscale-created packets would otherwise loop back through
|
|
// Tailscale routes.
|
|
//
|
|
// Despite the name netns, the exact mechanism used differs by
|
|
// operating system, and perhaps even by version of the OS.
|
|
package netns
|
|
|
|
import (
|
|
"net"
|
|
|
|
"tailscale.com/syncs"
|
|
)
|
|
|
|
var skipPrivileged syncs.AtomicBool
|
|
|
|
// Listener returns a new net.Listener with its Control hook func
|
|
// initialized as necessary to run in logical network namespace that
|
|
// doesn't route back into Tailscale.
|
|
func Listener() *net.ListenConfig {
|
|
return &net.ListenConfig{Control: control}
|
|
}
|
|
|
|
// Dialer returns a new net.Dialer with its Control hook func
|
|
// initialized as necessary to run in a logical network namespace that
|
|
// doesn't route back into Tailscale.
|
|
func Dialer() *net.Dialer {
|
|
return &net.Dialer{Control: control}
|
|
}
|
|
|
|
// TestOnlySkipPrivilegedOps disables any behavior in this package
|
|
// that requires root or other elevated privileges. It's used only in
|
|
// tests, and using it definitely breaks some Tailscale functionality.
|
|
func TestOnlySkipPrivilegedOps() {
|
|
skipPrivileged.Set(true)
|
|
}
|