diff --git a/cmd/tailscaled/tailscaled.go b/cmd/tailscaled/tailscaled.go index 9d0db3f1b..7af0f1678 100644 --- a/cmd/tailscaled/tailscaled.go +++ b/cmd/tailscaled/tailscaled.go @@ -32,6 +32,7 @@ import ( "tailscale.com/ipn/ipnserver" "tailscale.com/logpolicy" "tailscale.com/net/dns" + "tailscale.com/net/netns" "tailscale.com/net/socks5/tssocks" "tailscale.com/net/tstun" "tailscale.com/paths" @@ -296,6 +297,9 @@ func run() error { logf("wgengine.New: %v", err) return err } + if useNetstack { + netns.Disable() + } var ns *netstack.Impl if useNetstack || wrapNetstack { diff --git a/net/netns/netns.go b/net/netns/netns.go index d9490bf8d..ff448fd8d 100644 --- a/net/netns/netns.go +++ b/net/netns/netns.go @@ -19,12 +19,23 @@ import ( "net" "inet.af/netaddr" + "tailscale.com/syncs" ) +var disabled syncs.AtomicBool + +// Disable disables netns for the process. +func Disable() { + disabled.Set(true) +} + // Listener returns a new net.Listener with its Control hook func // initialized as necessary to run in logical network namespace that // doesn't route back into Tailscale. func Listener() *net.ListenConfig { + if disabled.Get() { + return new(net.ListenConfig) + } return &net.ListenConfig{Control: control} } @@ -41,6 +52,9 @@ func NewDialer() Dialer { // handles using a SOCKS if configured in the environment with // ALL_PROXY. func FromDialer(d *net.Dialer) Dialer { + if disabled.Get() { + return d + } d.Control = control if wrapDialer != nil { return wrapDialer(d) diff --git a/tstest/integration/tailscaled_deps_test_darwin.go b/tstest/integration/tailscaled_deps_test_darwin.go index 41585b78d..32b389388 100644 --- a/tstest/integration/tailscaled_deps_test_darwin.go +++ b/tstest/integration/tailscaled_deps_test_darwin.go @@ -43,6 +43,7 @@ import ( _ "tailscale.com/logpolicy" _ "tailscale.com/net/dns" _ "tailscale.com/net/interfaces" + _ "tailscale.com/net/netns" _ "tailscale.com/net/portmapper" _ "tailscale.com/net/socks5/tssocks" _ "tailscale.com/net/tshttpproxy" diff --git a/tstest/integration/tailscaled_deps_test_freebsd.go b/tstest/integration/tailscaled_deps_test_freebsd.go index 6e7d939d5..d76d91ed6 100644 --- a/tstest/integration/tailscaled_deps_test_freebsd.go +++ b/tstest/integration/tailscaled_deps_test_freebsd.go @@ -41,6 +41,7 @@ import ( _ "tailscale.com/logpolicy" _ "tailscale.com/net/dns" _ "tailscale.com/net/interfaces" + _ "tailscale.com/net/netns" _ "tailscale.com/net/portmapper" _ "tailscale.com/net/socks5/tssocks" _ "tailscale.com/net/tshttpproxy" diff --git a/tstest/integration/tailscaled_deps_test_linux.go b/tstest/integration/tailscaled_deps_test_linux.go index 6e7d939d5..d76d91ed6 100644 --- a/tstest/integration/tailscaled_deps_test_linux.go +++ b/tstest/integration/tailscaled_deps_test_linux.go @@ -41,6 +41,7 @@ import ( _ "tailscale.com/logpolicy" _ "tailscale.com/net/dns" _ "tailscale.com/net/interfaces" + _ "tailscale.com/net/netns" _ "tailscale.com/net/portmapper" _ "tailscale.com/net/socks5/tssocks" _ "tailscale.com/net/tshttpproxy" diff --git a/tstest/integration/tailscaled_deps_test_openbsd.go b/tstest/integration/tailscaled_deps_test_openbsd.go index 6e7d939d5..d76d91ed6 100644 --- a/tstest/integration/tailscaled_deps_test_openbsd.go +++ b/tstest/integration/tailscaled_deps_test_openbsd.go @@ -41,6 +41,7 @@ import ( _ "tailscale.com/logpolicy" _ "tailscale.com/net/dns" _ "tailscale.com/net/interfaces" + _ "tailscale.com/net/netns" _ "tailscale.com/net/portmapper" _ "tailscale.com/net/socks5/tssocks" _ "tailscale.com/net/tshttpproxy" diff --git a/tstest/integration/tailscaled_deps_test_windows.go b/tstest/integration/tailscaled_deps_test_windows.go index 6db88d2da..3d3cf7317 100644 --- a/tstest/integration/tailscaled_deps_test_windows.go +++ b/tstest/integration/tailscaled_deps_test_windows.go @@ -45,6 +45,7 @@ import ( _ "tailscale.com/logtail/backoff" _ "tailscale.com/net/dns" _ "tailscale.com/net/interfaces" + _ "tailscale.com/net/netns" _ "tailscale.com/net/portmapper" _ "tailscale.com/net/socks5/tssocks" _ "tailscale.com/net/tshttpproxy"