From 599e84f19471ba7d6e55940aaa171891bfde6548 Mon Sep 17 00:00:00 2001 From: Cezar Craciunoiu Date: Wed, 8 Jan 2025 16:43:54 +0200 Subject: [PATCH 1/2] net/netmon: Do not iterate over problematic interfaces Iterating interfaces happens unrelated to the previous problematic interface check. Check here also to save time on initialization. Updates #1552 Signed-off-by: Cezar Craciunoiu --- net/netmon/state.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netmon/state.go b/net/netmon/state.go index d9b360f5e..c1a995027 100644 --- a/net/netmon/state.go +++ b/net/netmon/state.go @@ -188,6 +188,9 @@ func ForeachInterface(fn func(Interface, []netip.Prefix)) error { // the interface, and Bits are the subnet mask. func (ifaces InterfaceList) ForeachInterface(fn func(Interface, []netip.Prefix)) error { for _, iface := range ifaces { + if isProblematicInterface(iface.Interface) { + continue + } addrs, err := iface.Addrs() if err != nil { return err From bc5bb1d64c5b8019c8a74b351c97f9b0da424ff1 Mon Sep 17 00:00:00 2001 From: Cezar Craciunoiu Date: Wed, 8 Jan 2025 16:48:11 +0200 Subject: [PATCH 2/2] net/netmon: Allow excluding custom interfaces Providing a regex env variable ensures that any other specific interface that interferes with tailscale can be disabled on startup. Updates: #1552 Signed-off-by: Cezar Craciunoiu --- net/netmon/state.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/netmon/state.go b/net/netmon/state.go index c1a995027..9da1d2b12 100644 --- a/net/netmon/state.go +++ b/net/netmon/state.go @@ -9,6 +9,8 @@ import ( "net" "net/http" "net/netip" + "os" + "regexp" "runtime" "slices" "sort" @@ -30,6 +32,13 @@ func isLoopback(nif *net.Interface) bool { return nif.Flags&net.FlagLoopback != func isProblematicInterface(nif *net.Interface) bool { name := nif.Name + + if regex := os.Getenv("TS_NETMON_IGNORE"); regex != "" { + if match, _ := regexp.MatchString(regex, name); match { + return true + } + } + // Don't try to send disco/etc packets over zerotier; they effectively // DoS each other by doing traffic amplification, both of them // preferring/trying to use each other for transport. See: