From 81bc4992f22a078b72f81876c4100be7dd9f2734 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Sat, 10 Sep 2022 17:46:09 -0700
Subject: [PATCH] net/netns: add TS_FORCE_LINUX_BIND_TO_DEVICE for Linux

For debugging a macOS-specific magicsock issue. macOS runs in
bind-to-interface mode always. This lets me force Linux into the same
mode as macOS, even if the Linux kernel supports SO_MARK, as it
usually does.

Updates #2331 etc

Change-Id: Iac9e4a7429c1781337e716ffc914443b7aa2869d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 net/netns/netns_linux.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/netns/netns_linux.go b/net/netns/netns_linux.go
index 4434c5ddd..ec13e389e 100644
--- a/net/netns/netns_linux.go
+++ b/net/netns/netns_linux.go
@@ -15,6 +15,7 @@ import (
 	"syscall"
 
 	"golang.org/x/sys/unix"
+	"tailscale.com/envknob"
 	"tailscale.com/net/interfaces"
 	"tailscale.com/types/logger"
 )
@@ -62,9 +63,14 @@ func socketMarkWorks() bool {
 	return true
 }
 
+var forceBindToDevice = envknob.Bool("TS_FORCE_LINUX_BIND_TO_DEVICE")
+
 // useSocketMark reports whether SO_MARK works.
 // If it doesn't, we have to use SO_BINDTODEVICE on our sockets instead.
 func useSocketMark() bool {
+	if forceBindToDevice {
+		return false
+	}
 	socketMarkWorksOnce.Do(func() {
 		socketMarkWorksOnce.v = socketMarkWorks()
 	})