Merge e5d6093ded into f36eb81e61

3 days ago · d91cea6e1d
parent f36eb81e61 e5d6093ded
commit d91cea6e1d
1 changed files with 22 additions and 2 deletions
--- a/net/netmon/state.go
+++ b/net/netmon/state.go
@ -28,6 +28,10 @@ import (
 // same interface and subnet.
 var forceAllIPv6Endpoints = envknob.RegisterBool("TS_DEBUG_FORCE_ALL_IPV6_ENDPOINTS")

+// suppressInterfaces is a debug knob containing a list of interface names that should not be advertised as endpoints.
+// Traffic may still flow over these interfaces if system routing makes the decision to do so.
+var excludeInterfaces = envknob.RegisterString("TS_DEBUG_EXCLUDE_INTERFACES")
+
 // LoginEndpointForProxyDetermination is the URL used for testing
 // which HTTP proxy the system should use.
 var LoginEndpointForProxyDetermination = "https://controlplane.tailscale.com/"
@ -47,6 +51,22 @@ func isProblematicInterface(nif *net.Interface) bool {
 	return false
 }

+func isExcludedInterface(nif *net.Interface) bool {
+	if nif == nil {
+		return false
+	}
+
+	remain := excludeInterfaces()
+	for remain != "" {
+		var candidate string
+		candidate, remain, _ = strings.Cut(remain, ",")
+		if strings.TrimSpace(candidate) == nif.Name {
+			return true
+		}
+	}
+	return false
+}
+
 // LocalAddresses returns the machine's IP addresses, separated by
 // whether they're loopback addresses. If there are no regular addresses
 // it will return any IPv4 linklocal or IPv6 unique local addresses because we
@ -60,9 +80,9 @@ func LocalAddresses() (regular, loopback []netip.Addr, err error) {
 	var regular4, regular6, linklocal4, ula6 []netip.Addr
 	for _, iface := range ifaces {
 		stdIf := iface.Interface
-		if !isUp(stdIf) || isProblematicInterface(stdIf) {
+		if !isUp(stdIf) || isProblematicInterface(stdIf) || isExcludedInterface(stdIf) {
 			// Skip down interfaces and ones that are
-			// problematic that we don't want to try to
+			// problematic or that we don't want to try to
 			// send Tailscale traffic over.
 			continue
 		}