diff options
| author | Jonathan Nobels <jonathan@tailscale.com> | 2025-04-02 12:21:59 -0400 |
|---|---|---|
| committer | Jonathan Nobels <jonathan@tailscale.com> | 2025-04-07 12:02:15 -0400 |
| commit | bb04a36c1d5082c89794d11be6e006398695b39b (patch) | |
| tree | dba49df9c5ac0b8f2cb2dc5f5c9aad147a7600bd /net/netns | |
| parent | 6d117d64a256234372f2bb177392b987aa1758af (diff) | |
| download | tailscale-jonathan/dns_loopback.tar.xz tailscale-jonathan/dns_loopback.zip | |
net/netns, version: enable interface binding for loopback addrs on sandboxed macosjonathan/dns_loopback
fixes tailscale/corp#27506
The bootstrapDNS code is unable to resolve log and derp endpoints when if the forward
dns is a local loopback addr while the tunnel is running.
Sandboxed macos requires that we bind to loopback addresses explicitly. tailscaled on mac must not.
Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
Diffstat (limited to 'net/netns')
| -rw-r--r-- | net/netns/netns_darwin.go | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netns/netns_darwin.go b/net/netns/netns_darwin.go index ac5e89d76..794b9b864 100644 --- a/net/netns/netns_darwin.go +++ b/net/netns/netns_darwin.go @@ -21,6 +21,7 @@ import ( "tailscale.com/net/netmon" "tailscale.com/net/tsaddr" "tailscale.com/types/logger" + "tailscale.com/version" ) func control(logf logger.Logf, netMon *netmon.Monitor) func(network, address string, c syscall.RawConn) error { @@ -38,8 +39,9 @@ var errInterfaceStateInvalid = errors.New("interface state invalid") // It's intentionally the same signature as net.Dialer.Control // and net.ListenConfig.Control. func controlLogf(logf logger.Logf, netMon *netmon.Monitor, network, address string, c syscall.RawConn) error { - if isLocalhost(address) { - // Don't bind to an interface for localhost connections. + // Don't bind to an interface for localhost connections for tailscaled. We must still bind for + // the network extension variants. + if version.IsMacOSTailscaled() && isLocalhost(address) { return nil } |