more

ethanndickson · ethanndickson · commit 3676969baeef · 2025-07-21T15:15:11.000+10:00
diff --git a/net/interfaces/interfaces.go b/net/interfaces/interfaces.go
@@ -24,7 +24,7 @@ import (
 // which HTTP proxy the system should use.
 var LoginEndpointForProxyDetermination = "https://controlplane.tailscale.com/"
 
-// Tailscale returns the current machine's Tailscale interface, if any.
+// Tailscale returns the current machine's Coder interface, if any.
 // If none is found, all zero values are returned.
 // A non-nil error is only returned on a problem listing the system interfaces.
 func Tailscale() ([]netip.Addr, *net.Interface, error) {
@@ -58,12 +58,10 @@ func Tailscale() ([]netip.Addr, *net.Interface, error) {
 }
 
 // maybeTailscaleInterfaceName reports whether s is an interface
-// name that might be used by Tailscale.
+// name that might be used by Coder.
 func maybeTailscaleInterfaceName(s string) bool {
-	return s == "Tailscale" ||
-		strings.HasPrefix(s, "wg") ||
-		strings.HasPrefix(s, "ts") ||
-		strings.HasPrefix(s, "tailscale") ||
+	return s == "Coder" ||
+		strings.HasPrefix(s, "coder") ||
 		strings.HasPrefix(s, "utun")
 }
 
@@ -496,8 +494,8 @@ func isTailscaleInterface(name string, ips []netip.Prefix) bool {
 		// macOS NetworkExtensions and utun devices.
 		return true
 	}
-	return name == "Tailscale" || // as it is on Windows
-		strings.HasPrefix(name, "tailscale") // TODO: use --tun flag value, etc; see TODO in method doc
+	return name == "Coder" || // as it is on Windows
+		strings.HasPrefix(name, "coder") // TODO: use --tun flag value, etc; see TODO in method doc
 }
 
 // getPAC, if non-nil, returns the current PAC file URL.
diff --git a/net/netmon/netmon_darwin.go b/net/netmon/netmon_darwin.go
@@ -137,6 +137,11 @@ func (m *darwinRouteMon) skipRouteMessage(msg *route.RouteMessage) bool {
 		// dst = fe80::b476:66ff:fe30:c8f6%15
 		return true
 	}
+	if msg.Type == unix.RTM_GET {
+		// Skip RTM_GET messages, which are used to query the routing table
+		// See nets_darwin.go
+		return true
+	}
 	return false
 }
 
diff --git a/net/netns/netns_darwin.go b/net/netns/netns_darwin.go
@@ -54,7 +54,14 @@ func controlLogf(logf logger.Logf, netMon *netmon.Monitor, network, address stri
 		return nil
 	}
 
-	return bindConnToInterface(c, network, address, idx, logf)
+	// Verify that we didn't just choose the Coder interface.
+	_, tsif, err2 := interfaces.Tailscale()
+	if err2 == nil && tsif != nil && tsif.Index == idx {
+		return fmt.Errorf("netns_darwin: refusing bind to Coder interface %q (index %d) for address %q", tsif.Name, tsif.Index, address)
+	}
+
+	// Let the OS decide
+	return nil
 }
 
 func getInterfaceIndex(logf logger.Logf, netMon *netmon.Monitor, address string) (int, error) {
@@ -98,7 +105,8 @@ func getInterfaceIndex(logf logger.Logf, netMon *netmon.Monitor, address string)
 	// If the address doesn't parse, use the default index.
 	addr, err := netip.ParseAddr(host)
 	if err != nil {
-		logf("[unexpected] netns: error parsing address %q: %v", host, err)
+		// Log removed to prevent noise when the address is `:0`
+		// logf("[unexpected] netns: error parsing address %q: %v", host, err)
 		return defaultIdx()
 	}
 
@@ -108,14 +116,6 @@ func getInterfaceIndex(logf logger.Logf, netMon *netmon.Monitor, address string)
 		return defaultIdx()
 	}
 
-	// Verify that we didn't just choose the Tailscale interface;
-	// if so, we fall back to binding from the default.
-	_, tsif, err2 := interfaces.Tailscale()
-	if err2 == nil && tsif != nil && tsif.Index == idx {
-		logf("[unexpected] netns: interfaceIndexFor returned Tailscale interface")
-		return defaultIdx()
-	}
-
 	return idx, err
 }
 
diff --git a/net/tsaddr/tsaddr.go b/net/tsaddr/tsaddr.go
@@ -78,9 +78,6 @@ const (
 // IsTailscaleIP reports whether ip is an IP address in a range that
 // Coder assigns from.
 func IsTailscaleIP(ip netip.Addr) bool {
-	if ip.Is4() {
-		return CGNATRange().Contains(ip) && !ChromeOSVMRange().Contains(ip)
-	}
 	return TailscaleULARange().Contains(ip)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -137,6 +137,11 @@ func (m darwinRouteMon) skipRouteMessage(msg route.RouteMessage) bool {`
`137`	`137`	`// dst = fe80::b476:66ff:fe30:c8f6%15`
`138`	`138`	`return true`
`139`	`139`	`}`
	`140`	`+ if msg.Type == unix.RTM_GET {`
	`141`	`+ // Skip RTM_GET messages, which are used to query the routing table`
	`142`	`+ // See nets_darwin.go`
	`143`	`+ return true`
	`144`	`+ }`
`140`	`145`	`return false`
`141`	`146`	`}`
`142`	`147`
Original file line number	Diff line number	Diff line change
`@@ -78,9 +78,6 @@ const (`
`78`	`78`	`// IsTailscaleIP reports whether ip is an IP address in a range that`
`79`	`79`	`// Coder assigns from.`
`80`	`80`	`func IsTailscaleIP(ip netip.Addr) bool {`
`81`		`- if ip.Is4() {`
`82`		`- return CGNATRange().Contains(ip) && !ChromeOSVMRange().Contains(ip)`
`83`		`- }`
`84`	`81`	`return TailscaleULARange().Contains(ip)`
`85`	`82`	`}`
`86`	`83`