net/netns: set the bypass socket mark on linux.

This allows tailscaled's own traffic to bypass Tailscale-managed routes,
so that things like tailscale-provided default routes don't break
tailscaled itself.

Progress on #144.

Signed-off-by: David Anderson <danderson@tailscale.com>

wgengine/router/router_linux.go

@@ -44,6 +44,9 @@ const (
 	tailscaleSubnetRouteMark = "0x10000"
 	// Packet was originated by tailscaled itself, and must not be
 	// routed over the Tailscale network.
+	//
+	// Keep this in sync with tailscaleBypassMark in
+	// net/netns/netns_linux.go.
 	tailscaleBypassMark = "0x20000"
 )