health: introduce captive-portal-detected Warnable (#12707)

Updates tailscale/tailscale#1634 This PR introduces a new `captive-portal-detected` Warnable which is set to an unhealthy state whenever a captive portal is detected on the local network, preventing Tailscale from connecting. ipn/ipnlocal: fix captive portal loop shutdown Change-Id: I7cafdbce68463a16260091bcec1741501a070c95 net/captivedetection: fix mutex misuse ipn/ipnlocal: ensure that we don't fail to start the timer Change-Id: I3e43fb19264d793e8707c5031c0898e48e3e7465 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
2024-07-26 11:25:55 -07:00
parent cf97cff33b
commit 90be06bd5b
15 changed files with 750 additions and 154 deletions
--- a/net/captivedetection/rawconn_apple.go
+++ b/net/captivedetection/rawconn_apple.go
@ -0,0 +1,24 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build ios || darwin
+
+package captivedetection
+
+import (
+	"syscall"
+
+	"golang.org/x/sys/unix"
+	"tailscale.com/types/logger"
+)
+
+// setSocketInterfaceIndex sets the IP_BOUND_IF socket option on the given RawConn.
+// This forces the socket to use the given interface.
+func setSocketInterfaceIndex(c syscall.RawConn, ifIndex int, logf logger.Logf) error {
+	return c.Control((func(fd uintptr) {
+		err := unix.SetsockoptInt(int(fd), unix.IPPROTO_IP, unix.IP_BOUND_IF, ifIndex)
+		if err != nil {
+			logf("captivedetection: failed to set IP_BOUND_IF (ifIndex=%d): %v", ifIndex, err)
+		}
+	}))
+}