Skip to content

feat: support OS DNS configurator & Router on darwin #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ethanndickson wants to merge 2 commits into from
Closed

feat: support OS DNS configurator & Router on darwin #87

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4ffa6d7
feat: support OS DNS configurator & Router on darwin:
ethanndickson Jul 17, 2025
3676969
more
ethanndickson Jul 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions net/dns/manager_darwin.go
View file
Open in desktop
Copy link
Member Author

@ethanndickson ethanndickson Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we drop the network extension, we're going to start informing the OS of the magicDNS server by modifying /etc/resolvers

Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ func (c *darwinConfigurator) SetDNS(cfg OSConfig) error {
// Add a dummy file to /etc/resolver with a "search ..." directive if we have
// search suffixes to add.
if len(cfg.SearchDomains) > 0 {
Copy link
Member Author

@ethanndickson ethanndickson Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't currently use search domains.

const searchFile = "search.tailscale" // fake DNS suffix+TLD to put our search
const searchFile = "search.coder" // fake DNS suffix+TLD to put our search
mak.Set(&keep, searchFile, true)
var sbuf bytes.Buffer
sbuf.WriteString(macResolverFileHeader)
Expand Down Expand Up @@ -86,7 +86,7 @@ func (c *darwinConfigurator) GetBaseConfig() (OSConfig, error) {
return OSConfig{}, ErrGetBaseConfigNotSupported
}

const macResolverFileHeader = "# Added by tailscaled\n"
const macResolverFileHeader = "# Added by Coder Desktop\n"

// removeResolverFiles deletes all files in /etc/resolver for which the shouldDelete
// func returns true.
Expand Down
32 changes: 12 additions & 20 deletions net/tsaddr/tsaddr.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,10 @@ const (
CoderServiceIPv6String = "fd60:627a:a42b::53"
)

// These are all unfortunately Coder IP ranges, not Tailscale IP ranges.
Copy link
Member Author

@ethanndickson ethanndickson Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dean suggested not renaming to minimize the diff.


// IsTailscaleIP reports whether ip is an IP address in a range that
// Tailscale assigns from.
// Coder assigns from.
func IsTailscaleIP(ip netip.Addr) bool {
if ip.Is4() {
return CGNATRange().Contains(ip) && !ChromeOSVMRange().Contains(ip)
Expand All @@ -83,38 +85,28 @@ func IsTailscaleIP(ip netip.Addr) bool {
}

// TailscaleULARange returns the IPv6 Unique Local Address range that
// is the superset range that Tailscale assigns out of.
// is the superset range that Coder assigns out of.
func TailscaleULARange() netip.Prefix {
tsUlaRange.Do(func() { mustPrefix(&tsUlaRange.v, "fd7a:115c:a1e0::/48") })
tsUlaRange.Do(func() { mustPrefix(&tsUlaRange.v, "fd60:627a:a42b::/48") })
return tsUlaRange.v
}
Comment on lines 86 to 89
Copy link
Member Author

@ethanndickson ethanndickson Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is to address:

tailscale/wgengine/router/router_userspace_bsd.go

Lines 143 to 151 in f14d20d

newRoutes := make(map[netip.Prefix]bool)
for _, route := range cfg.Routes {
if runtime.GOOS != "darwin" && route == tsaddr.TailscaleULARange() {
// Because we added the interface address as a /48 above,
// the kernel already created the Tailscale ULA route
// implicitly. We mustn't try to add/delete it ourselves.
continue
}
newRoutes[route] = true


// TailscaleViaRange returns the IPv6 Unique Local Address subset range
// TailscaleULARange that's used for IPv4 tunneling via IPv6.
// Unused by Coder
func TailscaleViaRange() netip.Prefix {
// Mnemonic: "b1a" sounds like "via".
tsViaRange.Do(func() { mustPrefix(&tsViaRange.v, "fd7a:115c:a1e0:b1a::/64") })
tsViaRange.Do(func() { mustPrefix(&tsViaRange.v, "fd60:627a:a42b::/128") })
return tsViaRange.v
}

// Tailscale4To6Range returns the subset of TailscaleULARange used for
// auto-translated Tailscale ipv4 addresses.
// Unused by Coder
func Tailscale4To6Range() netip.Prefix {
// This IP range has no significance, beyond being a subset of
// TailscaleULARange. The bits from /48 to /104 were picked at
// random.
ula4To6Range.Do(func() { mustPrefix(&ula4To6Range.v, "fd7a:115c:a1e0:ab12:4843:cd96:6200::/104") })
// This needs to be a /104 prefix, so it can fit IPv4 addresses
ula4To6Range.Do(func() { mustPrefix(&ula4To6Range.v, "fd60:627a:a42b::/104") })
return ula4To6Range.v
}

// TailscaleEphemeral6Range returns the subset of TailscaleULARange
// used for ephemeral IPv6-only Tailscale nodes.
// Unused by Coder
func TailscaleEphemeral6Range() netip.Prefix {
// This IP range has no significance, beyond being a subset of
// TailscaleULARange. The bits from /48 to /64 were picked at
// random, with the only criterion being to not be the conflict
// with the Tailscale4To6Range above.
ulaEph6Range.Do(func() { mustPrefix(&ulaEph6Range.v, "fd7a:115c:a1e0:efe3::/64") })
ulaEph6Range.Do(func() { mustPrefix(&ulaEph6Range.v, "fd60:627a:a42b::/128") })
return ulaEph6Range.v
}

Expand Down
3 changes: 2 additions & 1 deletion wgengine/magicsock/endpoint.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"tailscale.com/disco"
"tailscale.com/ipn/ipnstate"
"tailscale.com/net/stun"
"tailscale.com/net/tsaddr"
"tailscale.com/tailcfg"
"tailscale.com/tstime/mono"
"tailscale.com/types/key"
Expand Down Expand Up @@ -1064,7 +1065,7 @@ func (de *endpoint) handleCallMeMaybe(m *disco.CallMeMaybe) {
}
var newEPs []netip.AddrPort
for _, ep := range m.MyNumber {
if ep.Addr().Is6() && ep.Addr().IsLinkLocalUnicast() {
if (ep.Addr().Is6() && ep.Addr().IsLinkLocalUnicast()) || tsaddr.IsTailscaleIP(ep.Addr()) {
Copy link
Member Author

@ethanndickson ethanndickson Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is so we don't discover Coder tailnet IPs as peer endpoints.

// We send these out, but ignore them for now.
// TODO: teach the ping code to ping on all interfaces
// for these.
Expand Down
Loading