net/dns/resolver: fix UDP socket protection on android for non-tailscale resolvers

2026-06-03 21:01:54 +08:00 · 2026-05-28 15:02:26 -07:00 · 2026-05-28 15:02:26 -07:00 · ffdbe11013
commit ffdbe11013
parent 2eb45c2457
1 changed files with 11 additions and 3 deletions
--- a/net/dns/resolver/forwarder.go
+++ b/net/dns/resolver/forwarder.go
@ -35,6 +35,7 @@
 	"tailscale.com/net/dnscache"
 	"tailscale.com/net/neterror"
 	"tailscale.com/net/netmon"
+	"tailscale.com/net/netns"
 	"tailscale.com/net/netx"
 	"tailscale.com/net/sockstats"
 	"tailscale.com/net/tsdial"
@ -498,11 +499,18 @@ func (f *forwarder) setRoutes(routesBySuffix map[dnsname.FQDN][]*dnstype.Resolve
 var stdNetPacketListener nettype.PacketListenerWithNetIP = nettype.MakePacketListenerWithNetIP(new(net.ListenConfig))

 func (f *forwarder) packetListener(ip netip.Addr) (nettype.PacketListenerWithNetIP, error) {
-	if f.linkSel == nil || initListenConfig == nil {
+	var linkName string
+	if f.linkSel != nil {
+		linkName = f.linkSel.PickLink(ip)
+	}
+	if linkName == "" {
+		if runtime.GOOS == "android" {
+			f.logf("packetListener: using netns.Listener for %v", ip)
+			return nettype.MakePacketListenerWithNetIP(netns.Listener(f.logf, f.netMon)), nil
+		}
 		return stdNetPacketListener, nil
 	}
-	linkName := f.linkSel.PickLink(ip)
-	if linkName == "" {
+	if initListenConfig == nil {
 		return stdNetPacketListener, nil
 	}
 	lc := new(net.ListenConfig)