From 179980e85edf398948ebdbcec60856e00057ebe7 Mon Sep 17 00:00:00 2001
From: Josh Bleecher Snyder <josh@tailscale.com>
Date: Tue, 15 Mar 2022 12:51:49 -0700
Subject: [PATCH] [tailscale] net: add TS_PANIC_ON_TEST_LISTEN_UNSPEC env to
 panic on unspecified addr listens

For debugging Mac firewall dialog boxes blocking+failing tests.

Change-Id: Ic1a0cd51de7fe553de1c1c9333fa1cc75b8490f2
(cherry picked from commit cd7323c47e65e19e4cb3d18274090a9d2ed49ecd)
(cherry picked from commit 8c9eff4f8b3c32e386cfb2c2d74751904e7b429b)
---
 src/net/tcpsock_posix.go | 24 +++++++++++++++++++++++-
 src/net/udpsock_posix.go |  6 +++++-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/src/net/tcpsock_posix.go b/src/net/tcpsock_posix.go
index 7bca8dca555fc..9dce64c6476cc 100644
--- a/src/net/tcpsock_posix.go
+++ b/src/net/tcpsock_posix.go
@@ -175,12 +175,34 @@ func (ln *TCPListener) file() (*os.File, error) {
 	return f, nil
 }
 
+// Tailscale addition: if TS_PANIC_ON_TEST_LISTEN_UNSPEC is set, panic
+// if a listen tries to listen on all interfaces (for debugging Mac
+// firewall dialogs in tests).
+func panicOnUnspecListen(ip IP) bool {
+	if ip != nil && !ip.IsUnspecified() {
+		return false
+	}
+	v := os.Getenv("TS_PANIC_ON_TEST_LISTEN_UNSPEC")
+	if v == "" {
+		return false
+	}
+	switch v[0] {
+	case 't', 'T', '1':
+		return true
+	}
+	return false
+}
+
 func (sl *sysListener) listenTCP(ctx context.Context, laddr *TCPAddr) (*TCPListener, error) {
 	return sl.listenTCPProto(ctx, laddr, 0)
 }
 
 func (sl *sysListener) listenTCPProto(ctx context.Context, laddr *TCPAddr, proto int) (*TCPListener, error) {
-	var ctrlCtxFn func(ctx context.Context, network, address string, c syscall.RawConn) error
+	if panicOnUnspecListen(laddr.IP) {
+		panic("tailscale: can't listen on unspecified address in test")
+	}
+
+	var ctrlCtxFn func(cxt context.Context, network, address string, c syscall.RawConn) error
 	if sl.ListenConfig.Control != nil {
 		ctrlCtxFn = func(ctx context.Context, network, address string, c syscall.RawConn) error {
 			return sl.ListenConfig.Control(network, address, c)
diff --git a/src/net/udpsock_posix.go b/src/net/udpsock_posix.go
index 3cd1d0a762416..c3ddd97afe548 100644
--- a/src/net/udpsock_posix.go
+++ b/src/net/udpsock_posix.go
@@ -217,7 +217,11 @@ func (sd *sysDialer) dialUDP(ctx context.Context, laddr, raddr *UDPAddr) (*UDPCo
 }
 
 func (sl *sysListener) listenUDP(ctx context.Context, laddr *UDPAddr) (*UDPConn, error) {
-	var ctrlCtxFn func(ctx context.Context, network, address string, c syscall.RawConn) error
+	if panicOnUnspecListen(laddr.IP) {
+		panic("tailscale: can't listen on unspecified address in test")
+	}
+
+	var ctrlCtxFn func(cxt context.Context, network, address string, c syscall.RawConn) error
 	if sl.ListenConfig.Control != nil {
 		ctrlCtxFn = func(ctx context.Context, network, address string, c syscall.RawConn) error {
 			return sl.ListenConfig.Control(network, address, c)