diff --git a/internal/anet/LICENSE b/internal/anet/LICENSE
new file mode 100644
index 0000000000000..256285ce76def
--- /dev/null
+++ b/internal/anet/LICENSE
@@ -0,0 +1,28 @@
+BSD 3-Clause License
+
+Copyright (c) 2023, wlynxg
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/internal/anet/interface.go b/internal/anet/interface.go
new file mode 100644
index 0000000000000..591b706691a81
--- /dev/null
+++ b/internal/anet/interface.go
@@ -0,0 +1,26 @@
+//go:build androidxx
+// +build androidxx
+
+package anet
+
+import (
+	"net"
+)
+
+// Interfaces returns a list of the system's network interfaces.
+func Interfaces() ([]net.Interface, error) {
+	return net.Interfaces()
+}
+
+// InterfaceAddrs returns a list of the system's unicast interface
+// addresses.
+//
+// The returned list does not identify the associated interface; use
+// Interfaces and Interface.Addrs for more detail.
+func InterfaceAddrs() ([]net.Addr, error) {
+	return net.InterfaceAddrs()
+}
+
+func InterfaceAddrTable(i *net.Interface) ([]net.Addr, error) {
+	return i.Addrs()
+}
diff --git a/internal/anet/netlink_androida.go b/internal/anet/netlink_androida.go
new file mode 100644
index 0000000000000..fc0d84d388daf
--- /dev/null
+++ b/internal/anet/netlink_androida.go
@@ -0,0 +1,179 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Netlink sockets and messages
+
+package anet
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Round the length of a netlink message up to align it properly.
+func nlmAlignOf(msglen int) int {
+	return (msglen + syscall.NLMSG_ALIGNTO - 1) & ^(syscall.NLMSG_ALIGNTO - 1)
+}
+
+// Round the length of a netlink route attribute up to align it
+// properly.
+func rtaAlignOf(attrlen int) int {
+	return (attrlen + syscall.RTA_ALIGNTO - 1) & ^(syscall.RTA_ALIGNTO - 1)
+}
+
+// NetlinkRouteRequest represents a request message to receive routing
+// and link states from the kernel.
+type NetlinkRouteRequest struct {
+	Header syscall.NlMsghdr
+	Data   syscall.RtGenmsg
+}
+
+func (rr *NetlinkRouteRequest) toWireFormat() []byte {
+	b := make([]byte, rr.Header.Len)
+	*(*uint32)(unsafe.Pointer(&b[0:4][0])) = rr.Header.Len
+	*(*uint16)(unsafe.Pointer(&b[4:6][0])) = rr.Header.Type
+	*(*uint16)(unsafe.Pointer(&b[6:8][0])) = rr.Header.Flags
+	*(*uint32)(unsafe.Pointer(&b[8:12][0])) = rr.Header.Seq
+	*(*uint32)(unsafe.Pointer(&b[12:16][0])) = rr.Header.Pid
+	b[16] = byte(rr.Data.Family)
+	return b
+}
+
+func newNetlinkRouteRequest(proto, seq, family int) []byte {
+	rr := &NetlinkRouteRequest{}
+	rr.Header.Len = uint32(syscall.NLMSG_HDRLEN + syscall.SizeofRtGenmsg)
+	rr.Header.Type = uint16(proto)
+	rr.Header.Flags = syscall.NLM_F_DUMP | syscall.NLM_F_REQUEST
+	rr.Header.Seq = uint32(seq)
+	rr.Data.Family = uint8(family)
+	return rr.toWireFormat()
+}
+
+// NetlinkRIB returns routing information base, as known as RIB, which
+// consists of network facility information, states and parameters.
+func NetlinkRIB(proto, family int) ([]byte, error) {
+	s, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW|syscall.SOCK_CLOEXEC, syscall.NETLINK_ROUTE)
+	if err != nil {
+		return nil, err
+	}
+	defer syscall.Close(s)
+	sa := &syscall.SockaddrNetlink{Family: syscall.AF_NETLINK}
+
+	wb := newNetlinkRouteRequest(proto, 1, family)
+	if err := syscall.Sendto(s, wb, 0, sa); err != nil {
+		return nil, err
+	}
+	lsa, err := syscall.Getsockname(s)
+	if err != nil {
+		return nil, err
+	}
+	lsanl, ok := lsa.(*syscall.SockaddrNetlink)
+	if !ok {
+		return nil, syscall.EINVAL
+	}
+	var tab []byte
+	rbNew := make([]byte, syscall.Getpagesize())
+done:
+	for {
+		rb := rbNew
+		nr, _, err := syscall.Recvfrom(s, rb, 0)
+		if err != nil {
+			return nil, err
+		}
+		if nr < syscall.NLMSG_HDRLEN {
+			return nil, syscall.EINVAL
+		}
+		rb = rb[:nr]
+		tab = append(tab, rb...)
+		msgs, err := ParseNetlinkMessage(rb)
+		if err != nil {
+			return nil, err
+		}
+		for _, m := range msgs {
+			if m.Header.Seq != 1 || m.Header.Pid != lsanl.Pid {
+				return nil, syscall.EINVAL
+			}
+			if m.Header.Type == syscall.NLMSG_DONE {
+				break done
+			}
+			if m.Header.Type == syscall.NLMSG_ERROR {
+				return nil, syscall.EINVAL
+			}
+		}
+	}
+	return tab, nil
+}
+
+// NetlinkMessage represents a netlink message.
+type NetlinkMessage struct {
+	Header syscall.NlMsghdr
+	Data   []byte
+}
+
+// ParseNetlinkMessage parses b as an array of netlink messages and
+// returns the slice containing the NetlinkMessage structures.
+func ParseNetlinkMessage(b []byte) ([]NetlinkMessage, error) {
+	var msgs []NetlinkMessage
+	for len(b) >= syscall.NLMSG_HDRLEN {
+		h, dbuf, dlen, err := netlinkMessageHeaderAndData(b)
+		if err != nil {
+			return nil, err
+		}
+		m := NetlinkMessage{Header: *h, Data: dbuf[:int(h.Len)-syscall.NLMSG_HDRLEN]}
+		msgs = append(msgs, m)
+		b = b[dlen:]
+	}
+	return msgs, nil
+}
+
+func netlinkMessageHeaderAndData(b []byte) (*syscall.NlMsghdr, []byte, int, error) {
+	h := (*syscall.NlMsghdr)(unsafe.Pointer(&b[0]))
+	l := nlmAlignOf(int(h.Len))
+	if int(h.Len) < syscall.NLMSG_HDRLEN || l > len(b) {
+		return nil, nil, 0, syscall.EINVAL
+	}
+	return h, b[syscall.NLMSG_HDRLEN:], l, nil
+}
+
+// NetlinkRouteAttr represents a netlink route attribute.
+type NetlinkRouteAttr struct {
+	Attr  syscall.RtAttr
+	Value []byte
+}
+
+// ParseNetlinkRouteAttr parses m's payload as an array of netlink
+// route attributes and returns the slice containing the
+// NetlinkRouteAttr structures.
+func ParseNetlinkRouteAttr(m *NetlinkMessage) ([]NetlinkRouteAttr, error) {
+	var b []byte
+	switch m.Header.Type {
+	case syscall.RTM_NEWLINK, syscall.RTM_DELLINK:
+		b = m.Data[syscall.SizeofIfInfomsg:]
+	case syscall.RTM_NEWADDR, syscall.RTM_DELADDR:
+		b = m.Data[syscall.SizeofIfAddrmsg:]
+	case syscall.RTM_NEWROUTE, syscall.RTM_DELROUTE:
+		b = m.Data[syscall.SizeofRtMsg:]
+	default:
+		return nil, syscall.EINVAL
+	}
+	var attrs []NetlinkRouteAttr
+	for len(b) >= syscall.SizeofRtAttr {
+		a, vbuf, alen, err := netlinkRouteAttrAndValue(b)
+		if err != nil {
+			return nil, err
+		}
+		ra := NetlinkRouteAttr{Attr: *a, Value: vbuf[:int(a.Len)-syscall.SizeofRtAttr]}
+		attrs = append(attrs, ra)
+		b = b[alen:]
+	}
+	return attrs, nil
+}
+
+func netlinkRouteAttrAndValue(b []byte) (*syscall.RtAttr, []byte, int, error) {
+	a := (*syscall.RtAttr)(unsafe.Pointer(&b[0]))
+	if int(a.Len) < syscall.SizeofRtAttr || int(a.Len) > len(b) {
+		return nil, nil, 0, syscall.EINVAL
+	}
+	return a, b[syscall.SizeofRtAttr:], rtaAlignOf(int(a.Len)), nil
+}
diff --git a/internal/anet/netlink_androidq.go b/internal/anet/netlink_androidq.go
new file mode 100644
index 0000000000000..aaeaf6fd70797
--- /dev/null
+++ b/internal/anet/netlink_androidq.go
@@ -0,0 +1,292 @@
+package anet
+
+import (
+	"bytes"
+	"errors"
+	"net"
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+var (
+	errNoSuchInterface = errors.New("no such network interface")
+)
+
+type ifReq [40]byte
+
+// Interfaces returns a list of the system's network interfaces.
+func Interfaces() ([]net.Interface, error) {
+	ift, err := interfaceTable(0)
+	if err != nil {
+		return nil, &net.OpError{Op: "route", Net: "ip+net", Source: nil, Addr: nil, Err: err}
+	}
+	// TODO: zoneCache implementation
+	return ift, nil
+}
+
+// InterfaceAddrs returns a list of the system's unicast interface
+// addresses.
+//
+// The returned list does not identify the associated interface; use
+// Interfaces and Interface.Addrs for more detail.
+func InterfaceAddrs() ([]net.Addr, error) {
+	ifat, err := InterfaceAddrTable(nil)
+	if err != nil {
+		err = &net.OpError{Op: "route", Net: "ip+net", Source: nil, Addr: nil, Err: err}
+	}
+	return ifat, err
+}
+
+// If the ifindex is zero, interfaceTable returns mappings of all
+// network interfaces. Otherwise it returns a mapping of a specific
+// interface.
+func interfaceTable(ifindex int) ([]net.Interface, error) {
+	tab, err := NetlinkRIB(syscall.RTM_GETADDR, syscall.AF_UNSPEC)
+	if err != nil {
+		return nil, os.NewSyscallError("netlinkrib", err)
+	}
+	msgs, err := syscall.ParseNetlinkMessage(tab)
+	if err != nil {
+		return nil, os.NewSyscallError("parsenetlinkmessage", err)
+	}
+
+	var ift []net.Interface
+	im := make(map[uint32]struct{})
+loop:
+	for _, m := range msgs {
+		switch m.Header.Type {
+		case syscall.NLMSG_DONE:
+			break loop
+		case syscall.RTM_NEWADDR:
+			ifam := (*syscall.IfAddrmsg)(unsafe.Pointer(&m.Data[0]))
+			if _, ok := im[ifam.Index]; ok {
+				continue
+			} else {
+				im[ifam.Index] = struct{}{}
+			}
+
+			if ifindex == 0 || ifindex == int(ifam.Index) {
+				ifi := newLink(ifam)
+				if ifi != nil {
+					ift = append(ift, *ifi)
+				}
+				if ifindex == int(ifam.Index) {
+					break loop
+				}
+			}
+		}
+	}
+
+	return ift, nil
+}
+
+func newLink(ifam *syscall.IfAddrmsg) *net.Interface {
+	ift := &net.Interface{Index: int(ifam.Index)}
+
+	name, err := indexToName(ifam.Index)
+	if err != nil {
+		return nil
+	}
+	ift.Name = name
+
+	mtu, err := nameToMTU(name)
+	if err != nil {
+		return nil
+	}
+	ift.MTU = mtu
+
+	flags, err := nameToFlags(name)
+	if err != nil {
+		return nil
+	}
+	ift.Flags = flags
+	return ift
+}
+
+func linkFlags(rawFlags uint32) net.Flags {
+	var f net.Flags
+	if rawFlags&syscall.IFF_UP != 0 {
+		f |= net.FlagUp
+	}
+	if rawFlags&syscall.IFF_RUNNING != 0 {
+		f |= net.FlagRunning
+	}
+	if rawFlags&syscall.IFF_BROADCAST != 0 {
+		f |= net.FlagBroadcast
+	}
+	if rawFlags&syscall.IFF_LOOPBACK != 0 {
+		f |= net.FlagLoopback
+	}
+	if rawFlags&syscall.IFF_POINTOPOINT != 0 {
+		f |= net.FlagPointToPoint
+	}
+	if rawFlags&syscall.IFF_MULTICAST != 0 {
+		f |= net.FlagMulticast
+	}
+	return f
+}
+
+// If the ifi is nil, InterfaceAddrTable returns addresses for all
+// network interfaces. Otherwise it returns addresses for a specific
+// interface.
+func InterfaceAddrTable(ifi *net.Interface) ([]net.Addr, error) {
+	tab, err := NetlinkRIB(syscall.RTM_GETADDR, syscall.AF_UNSPEC)
+	if err != nil {
+		return nil, os.NewSyscallError("netlinkrib", err)
+	}
+	msgs, err := syscall.ParseNetlinkMessage(tab)
+	if err != nil {
+		return nil, os.NewSyscallError("parsenetlinkmessage", err)
+	}
+
+	var ift []net.Interface
+	if ifi == nil {
+		var err error
+		ift, err = interfaceTable(0)
+		if err != nil {
+			return nil, err
+		}
+	}
+	ifat, err := addrTable(ift, ifi, msgs)
+	if err != nil {
+		return nil, err
+	}
+	return ifat, nil
+}
+
+func addrTable(ift []net.Interface, ifi *net.Interface, msgs []syscall.NetlinkMessage) ([]net.Addr, error) {
+	var ifat []net.Addr
+loop:
+	for _, m := range msgs {
+		switch m.Header.Type {
+		case syscall.NLMSG_DONE:
+			break loop
+		case syscall.RTM_NEWADDR:
+			ifam := (*syscall.IfAddrmsg)(unsafe.Pointer(&m.Data[0]))
+			if len(ift) != 0 || ifi.Index == int(ifam.Index) {
+				if len(ift) != 0 {
+					var err error
+					ifi, err = interfaceByIndex(ift, int(ifam.Index))
+					if err != nil {
+						return nil, err
+					}
+				}
+				attrs, err := syscall.ParseNetlinkRouteAttr(&m)
+				if err != nil {
+					return nil, os.NewSyscallError("parsenetlinkrouteattr", err)
+				}
+				ifa := newAddr(ifam, attrs)
+				if ifa != nil {
+					ifat = append(ifat, ifa)
+				}
+			}
+		}
+	}
+	return ifat, nil
+}
+
+func newAddr(ifam *syscall.IfAddrmsg, attrs []syscall.NetlinkRouteAttr) net.Addr {
+	var ipPointToPoint bool
+	// Seems like we need to make sure whether the IP interface
+	// stack consists of IP point-to-point numbered or unnumbered
+	// addressing.
+	for _, a := range attrs {
+		if a.Attr.Type == syscall.IFA_LOCAL {
+			ipPointToPoint = true
+			break
+		}
+	}
+	for _, a := range attrs {
+		if ipPointToPoint && a.Attr.Type == syscall.IFA_ADDRESS {
+			continue
+		}
+		switch ifam.Family {
+		case syscall.AF_INET:
+			return &net.IPNet{IP: net.IPv4(a.Value[0], a.Value[1], a.Value[2], a.Value[3]), Mask: net.CIDRMask(int(ifam.Prefixlen), 8*net.IPv4len)}
+		case syscall.AF_INET6:
+			ifa := &net.IPNet{IP: make(net.IP, net.IPv6len), Mask: net.CIDRMask(int(ifam.Prefixlen), 8*net.IPv6len)}
+			copy(ifa.IP, a.Value[:])
+			return ifa
+		}
+	}
+	return nil
+}
+
+func interfaceByIndex(ift []net.Interface, index int) (*net.Interface, error) {
+	for _, ifi := range ift {
+		if index == ifi.Index {
+			return &ifi, nil
+		}
+	}
+	return nil, errNoSuchInterface
+}
+
+func ioctl(fd int, req uint, arg unsafe.Pointer) error {
+	_, _, e1 := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		return e1
+	}
+	return nil
+}
+
+func indexToName(index uint32) (string, error) {
+	fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_DGRAM|syscall.SOCK_CLOEXEC, 0)
+	if err != nil {
+		return "", err
+	}
+	defer syscall.Close(fd)
+
+	var ifr ifReq
+	*(*uint32)(unsafe.Pointer(&ifr[syscall.IFNAMSIZ])) = index
+	err = ioctl(fd, syscall.SIOCGIFNAME, unsafe.Pointer(&ifr[0]))
+	if err != nil {
+		return "", err
+	}
+
+	return string(bytes.Trim(ifr[:syscall.IFNAMSIZ], "\x00")), nil
+}
+
+func nameToMTU(name string) (int, error) {
+	// Leave room for terminating NULL byte.
+	if len(name) >= syscall.IFNAMSIZ {
+		return -1, syscall.EINVAL
+	}
+
+	fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_DGRAM|syscall.SOCK_CLOEXEC, 0)
+	if err != nil {
+		return -1, err
+	}
+	defer syscall.Close(fd)
+
+	var ifr ifReq
+	copy(ifr[:], name)
+	err = ioctl(fd, syscall.SIOCGIFMTU, unsafe.Pointer(&ifr[0]))
+	if err != nil {
+		return -1, err
+	}
+
+	return int(*(*int32)(unsafe.Pointer(&ifr[syscall.IFNAMSIZ]))), nil
+}
+
+func nameToFlags(name string) (net.Flags, error) {
+	// Leave room for terminating NULL byte.
+	if len(name) >= syscall.IFNAMSIZ {
+		return 0, syscall.EINVAL
+	}
+
+	fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_DGRAM|syscall.SOCK_CLOEXEC, 0)
+	if err != nil {
+		return 0, err
+	}
+	defer syscall.Close(fd)
+
+	var ifr ifReq
+	copy(ifr[:], name)
+	err = ioctl(fd, syscall.SIOCGIFFLAGS, unsafe.Pointer(&ifr[0]))
+	if err != nil {
+		return 0, err
+	}
+
+	return linkFlags(*(*uint32)(unsafe.Pointer(&ifr[syscall.IFNAMSIZ]))), nil
+}
diff --git a/net/netmon/state.go b/net/netmon/state.go
index d9b360f5eee45..44eb23111e1b8 100644
--- a/net/netmon/state.go
+++ b/net/netmon/state.go
@@ -16,6 +16,7 @@ import (
 
 	"tailscale.com/envknob"
 	"tailscale.com/hostinfo"
+	"tailscale.com/internal/anet"
 	"tailscale.com/net/netaddr"
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/net/tshttpproxy"
@@ -139,7 +140,8 @@ func (i Interface) Addrs() ([]net.Addr, error) {
 	if i.AltAddrs != nil {
 		return i.AltAddrs, nil
 	}
-	return i.Interface.Addrs()
+
+	return anet.InterfaceAddrTable(i.Interface)
 }
 
 // ForeachInterfaceAddress is a wrapper for GetList, then
@@ -693,7 +695,7 @@ func netInterfaces() ([]Interface, error) {
 	if altNetInterfaces != nil {
 		return altNetInterfaces()
 	}
-	ifs, err := net.Interfaces()
+	ifs, err := anet.Interfaces()
 	if err != nil {
 		return nil, err
 	}