wgengine/filter: don't drop GCP DNS.

Manual backport of 3c508a58cc. Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago · b6e541e2eb
parent 3b75550ad0
commit b6e541e2eb
2 changed files with 6 additions and 2 deletions
--- a/wgengine/filter/filter.go
+++ b/wgengine/filter/filter.go
@ -371,7 +371,7 @@ func (f *Filter) pre(q *packet.ParsedPacket, rf RunFlags, dir direction) Respons
 		f.logRateLimit(rf, q, dir, Drop, "multicast")
 		return Drop
 	}
-	if q.DstIP.IsLinkLocalUnicast() {
+	if q.DstIP.IsMostLinkLocalUnicast() {
 		f.logRateLimit(rf, q, dir, Drop, "link-local-unicast")
 		return Drop
 	}
@ -418,7 +418,7 @@ func omitDropLogging(p *packet.ParsedPacket, dir direction) bool {
 			if ipProto == packet.IGMP {
 				return true
 			}
-			if p.DstIP.IsMulticast() || p.DstIP.IsLinkLocalUnicast() {
+			if p.DstIP.IsMulticast() || p.DstIP.IsMostLinkLocalUnicast() {
 				return true
 			}
 		case 6:
--- a/wgengine/packet/ip.go
+++ b/wgengine/packet/ip.go
@ -47,6 +47,10 @@ func (ip IP) IsLinkLocalUnicast() bool {
 	return byte(ip>>24) == 169 && byte(ip>>16) == 254
 }

+func (ip IP) IsMostLinkLocalUnicast() bool {
+	return ip.IsLinkLocalUnicast() && ip != 0xA9FEA9FE
+}
+
 // IPProto is either a real IP protocol (ITCP, UDP, ...) or an special value like Unknown.
 // If it is a real IP protocol, its value corresponds to its IP protocol number.
 type IPProto uint8