From c1d23495bd7502372fdafc83e0b02dd893cbd9d7 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Tue, 13 Dec 2022 10:37:29 -0800 Subject: [PATCH] wgengine/magicsock: fix panic in wireguard-go rate limiting path Fixes #6686 Change-Id: I1055a87141b07261afed8e36c963a69f3be26088 Signed-off-by: Brad Fitzpatrick (cherry picked from commit 44be59c15a2841231eeb7d4a5c50929b4f0afb49) --- wgengine/magicsock/magicsock.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go index 34ad7c8ae..ff98ca62f 100644 --- a/wgengine/magicsock/magicsock.go +++ b/wgengine/magicsock/magicsock.go @@ -3329,7 +3329,7 @@ type endpoint struct { publicKey key.NodePublic // peer public key (for WireGuard + DERP) publicKeyHex string // cached output of publicKey.UntypedHexString fakeWGAddr netip.AddrPort // the UDP address we tell wireguard-go we're using - nodeAddr netip.Addr // the node's first tailscale address (only used for logging) + nodeAddr netip.Addr // the node's first tailscale address; used for logging & wireguard rate-limiting (Issue 6686) // mu protects all following fields. mu sync.Mutex // Lock ordering: Conn.mu, then endpoint.mu @@ -3516,7 +3516,7 @@ func (de *endpoint) ClearSrc() {} func (de *endpoint) SrcToString() string { panic("unused") } // unused by wireguard-go func (de *endpoint) SrcIP() netip.Addr { panic("unused") } // unused by wireguard-go func (de *endpoint) DstToString() string { return de.publicKeyHex } -func (de *endpoint) DstIP() netip.Addr { panic("unused") } +func (de *endpoint) DstIP() netip.Addr { return de.nodeAddr } // see tailscale/tailscale#6686 func (de *endpoint) DstToBytes() []byte { return packIPPort(de.fakeWGAddr) } // addrForSendLocked returns the address(es) that should be used for