wgengine/router: switch packet marks to avoid conflict with Weave Net.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago · d60917c0f1
parent f26b409bd5
commit d60917c0f1
2 changed files with 3 additions and 3 deletions
--- a/net/netns/netns_linux.go
+++ b/net/netns/netns_linux.go
@ -26,7 +26,7 @@ import (
 //
 // Keep this in sync with tailscaleBypassMark in
 // wgengine/router/router_linux.go.
-const tailscaleBypassMark = 0x20000
+const tailscaleBypassMark = 0x80000

 // ipRuleOnce is the sync.Once & cached value for ipRuleAvailable.
 var ipRuleOnce struct {
--- a/wgengine/router/router_linux.go
+++ b/wgengine/router/router_linux.go
@ -37,13 +37,13 @@ import (
 const (
 	// Packet is from Tailscale and to a subnet route destination, so
 	// is allowed to be routed through this machine.
-	tailscaleSubnetRouteMark = "0x10000"
+	tailscaleSubnetRouteMark = "0x40000"
 	// Packet was originated by tailscaled itself, and must not be
 	// routed over the Tailscale network.
 	//
 	// Keep this in sync with tailscaleBypassMark in
 	// net/netns/netns_linux.go.
-	tailscaleBypassMark = "0x20000"
+	tailscaleBypassMark = "0x80000"
 )

 // netfilterRunner abstracts helpers to run netfilter commands. It