You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/wgengine/router
Irbe Krumina 9bd158cc09
cmd/containerboot,util/linuxfw: create a SNAT rule for dst/src only once, clean up if needed (#13658)
The AddSNATRuleForDst rule was adding a new rule each time it was called including:
- if a rule already existed
- if a rule matching the destination, but with different desired source already existed

This was causing issues especially for the in-progress egress HA proxies work,
where the rules are now refreshed more frequently, so more redundant rules
were being created.

This change:
- only creates the rule if it doesn't already exist
- if a rule for the same dst, but different source is found, delete it
- also ensures that egress proxies refresh firewall rules
if the node's tailnet IP changes

Updates tailscale/tailscale#13406

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2 months ago
..
callback.go wgengine/router: implement UpdateMagicsockPort for CallbackRouter (#10494) 12 months ago
consolidating_router.go wgengine/router: consolidate routes before reconfiguring router for mobile clients 7 months ago
consolidating_router_test.go wgengine/router: consolidate routes before reconfiguring router for mobile clients 7 months ago
ifconfig_windows.go wgengine/router: use quad-100 as the nexthop on Windows 4 months ago
ifconfig_windows_test.go all: use Go 1.22 range-over-int 7 months ago
router.go various: implement stateful firewalling on Linux (#12025) 7 months ago
router_darwin.go health, all: remove health.Global, finish plumbing health.Tracker 7 months ago
router_default.go health, all: remove health.Global, finish plumbing health.Tracker 7 months ago
router_fake.go util/linuxfw, wgengine: allow ingress to magicsock UDP port on Linux (#10370) 12 months ago
router_freebsd.go health, all: remove health.Global, finish plumbing health.Tracker 7 months ago
router_linux.go health: begin work to use structured health warnings instead of strings, pipe changes into ipn.Notify (#12406) 5 months ago
router_linux_test.go cmd/containerboot,util/linuxfw: create a SNAT rule for dst/src only once, clean up if needed (#13658) 2 months ago
router_openbsd.go health, all: remove health.Global, finish plumbing health.Tracker 7 months ago
router_test.go various: implement stateful firewalling on Linux (#12025) 7 months ago
router_userspace_bsd.go health, all: remove health.Global, finish plumbing health.Tracker 7 months ago
router_windows.go cmd/tailscaled, net/dns, wgengine/router: start Windows child processes with DETACHED_PROCESS when I/O is being piped 6 months ago
router_windows_test.go wgengine/router: look up absolute path to netsh.exe on Windows 11 months ago
runner.go all: update copyright and license headers 2 years ago