You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/net/tstun
Maisem Ali 1f51bb6891 net/tstun: do SNAT after filterPacketOutboundToWireGuard
In a configuration where the local node (ip1) has a different IP (ip2)
that it uses to communicate with a peer (ip3) we would do UDP flow
tracking on the `ip2->ip3` tuple. When we receive the response from
the peer `ip3->ip2` we would dnat it back to `ip3->ip1` which would
then not match the flow track state and the packet would get dropped.

To fix this, we should do flow tracking on the `ip1->ip3` tuple instead
of `ip2->ip3` which requires doing SNAT after the running filterPacketOutboundToWireGuard.

Updates tailscale/corp#19971, tailscale/corp#8020

Signed-off-by: Maisem Ali <maisem@tailscale.com>
6 months ago
..
fake.go cmd/tailscaled,net/tstun: fix data race on start-up in TUN mode 1 year ago
ifstatus_noop.go all: update copyright and license headers 2 years ago
ifstatus_windows.go all: update copyright and license headers 2 years ago
linkattrs_linux.go all: update copyright and license headers 2 years ago
linkattrs_notlinux.go all: update copyright and license headers 2 years ago
mtu.go disco,net/tstun,wgengine/magicsock: probe peer MTU 1 year ago
mtu_test.go disco,net/tstun,wgengine/magicsock: probe peer MTU 1 year ago
tap_linux.go go.mod,*: bump gvisor 1 year ago
tap_unsupported.go all: update copyright and license headers 2 years ago
tstun_stub.go cmd/tailscaled, net/tstun: build for aix/ppc64 7 months ago
tun.go net/tstun: implement env var for disabling UDP GRO on Linux (#11924) 7 months ago
tun_features_linux.go net/tstun: implement env var for disabling UDP GRO on Linux (#11924) 7 months ago
tun_features_notlinux.go net/tstun: implement env var for disabling UDP GRO on Linux (#11924) 7 months ago
tun_linux.go all: update copyright and license headers 2 years ago
tun_macos.go all: update copyright and license headers 2 years ago
tun_notwindows.go all: update copyright and license headers 2 years ago
tun_windows.go all: update copyright and license headers 2 years ago
wrap.go net/tstun: do SNAT after filterPacketOutboundToWireGuard 6 months ago
wrap_test.go net/tstun: refactor peerConfig to allow storing more details 7 months ago