You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/wgengine
Irbe Krumina 9bd158cc09
cmd/containerboot,util/linuxfw: create a SNAT rule for dst/src only once, clean up if needed (#13658)
The AddSNATRuleForDst rule was adding a new rule each time it was called including:
- if a rule already existed
- if a rule matching the destination, but with different desired source already existed

This was causing issues especially for the in-progress egress HA proxies work,
where the rules are now refreshed more frequently, so more redundant rules
were being created.

This change:
- only creates the rule if it doesn't already exist
- if a rule for the same dst, but different source is found, delete it
- also ensures that egress proxies refresh firewall rules
if the node's tailnet IP changes

Updates tailscale/tailscale#13406

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2 months ago
..
bench ipn/ipnlocal, all: plumb health trackers in tests 7 months ago
capture wgengine/capture: fix v6 field typo in wireshark dissector 4 months ago
filter wgengine/filter: support FilterRules matching on srcIP node caps [capver 100] 5 months ago
magicsock wgengine/magicsock: avoid log spam from ReceiveFunc on shutdown 2 months ago
netlog wgengine: add exit destination logging enable for wgengine logger (#11952) 7 months ago
netstack wgengine/netstack: check userspace ping success on Windows 2 months ago
router cmd/containerboot,util/linuxfw: create a SNAT rule for dst/src only once, clean up if needed (#13658) 2 months ago
wgcfg ipn,wgengine: remove vestigial Prefs.AllowSingleHosts 6 months ago
wgint wgengine{,/wgint}: add wgint.Peer wrapper type, add to wgengine.Engine 9 months ago
wglog all: use Go 1.22 range-over-int 7 months ago
winnet all: add test for package comments, fix, add comments as needed 4 months ago
mem_ios.go all: update copyright and license headers 2 years ago
pendopen.go net/flowtrack: optimize Tuple type for use as map key 5 months ago
userspace.go wgengine: make opts.Metrics mandatory 2 months ago
userspace_ext_test.go util/usermetrics: make usermetrics non-global 2 months ago
userspace_test.go util/usermetrics: make usermetrics non-global 2 months ago
watchdog.go ipn/ipnlocal,net/tstun,wgengine: create and plumb jailed packet filter 7 months ago
watchdog_js.go all: update copyright and license headers 2 years ago
watchdog_test.go util/usermetrics: make usermetrics non-global 2 months ago
wgengine.go all: add test for package comments, fix, add comments as needed 4 months ago