netcheck,portmapper,magicsock: ignore some UDP write errors on Linux

Treat UDP send EPERM errors as a lost UDP packet, not something super fatal. That's just the Linux firewall preventing it from going out. And add a leaf package net/neterror for that (and future) policy that all three packages can share, with tests. Updates #3619 Change-Id: Ibdb838c43ee9efe70f4f25f7fc7fdf4607ba9c1d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-11 05:07:33 +00:00 · 2021-12-30 11:11:50 -08:00
parent 2c94e3c4ad
commit 7d9b1de3aa
7 changed files with 115 additions and 4 deletions
--- a/net/neterror/neterror_linux_test.go
+++ b/net/neterror/neterror_linux_test.go
@@ -0,0 +1,55 @@
+// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package neterror
+
+import (
+	"errors"
+	"net"
+	"os"
+	"syscall"
+	"testing"
+)
+
+func TestTreatAsLostUDP(t *testing.T) {
+	tests := []struct {
+		name string
+		err  error
+		want bool
+	}{
+		{"nil", nil, false},
+		{"non-nil", errors.New("foo"), false},
+		{"eperm", syscall.EPERM, true},
+		{
+			name: "operror",
+			err: &net.OpError{
+				Op: "write",
+				Err: &os.SyscallError{
+					Syscall: "sendto",
+					Err:     syscall.EPERM,
+				},
+			},
+			want: true,
+		},
+		{
+			name: "host_unreach",
+			err: &net.OpError{
+				Op: "write",
+				Err: &os.SyscallError{
+					Syscall: "sendto",
+					Err:     syscall.EHOSTUNREACH,
+				},
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := TreatAsLostUDP(tt.err); got != tt.want {
+				t.Errorf("got = %v; want %v", got, tt.want)
+			}
+		})
+	}
+
+}