netcheck,portmapper,magicsock: ignore some UDP write errors on Linux

Treat UDP send EPERM errors as a lost UDP packet, not something super fatal. That's just the Linux firewall preventing it from going out. And add a leaf package net/neterror for that (and future) policy that all three packages can share, with tests. Updates #3619 Change-Id: Ibdb838c43ee9efe70f4f25f7fc7fdf4607ba9c1d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-11 13:18:53 +00:00 · 2021-12-30 11:11:50 -08:00
parent 2c94e3c4ad
commit 7d9b1de3aa
7 changed files with 115 additions and 4 deletions
--- a/net/portmapper/portmapper.go
+++ b/net/portmapper/portmapper.go
@@ -20,6 +20,7 @@ import (
 	"go4.org/mem"
 	"inet.af/netaddr"
 	"tailscale.com/net/interfaces"
+	"tailscale.com/net/neterror"
 	"tailscale.com/net/netns"
 	"tailscale.com/types/logger"
 	"tailscale.com/util/clientmetric"
@@ -478,18 +479,27 @@ func (c *Client) createOrGetMapping(ctx context.Context) (external netaddr.IPPor
 		// Only do PCP mapping in the case when PMP did not appear to be available recently.
 		pkt := buildPCPRequestMappingPacket(myIP, localPort, prevPort, pcpMapLifetimeSec, wildcardIP)
 		if _, err := uc.WriteTo(pkt, pxpAddru); err != nil {
+			if neterror.TreatAsLostUDP(err) {
+				err = NoMappingError{ErrNoPortMappingServices}
+			}
 			return netaddr.IPPort{}, err
 		}
 	} else {
 		// Ask for our external address if needed.
 		if m.external.IP().IsZero() {
 			if _, err := uc.WriteTo(pmpReqExternalAddrPacket, pxpAddru); err != nil {
+				if neterror.TreatAsLostUDP(err) {
+					err = NoMappingError{ErrNoPortMappingServices}
+				}
 				return netaddr.IPPort{}, err
 			}
 		}

 		pkt := buildPMPRequestMappingPacket(localPort, prevPort, pmpMapLifetimeSec)
 		if _, err := uc.WriteTo(pkt, pxpAddru); err != nil {
+			if neterror.TreatAsLostUDP(err) {
+				err = NoMappingError{ErrNoPortMappingServices}
+			}
 			return netaddr.IPPort{}, err
 		}
 	}