From 8819cf3ff1be49b8726e10383dae57741fa8297b Mon Sep 17 00:00:00 2001 From: Tom Proctor Date: Tue, 10 Jun 2025 10:07:31 +0100 Subject: [PATCH] wgengine/magicsock: skip stun4localport if explicitconf endpoints available When a local port is set, we guess that users may have configured a static port mapping on their router and add an endpoint that combines their STUN-discovered IP address with their local port. It's generally fine if this is invalid, as it simply won't work. However, when there is explicit static endpoints configuration, there's no point adding this guessed endpoint, because the user has told us exactly what port mapping they set up for the client. This reduces noise/confusion when debugging endpoints for multiple containerized clients running on the same host, and should also make discovery very marginally more efficient. Note, this does not interact with TS_DEBUG_PRETENDPOINTS as that is a temporary debug setting, and static endpoints configuration is the only stable way to interact with explicitconf endpoints for now. Updates #14674, #12578 Change-Id: I4b0788a12e413df0972cde5f102304f88a933df3 Signed-off-by: Tom Proctor --- wgengine/magicsock/magicsock.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go index 2e2882110..22b8d1530 100644 --- a/wgengine/magicsock/magicsock.go +++ b/wgengine/magicsock/magicsock.go @@ -1128,7 +1128,10 @@ func (c *Conn) determineEndpoints(ctx context.Context) ([]tailcfg.Endpoint, erro // port mapping on their router to the same explicit // port that tailscaled is running with. Worst case // it's an invalid candidate mapping. - if port := c.port.Load(); nr.MappingVariesByDestIP.EqualBool(true) && port != 0 { + // + // However, no need to guess if we have explicit static + // endpoints configured. + if port := c.port.Load(); nr.MappingVariesByDestIP.EqualBool(true) && port != 0 && c.staticEndpoints.Len() == 0 { addAddr(netip.AddrPortFrom(v4Addrs[0].Addr(), uint16(port)), tailcfg.EndpointSTUN4LocalPort) } }