diff --git a/wgengine/router/router_linux_test.go b/wgengine/router/router_linux_test.go index d2a8f5a12..6f5a26196 100644 --- a/wgengine/router/router_linux_test.go +++ b/wgengine/router/router_linux_test.go @@ -34,9 +34,9 @@ func mustCIDRs(ss ...string) []netaddr.IPPrefix { func TestRouterStates(t *testing.T) { basic := ` -ip rule add pref 8810 fwmark 0x20000 table main -ip rule add pref 8830 fwmark 0x20000 table default -ip rule add pref 8850 fwmark 0x20000 type unreachable +ip rule add pref 8810 fwmark 0x80000 table main +ip rule add pref 8830 fwmark 0x80000 table default +ip rule add pref 8850 fwmark 0x80000 type unreachable ip rule add pref 8888 table 88 ` states := []struct { @@ -106,15 +106,15 @@ func TestRouterStates(t *testing.T) { ip route add 100.100.100.100/32 dev tailscale0 table 88` + basic + `filter/FORWARD -j ts-forward filter/INPUT -j ts-input -filter/ts-forward -i tailscale0 -j MARK --set-mark 0x10000 -filter/ts-forward -m mark --mark 0x10000 -j ACCEPT +filter/ts-forward -i tailscale0 -j MARK --set-mark 0x40000 +filter/ts-forward -m mark --mark 0x40000 -j ACCEPT filter/ts-forward -o tailscale0 -s 100.64.0.0/10 -j DROP filter/ts-forward -o tailscale0 -j ACCEPT filter/ts-input -i lo -s 100.101.102.104 -j ACCEPT filter/ts-input ! -i tailscale0 -s 100.115.92.0/23 -j RETURN filter/ts-input ! -i tailscale0 -s 100.64.0.0/10 -j DROP nat/POSTROUTING -j ts-postrouting -nat/ts-postrouting -m mark --mark 0x10000 -j MASQUERADE +nat/ts-postrouting -m mark --mark 0x40000 -j MASQUERADE `, }, { @@ -131,8 +131,8 @@ func TestRouterStates(t *testing.T) { ip route add 100.100.100.100/32 dev tailscale0 table 88` + basic + `filter/FORWARD -j ts-forward filter/INPUT -j ts-input -filter/ts-forward -i tailscale0 -j MARK --set-mark 0x10000 -filter/ts-forward -m mark --mark 0x10000 -j ACCEPT +filter/ts-forward -i tailscale0 -j MARK --set-mark 0x40000 +filter/ts-forward -m mark --mark 0x40000 -j ACCEPT filter/ts-forward -o tailscale0 -s 100.64.0.0/10 -j DROP filter/ts-forward -o tailscale0 -j ACCEPT filter/ts-input -i lo -s 100.101.102.104 -j ACCEPT @@ -158,8 +158,8 @@ func TestRouterStates(t *testing.T) { ip route add 100.100.100.100/32 dev tailscale0 table 88` + basic + `filter/FORWARD -j ts-forward filter/INPUT -j ts-input -filter/ts-forward -i tailscale0 -j MARK --set-mark 0x10000 -filter/ts-forward -m mark --mark 0x10000 -j ACCEPT +filter/ts-forward -i tailscale0 -j MARK --set-mark 0x40000 +filter/ts-forward -m mark --mark 0x40000 -j ACCEPT filter/ts-forward -o tailscale0 -s 100.64.0.0/10 -j DROP filter/ts-forward -o tailscale0 -j ACCEPT filter/ts-input -i lo -s 100.101.102.104 -j ACCEPT @@ -182,8 +182,8 @@ func TestRouterStates(t *testing.T) { ip route add 100.100.100.100/32 dev tailscale0 table 88` + basic + `filter/FORWARD -j ts-forward filter/INPUT -j ts-input -filter/ts-forward -i tailscale0 -j MARK --set-mark 0x10000 -filter/ts-forward -m mark --mark 0x10000 -j ACCEPT +filter/ts-forward -i tailscale0 -j MARK --set-mark 0x40000 +filter/ts-forward -m mark --mark 0x40000 -j ACCEPT filter/ts-forward -o tailscale0 -s 100.64.0.0/10 -j DROP filter/ts-forward -o tailscale0 -j ACCEPT filter/ts-input -i lo -s 100.101.102.104 -j ACCEPT @@ -205,8 +205,8 @@ func TestRouterStates(t *testing.T) { ip addr add 100.101.102.104/10 dev tailscale0 ip route add 10.0.0.0/8 dev tailscale0 table 88 ip route add 100.100.100.100/32 dev tailscale0 table 88` + basic + - `filter/ts-forward -i tailscale0 -j MARK --set-mark 0x10000 -filter/ts-forward -m mark --mark 0x10000 -j ACCEPT + `filter/ts-forward -i tailscale0 -j MARK --set-mark 0x40000 +filter/ts-forward -m mark --mark 0x40000 -j ACCEPT filter/ts-forward -o tailscale0 -s 100.64.0.0/10 -j DROP filter/ts-forward -o tailscale0 -j ACCEPT filter/ts-input -i lo -s 100.101.102.104 -j ACCEPT @@ -228,8 +228,8 @@ func TestRouterStates(t *testing.T) { ip route add 100.100.100.100/32 dev tailscale0 table 88` + basic + `filter/FORWARD -j ts-forward filter/INPUT -j ts-input -filter/ts-forward -i tailscale0 -j MARK --set-mark 0x10000 -filter/ts-forward -m mark --mark 0x10000 -j ACCEPT +filter/ts-forward -i tailscale0 -j MARK --set-mark 0x40000 +filter/ts-forward -m mark --mark 0x40000 -j ACCEPT filter/ts-forward -o tailscale0 -s 100.64.0.0/10 -j DROP filter/ts-forward -o tailscale0 -j ACCEPT filter/ts-input -i lo -s 100.101.102.104 -j ACCEPT