wgengine, net/packet, cmd/tailscale: add ICMP echo

Updates tailscale/corp#754

Signed-off-by: James Tucker <james@tailscale.com>

net/tstun/wrap.go

@@ -151,6 +151,11 @@ type Wrapper struct {
 	// OnTSMPPongReceived, if non-nil, is called whenever a TSMP pong arrives.
 	OnTSMPPongReceived func(packet.TSMPPongReply)
 
+	// OnICMPEchoResponseReceived, if non-nil, is called whenever a ICMP echo response
+	// arrives. If the packet is to be handled internally this returns true,
+	// false otherwise.
+	OnICMPEchoResponseReceived func(*packet.Parsed) bool
+
 	// PeerAPIPort, if non-nil, returns the peerapi port that's
 	// running for the given IP address.
 	PeerAPIPort func(netaddr.IP) (port uint16, ok bool)
@@ -575,6 +580,14 @@ func (t *Wrapper) filterIn(buf []byte) filter.Response {
 		}
 	}
 
+	if p.IsEchoResponse() {
+		if f := t.OnICMPEchoResponseReceived; f != nil && f(p) {
+			// Note: this looks dropped in metrics, even though it was
+			// handled internally.
+			return filter.DropSilently
+		}
+	}
+
 	// Issue 1526 workaround: if we see disco packets over
 	// Tailscale from ourselves, then drop them, as that shouldn't
 	// happen unless a networking stack is confused, as it seems