tailscale/net
Maisem Ali 1f51bb6891 net/tstun: do SNAT after filterPacketOutboundToWireGuard
In a configuration where the local node (ip1) has a different IP (ip2)
that it uses to communicate with a peer (ip3) we would do UDP flow
tracking on the `ip2->ip3` tuple. When we receive the response from
the peer `ip3->ip2` we would dnat it back to `ip3->ip1` which would
then not match the flow track state and the packet would get dropped.

To fix this, we should do flow tracking on the `ip1->ip3` tuple instead
of `ip2->ip3` which requires doing SNAT after the running filterPacketOutboundToWireGuard.

Updates tailscale/corp#19971, tailscale/corp#8020

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-05-14 17:19:09 -04:00
..
art all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
connstats all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
dns net/dns/resolver, control/controlknobs, tailcfg: use UserDial instead of SystemDial to dial DNS servers 2024-05-06 17:29:24 -05:00
dnscache net/netns, net/dns/resolver, etc: make netmon required in most places 2024-04-27 12:17:45 -07:00
dnsfallback tsd, ipnlocal, etc: add tsd.System.HealthTracker, start some plumbing 2024-04-25 22:13:04 -07:00
flowtrack all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ktimeout net/ktimeout: add a package to set TCP user timeout 2024-02-20 10:49:58 -08:00
memnet net/memnet: export the network name (#9111) 2023-08-28 11:43:51 -07:00
netaddr all: update copyright and license headers 2023-01-27 15:36:29 -08:00
netcheck net/netcheck: do not add derps if IPv4/IPv6 is set to "none" 2024-05-07 15:57:28 -07:00
neterror net/neterror, wgengine/magicsock: use UDP GSO and GRO on Linux (#7791) 2023-04-04 16:32:16 -07:00
netkernelconf client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071) 2023-11-09 11:34:41 -08:00
netknob all: update copyright and license headers 2023-01-27 15:36:29 -08:00
netmon net/netmon: remove spammy log statements (#11953) 2024-05-01 12:02:16 -04:00
netns net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon 2024-04-28 07:34:52 -07:00
netstat net/{netns,netstat}: use new x/sys/cpu.IsBigEndian 2023-02-02 07:41:49 -08:00
netutil net/netmon, add: add netmon.State type alias of interfaces.State 2024-04-28 07:34:52 -07:00
packet all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
ping net/ping: fix ICMP echo code field to 0 2023-09-15 17:08:39 -07:00
portmapper net/portmapper: add envknob to disable portmapper in localhost integration tests 2024-05-06 11:15:56 -07:00
proxymux all: cleanup unused code, part 1 (#10661) 2023-12-20 14:50:30 -08:00
routetable net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon 2024-04-28 07:34:52 -07:00
socks5 net/socks5: add password auth support 2023-03-05 14:08:34 -08:00
sockstats net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon 2024-04-28 07:34:52 -07:00
speedtest all: update copyright and license headers 2023-01-27 15:36:29 -08:00
stun all: make more tests pass/skip in airplane mode 2024-05-06 09:19:53 -07:00
stunserver all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
tcpinfo all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
tlsdial tsd, ipnlocal, etc: add tsd.System.HealthTracker, start some plumbing 2024-04-25 22:13:04 -07:00
tsaddr types/views: remove duplicate SliceContainsFunc 2024-05-03 19:19:33 -07:00
tsdial ipn/ipnlocal, net/tsdial: plumb routes into tsdial and use them in UserDial 2024-05-06 15:44:44 -05:00
tshttpproxy all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
tstun net/tstun: do SNAT after filterPacketOutboundToWireGuard 2024-05-14 17:19:09 -04:00
wsconn net/wsconn: accept a remote addr string and plumb it through 2023-08-29 16:57:16 -07:00