TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 13:05:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
85e675940d
tailscale/wgengine/filter
History
Avery Pennarun 85e675940d wgengine/filter: allow ICMP response packets. 
Longer term, we should probably update the packet filter to be fully
stateful, for both TCP and ICMP. That is, only ICMP packets related to
a session *we* initiated should be allowed back in. But this is
reasonably secure for now, since wireguard is already trimming most
traffic. The current code would not protect against eg. Ping-of-Death style
attacks from VPN nodes.

Fixes tailscale/tailscale#290.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
..
filter_test.go wgengine: don't lose filter state on filter reconfig. 2020-03-25 04:52:41 -04:00
filter.go wgengine/filter: allow ICMP response packets. 2020-04-29 05:25:45 -04:00
match.go controlclinet: clone filter.MatchAllowAll 2020-02-28 22:33:06 -05:00