Immediately forward packets received on the nebula TUN device from self to self (#501)

* Immediately forward packets received on the nebula TUN device with a destination of our Nebula VPN IP right back out that same TUN device on MacOS.
2022-06-27 14:36:10 -04:00 · 2022-06-27 14:36:10 -04:00 · 169cdbbd35
parent 0d1ee4214a
commit 169cdbbd35
3 changed files with 20 additions and 1 deletions
--- a/inside.go
+++ b/inside.go
@ -23,8 +23,18 @@ func (f *Interface) consumeInsidePacket(packet []byte, fwPacket *firewall.Packet
 		return
 	}

-	// Ignore packets from self to self
 	if fwPacket.RemoteIP == f.myVpnIp {
+		// Immediately forward packets from self to self.
+		// This should only happen on Darwin-based hosts, which routes packets from
+		// the Nebula IP to the Nebula IP through the Nebula TUN device.
+		if immediatelyForwardToSelf {
+			_, err := f.readers[q].Write(packet)
+			if err != nil {
+				f.l.WithError(err).Error("Failed to forward to tun")
+			}
+		}
+		// Otherwise, drop. On linux, we should never see these packets - Linux
+		// routes packets from the nebula IP to the nebula IP through the loopback device.
 		return
 	}

--- a/inside_darwin.go
+++ b/inside_darwin.go
@ -0,0 +1,3 @@
+package nebula
+
+const immediatelyForwardToSelf bool = true
--- a/inside_generic.go
+++ b/inside_generic.go
@ -0,0 +1,6 @@
+//go:build !darwin
+// +build !darwin
+
+package nebula
+
+const immediatelyForwardToSelf bool = false