From 169cdbbd35bc257776c992013fefa979867fbbb0 Mon Sep 17 00:00:00 2001
From: brad-defined <77982333+brad-defined@users.noreply.github.com>
Date: Mon, 27 Jun 2022 14:36:10 -0400
Subject: [PATCH] Immediately forward packets received on the nebula TUN device
 from self to self (#501)

* Immediately forward packets received on the nebula TUN device with a destination of our Nebula VPN IP right back out that same TUN device on MacOS.
---
 inside.go         | 12 +++++++++++-
 inside_darwin.go  |  3 +++
 inside_generic.go |  6 ++++++
 3 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 inside_darwin.go
 create mode 100644 inside_generic.go

diff --git a/inside.go b/inside.go
index ca51728..c005e2e 100644
--- a/inside.go
+++ b/inside.go
@@ -23,8 +23,18 @@ func (f *Interface) consumeInsidePacket(packet []byte, fwPacket *firewall.Packet
 		return
 	}
 
-	// Ignore packets from self to self
 	if fwPacket.RemoteIP == f.myVpnIp {
+		// Immediately forward packets from self to self.
+		// This should only happen on Darwin-based hosts, which routes packets from
+		// the Nebula IP to the Nebula IP through the Nebula TUN device.
+		if immediatelyForwardToSelf {
+			_, err := f.readers[q].Write(packet)
+			if err != nil {
+				f.l.WithError(err).Error("Failed to forward to tun")
+			}
+		}
+		// Otherwise, drop. On linux, we should never see these packets - Linux
+		// routes packets from the nebula IP to the nebula IP through the loopback device.
 		return
 	}
 
diff --git a/inside_darwin.go b/inside_darwin.go
new file mode 100644
index 0000000..a3b98ba
--- /dev/null
+++ b/inside_darwin.go
@@ -0,0 +1,3 @@
+package nebula
+
+const immediatelyForwardToSelf bool = true
diff --git a/inside_generic.go b/inside_generic.go
new file mode 100644
index 0000000..8eb98e8
--- /dev/null
+++ b/inside_generic.go
@@ -0,0 +1,6 @@
+//go:build !darwin
+// +build !darwin
+
+package nebula
+
+const immediatelyForwardToSelf bool = false