personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-04-01 07:05:17 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

new error

Browse Source
This commit is contained in:
JackDoan
2026-03-04 13:08:15 -06:00
parent 1580175b2e
commit 2e50518066
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
firewall.go
View File

@@ -25,6 +25,7 @@ import (
var ErrCannotSNAT = errors.New("cannot SNAT this packet") var ErrCannotSNAT = errors.New("cannot SNAT this packet")
var ErrSNATIdentityMismatch = errors.New("refusing to SNAT for mismatched host") var ErrSNATIdentityMismatch = errors.New("refusing to SNAT for mismatched host")
var ErrSNATAddressCollision = errors.New("refusing to accept an incoming packet with my SNAT address")
const ipv4SourcePosition = 12 const ipv4SourcePosition = 12
const ipv4DestinationPosition = 16 const ipv4DestinationPosition = 16
@@ -522,7 +523,7 @@ func (f *Firewall) applySnat(data []byte, fp *firewall.Packet, c *conn, hostinfo
return ErrCannotSNAT return ErrCannotSNAT
} }
if f.snatAddr == fp.LocalAddr { //a packet that came from UDP (incoming) should never ever have our snat address on it if f.snatAddr == fp.LocalAddr { //a packet that came from UDP (incoming) should never ever have our snat address on it
return ErrSNATIdentityMismatch return ErrSNATAddressCollision
} }
if c.snat.Valid() { if c.snat.Valid() {
//old flow: make sure it came from the right place //old flow: make sure it came from the right place