personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-04-01 05:35:18 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove thing

Browse Source
This commit is contained in:
Nate Brown
2026-02-27 16:51:40 -06:00
parent 5cbccdc0fd
commit 7655a10108
1 changed files with 1 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
firewall.go
View File

@@ -108,15 +108,6 @@ type FirewallConntrack struct {
TimerWheel *TimerWheel[firewall.Packet]
}
func (ct *FirewallConntrack) dupeConnUnlocked(fp firewall.Packet, c *conn, timeout time.Duration) {
if _, ok := ct.Conns[fp]; !ok {
ct.TimerWheel.Advance(time.Now())
ct.TimerWheel.Add(fp, timeout)
}
ct.Conns[fp] = c
}
// FirewallTable is the entry point for a rule, the evaluation order is:
// Proto AND port AND (CA SHA or CA name) AND local CIDR AND (group OR groups OR name OR remote CIDR)
type FirewallTable struct {
@@ -505,7 +496,7 @@ func (f *Firewall) findUsableSNATPort(fp *firewall.Packet, c *conn) error {
if !ok {
//yay, we can use this port
//track the snatted flow with the same expiration as the unsnatted version
conntrack.dupeConnUnlocked(*fp, c, f.packetTimeout(*fp))
conntrack.Conns[*fp] = c
return nil
}
//increment and retry. There's probably better strategies out there