add listen.send_recv_error config option (#670)

By default, Nebula replies to packets it has no tunnel for with a `recv_error` packet. This packet helps speed up re-connection in the case that Nebula on either side did not shut down cleanly. This response can be abused as a way to discover if Nebula is running on a host though. This option lets you configure if you want to send `recv_error` packets always, never, or only to private network remotes. valid values: always, never, private This setting is reloadable with SIGHUP.
2025-11-22 08:24:25 +01:00 · 2022-06-27 12:37:54 -04:00
parent 85ec807b7e
commit 7b9287709c
5 changed files with 83 additions and 1 deletions
--- a/main.go
+++ b/main.go
@@ -306,6 +306,8 @@ func Main(c *config.C, configTest bool, buildVersion string, logger *logrus.Logg

 		ifce.RegisterConfigChangeCallbacks(c)

+		ifce.reloadSendRecvError(c)
+
 		go handshakeManager.Run(ctx, ifce)
 		go lightHouse.LhUpdateWorker(ctx, ifce)
 	}