From a2c2235b9bdc5b047a9935e36a1509a97e02e2a3 Mon Sep 17 00:00:00 2001
From: JackDoan <me@jackdoan.com>
Date: Wed, 4 Mar 2026 13:11:23 -0600
Subject: [PATCH] rename

---
 firewall.go  |  6 +++---
 hostmap.go   |  4 ++--
 snat_test.go | 10 +++++-----
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/firewall.go b/firewall.go
index dea7a9c8..27d48171 100644
--- a/firewall.go
+++ b/firewall.go
@@ -566,7 +566,7 @@ func (f *Firewall) identifyRemoteNetworkType(h *HostInfo, fp firewall.Packet) Ne
 
 	//RemoteAddr not in our networks table
 	if f.snatAddr.IsValid() && fp.IsIPv4() && h.HasOnlyV6Addresses() {
-		return NetworkTypeUncheckedSNATPeer
+		return NetworkTypeUnverifiedSNATPeer
 	} else {
 		return NetworkTypeInvalidPeer
 	}
@@ -583,7 +583,7 @@ func (f *Firewall) allowRemoteNetworkType(nwType NetworkType, fp firewall.Packet
 		return ErrPeerRejected // reject for now, one day this may have different FW rules
 	case NetworkTypeUnsafe:
 		return nil // nothing special, one day this may have different FW rules
-	case NetworkTypeUncheckedSNATPeer:
+	case NetworkTypeUnverifiedSNATPeer:
 		if f.unsafeIPv4Origin.IsValid() && fp.LocalAddr == f.unsafeIPv4Origin {
 			return nil //the client case
 		}
@@ -668,7 +668,7 @@ func (f *Firewall) Drop(fp firewall.Packet, pkt []byte, incoming bool, h *HostIn
 	// We always want to conntrack since it is a faster operation
 	c = f.addConn(fp, incoming)
 
-	if incoming && remoteNetworkType == NetworkTypeUncheckedSNATPeer {
+	if incoming && remoteNetworkType == NetworkTypeUnverifiedSNATPeer {
 		return f.applySnat(pkt, &fp, c, h)
 	} else {
 		//outgoing snat is handled before this function is called
diff --git a/hostmap.go b/hostmap.go
index ff5ee456..f50dd875 100644
--- a/hostmap.go
+++ b/hostmap.go
@@ -224,8 +224,8 @@ const (
 	NetworkTypeVPNPeer
 	// NetworkTypeUnsafe is a network from Certificate.UnsafeNetworks()
 	NetworkTypeUnsafe
-	// NetworkTypeUncheckedSNATPeer is used to indicate traffic we're willing to route, but never deliver to a NetworkTypeVPN
-	NetworkTypeUncheckedSNATPeer
+	// NetworkTypeUnverifiedSNATPeer is used to indicate traffic we're willing to route, but never deliver to a NetworkTypeVPN
+	NetworkTypeUnverifiedSNATPeer
 	NetworkTypeInvalidPeer
 )
 
diff --git a/snat_test.go b/snat_test.go
index 708d96a0..1bba83ce 100644
--- a/snat_test.go
+++ b/snat_test.go
@@ -335,7 +335,7 @@ func TestFirewall_IdentifyNetworkType_SNATPeer(t *testing.T) {
 			RemoteAddr: netip.MustParseAddr("10.0.0.1"),
 			LocalAddr:  netip.MustParseAddr("192.168.1.1"),
 		}
-		assert.Equal(t, NetworkTypeUncheckedSNATPeer, fw.identifyRemoteNetworkType(h, fp))
+		assert.Equal(t, NetworkTypeUnverifiedSNATPeer, fw.identifyRemoteNetworkType(h, fp))
 	})
 
 	t.Run("v4 packet from v4 host is not snat peer", func(t *testing.T) {
@@ -373,12 +373,12 @@ func TestFirewall_AllowNetworkType_SNAT(t *testing.T) {
 	//todo fix!
 	//t.Run("snat peer allowed with snat addr", func(t *testing.T) {
 	//	fw := &Firewall{snatAddr: netip.MustParseAddr("169.254.55.96")}
-	//	assert.NoError(t, fw.allowRemoteNetworkType(NetworkTypeUncheckedSNATPeer, fp))
+	//	assert.NoError(t, fw.allowRemoteNetworkType(NetworkTypeUnverifiedSNATPeer, fp))
 	//})
 	//
 	//t.Run("snat peer rejected without snat addr", func(t *testing.T) {
 	//	fw := &Firewall{}
-	//	assert.ErrorIs(t, fw.allowRemoteNetworkType(NetworkTypeUncheckedSNATPeer, fp), ErrInvalidRemoteIP)
+	//	assert.ErrorIs(t, fw.allowRemoteNetworkType(NetworkTypeUnverifiedSNATPeer, fp), ErrInvalidRemoteIP)
 	//})
 
 	t.Run("vpn always allowed", func(t *testing.T) {
@@ -1291,7 +1291,7 @@ func TestFirewall_Drop_IPv4HostNotSNATted(t *testing.T) {
 		}
 		nwType := fw.identifyRemoteNetworkType(h, fp)
 		assert.Equal(t, NetworkTypeVPN, nwType, "v4 peer using its own VPN addr should be NetworkTypeVPN")
-		assert.NotEqual(t, NetworkTypeUncheckedSNATPeer, nwType, "must NOT be classified as SNAT peer")
+		assert.NotEqual(t, NetworkTypeUnverifiedSNATPeer, nwType, "must NOT be classified as SNAT peer")
 	})
 
 	t.Run("identifyRemoteNetworkType v4 peer with mismatched source", func(t *testing.T) {
@@ -1305,6 +1305,6 @@ func TestFirewall_Drop_IPv4HostNotSNATted(t *testing.T) {
 		}
 		nwType := fw.identifyRemoteNetworkType(h, fp)
 		assert.Equal(t, NetworkTypeInvalidPeer, nwType, "v4 peer with mismatched source should be InvalidPeer")
-		assert.NotEqual(t, NetworkTypeUncheckedSNATPeer, nwType, "must NOT be classified as SNAT peer")
+		assert.NotEqual(t, NetworkTypeUnverifiedSNATPeer, nwType, "must NOT be classified as SNAT peer")
 	})
 }