use in-Nebula SNAT to send IPv4 UnsafeNetworks traffic over an IPv6 overlay

2026-02-15 09:14:23 +01:00 · 2026-01-14 12:36:55 -06:00
parent 39452b5eec
commit c2a63499ac
22 changed files with 770 additions and 210 deletions
--- a/hostmap.go
+++ b/hostmap.go
@@ -224,6 +224,9 @@ const (
 	NetworkTypeVPNPeer
 	// NetworkTypeUnsafe is a network from Certificate.UnsafeNetworks()
 	NetworkTypeUnsafe
+	// NetworkTypeUncheckedSNATPeer is used to indicate traffic we're willing to route, but never deliver to a NetworkTypeVPN
+	NetworkTypeUncheckedSNATPeer
+	NetworkTypeInvalidPeer
 )

 type HostInfo struct {
@@ -277,6 +280,15 @@ type HostInfo struct {
 	lastUsed time.Time
 }

+func (i *HostInfo) HasOnlyV6Addresses() bool {
+	for _, vpnIp := range i.vpnAddrs {
+		if !vpnIp.Is6() {
+			return false
+		}
+	}
+	return true
+}
+
 type ViaSender struct {
 	UdpAddr   netip.AddrPort
 	relayHI   *HostInfo // relayHI is the host info object of the relay