From c8980d34cf883c3239eec2a3f190ed7a2353a415 Mon Sep 17 00:00:00 2001
From: Ryan <rhuber@gmail.com>
Date: Wed, 5 Nov 2025 10:54:08 -0500
Subject: [PATCH] fixes

---
 interface.go | 9 +++++++++
 outside.go   | 7 +++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/interface.go b/interface.go
index b4abade..71073ac 100644
--- a/interface.go
+++ b/interface.go
@@ -827,6 +827,15 @@ func (f *Interface) writePacketToTun(q int, pkt *overlay.Packet) {
 		pkt.Release()
 		return
 	}
+	if bw, ok := writer.(interface {
+		WriteBatch([]*overlay.Packet) (int, error)
+	}); ok {
+		if _, err := bw.WriteBatch([]*overlay.Packet{pkt}); err != nil {
+			f.l.WithError(err).WithField("queue", q).Warn("Failed to write tun packet via batch writer")
+			pkt.Release()
+		}
+		return
+	}
 	if _, err := writer.Write(pkt.Payload()[:pkt.Len]); err != nil {
 		f.l.WithError(err).Error("Failed to write to tun")
 	}
diff --git a/outside.go b/outside.go
index 6135fd0..3eeaa4f 100644
--- a/outside.go
+++ b/outside.go
@@ -62,7 +62,7 @@ func (f *Interface) readOutsidePackets(ip netip.AddrPort, via *ViaSender, out []
 
 		switch h.Subtype {
 		case header.MessageNone:
-			if !f.decryptToTun(hostinfo, h.MessageCounter, out, packet, fwPacket, nb, q, localCache) {
+			if !f.decryptToTun(hostinfo, h.MessageCounter, out, packet, fwPacket, nb, q, localCache, ip, h.RemoteIndex) {
 				return
 			}
 		case header.MessageRelay:
@@ -466,7 +466,7 @@ func (f *Interface) decrypt(hostinfo *HostInfo, mc uint64, out []byte, packet []
 	return out, nil
 }
 
-func (f *Interface) decryptToTun(hostinfo *HostInfo, messageCounter uint64, out []byte, packet []byte, fwPacket *firewall.Packet, nb []byte, q int, localCache firewall.ConntrackCache) bool {
+func (f *Interface) decryptToTun(hostinfo *HostInfo, messageCounter uint64, out []byte, packet []byte, fwPacket *firewall.Packet, nb []byte, q int, localCache firewall.ConntrackCache, addr netip.AddrPort, recvIndex uint32) bool {
 	var (
 		err error
 		pkt *overlay.Packet
@@ -485,6 +485,9 @@ func (f *Interface) decryptToTun(hostinfo *HostInfo, messageCounter uint64, out
 			pkt.Release()
 		}
 		hostinfo.logger(f.l).WithError(err).Error("Failed to decrypt packet")
+		if addr.IsValid() {
+			f.maybeSendRecvError(addr, recvIndex)
+		}
 		return false
 	}