From e9657d571e5d0e0c9f3f35279510c05ad129af33 Mon Sep 17 00:00:00 2001 From: Dave Russell Date: Fri, 2 Oct 2020 22:25:31 +1000 Subject: [PATCH] control->Send: Also set the src port With the source port also set, we only need to enable inbound firewall rules on the 'server' side of the connection, as the conntrack will allow replies. --- control.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/control.go b/control.go index 2ab1e56..20d4bc0 100644 --- a/control.go +++ b/control.go @@ -204,7 +204,12 @@ func (c *Control) Send(ip uint32, port uint16, t NebulaMessageSubType, payload [ binary.BigEndian.PutUint16(packet[2:4], uint16(length)) binary.BigEndian.PutUint32(packet[12:16], ip2int(c.f.inside.CidrNet().IP.To4())) binary.BigEndian.PutUint32(packet[16:20], ip) + + // Set identical values for src and dst port as they're only + // used for nebula firewall rule mataching. + binary.BigEndian.PutUint16(packet[20:22], port) binary.BigEndian.PutUint16(packet[22:24], port) + copy(packet[headerLen:], payload) nb := make([]byte, 12)