From 2839854994f204a9e95e4d8d410490bb4f25e1fe Mon Sep 17 00:00:00 2001
From: David Anderson <danderson@tailscale.com>
Date: Thu, 5 Mar 2020 17:38:17 -0800
Subject: [PATCH] wgengine/magicsock: never set a DERP server as a roamAddr.

DERP traffic is asymmetric by design, with nodes always sending
to their peer's home DERP server. However, if roamAddr is set,
magicsock will always push data there, rather than let DERP
server selection do its thing, so we end up accidentally
creating a symmetric flow.

Signed-Off-By: David Anderson <danderson@tailscale.com>
---
 wgengine/magicsock/magicsock.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go
index 4af11e569..ff23a3dda 100644
--- a/wgengine/magicsock/magicsock.go
+++ b/wgengine/magicsock/magicsock.go
@@ -1098,6 +1098,11 @@ func (a *AddrSet) UpdateDst(new *net.UDPAddr) error {
 		// Packet from current-priority address, no logging.
 		// This is a hot path for established connections.
 		return nil
+	} else if new.IP.Equal(derpMagicIP) {
+		// Never pick DERP addresses as a roaming addr. DERP obeys its
+		// own endpoint selection logic.
+		// This is a hot path for established connections.
+		return nil
 	}
 
 	index := -1