From 999814e9e190455b82bd9117bf3511c9239cddb0 Mon Sep 17 00:00:00 2001
From: Josh Bleecher Snyder <josh@tailscale.com>
Date: Tue, 23 Nov 2021 13:49:47 -0800
Subject: [PATCH] net/portmapper: handle pcp ADDRESS_MISMATCH response

These show up a fair amount in our logs.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
---
 net/portmapper/pcp.go        | 6 ++++++
 net/portmapper/portmapper.go | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/net/portmapper/pcp.go b/net/portmapper/pcp.go
index 9549d5e0e..1db18687d 100644
--- a/net/portmapper/pcp.go
+++ b/net/portmapper/pcp.go
@@ -28,6 +28,12 @@ const (
 
 	pcpCodeOK            = 0
 	pcpCodeNotAuthorized = 2
+	// From RFC 6887:
+	// ADDRESS_MISMATCH: The source IP address of the request packet does
+	// not match the contents of the PCP Client's IP Address field, due
+	// to an unexpected NAT on the path between the PCP client and the
+	// PCP-controlled NAT or firewall.
+	pcpCodeAddressMismatch = 12
 
 	pcpOpReply    = 0x80 // OR'd into request's op code on response
 	pcpOpAnnounce = 0
diff --git a/net/portmapper/portmapper.go b/net/portmapper/portmapper.go
index a2f98b2a2..415329567 100644
--- a/net/portmapper/portmapper.go
+++ b/net/portmapper/portmapper.go
@@ -791,6 +791,10 @@ func (c *Client) Probe(ctx context.Context) (res ProbeResult, err error) {
 						// provide port mapping services.
 						res.PCP = false
 						continue
+					case pcpCodeAddressMismatch:
+						// A PCP service is running, but it is behind a NAT, so it can't help us.
+						res.PCP = false
+						continue
 					default:
 						// Fall through to unexpected log line.
 					}