9bd158cc09
The AddSNATRuleForDst rule was adding a new rule each time it was called including: - if a rule already existed - if a rule matching the destination, but with different desired source already existed This was causing issues especially for the in-progress egress HA proxies work, where the rules are now refreshed more frequently, so more redundant rules were being created. This change: - only creates the rule if it doesn't already exist - if a rule for the same dst, but different source is found, delete it - also ensures that egress proxies refresh firewall rules if the node's tailnet IP changes Updates tailscale/tailscale#13406 Signed-off-by: Irbe Krumina <irbe@tailscale.com> |
||
|---|---|---|
| .. | ||
| cache | ||
| cibuild | ||
| clientmetric | ||
| cloudenv | ||
| cmpver | ||
| codegen | ||
| cstruct | ||
| ctxkey | ||
| deephash | ||
| dirwalk | ||
| dnsname | ||
| execqueue | ||
| expvarx | ||
| fastuuid | ||
| goroutines | ||
| groupmember | ||
| hashx | ||
| httphdr | ||
| httpm | ||
| jsonutil | ||
| limiter | ||
| lineread | ||
| linuxfw | ||
| lru | ||
| mak | ||
| multierr | ||
| must | ||
| nocasemaps | ||
| osdiag | ||
| osshare | ||
| osuser | ||
| pidowner | ||
| pool | ||
| precompress | ||
| progresstracking | ||
| quarantine | ||
| race | ||
| racebuild | ||
| rands | ||
| reload | ||
| ringbuffer | ||
| set | ||
| singleflight | ||
| slicesx | ||
| syspolicy | ||
| sysresources | ||
| systemd | ||
| testenv | ||
| topk | ||
| truncate | ||
| uniq | ||
| usermetric | ||
| vizerror | ||
| winutil | ||
| zstdframe | ||