From 93042b4407467e4eba344efc743b022058f90262 Mon Sep 17 00:00:00 2001
From: Denton Gentry <dgentry@tailscale.com>
Date: Fri, 3 Mar 2023 19:53:10 -0800
Subject: [PATCH] wgengine/netstack: add UDP forwarding bypass.

Allow a tsnet application to supply its own UDP
handling, similar to the existing TCP handling.

Updates https://github.com/tailscale/tailscale/issues/5871

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
---
 wgengine/netstack/netstack.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/wgengine/netstack/netstack.go b/wgengine/netstack/netstack.go
index e2fc5e0c1..abdb8cf9a 100644
--- a/wgengine/netstack/netstack.go
+++ b/wgengine/netstack/netstack.go
@@ -84,6 +84,10 @@ type Impl struct {
 	// port other than accepting it and closing it.
 	ForwardTCPIn func(c net.Conn, port uint16)
 
+	// ForwardUDPIn, if non-nil, handles forwarding inbound UDP
+	// packets.
+	ForwardUDPIn func(c net.PacketConn, port uint16)
+
 	// ProcessLocalIPs is whether netstack should handle incoming
 	// traffic directed at the Node.Addresses (local IPs).
 	// It can only be set before calling Start.
@@ -1021,6 +1025,12 @@ func (ns *Impl) acceptUDP(r *udp.ForwarderRequest) {
 	}
 
 	c := gonet.NewUDPConn(ns.ipstack, &wq, ep)
+
+	if ns.ForwardUDPIn != nil {
+		ns.ForwardUDPIn(c, r.ID().LocalPort)
+		return
+	}
+
 	go ns.forwardUDP(c, &wq, srcAddr, dstAddr)
 }