mirror of
https://github.com/tailscale/tailscale.git
synced 2026-05-05 12:16:44 +02:00
2c9ffdd188
PR #18860 adds firewall rules in the mangle table to save outbound packet marks to conntrack and restore them on reply packets before the routing decision. When reply packets have their marks restored, the kernel uses the correct routing table (based on the mark) and the packets pass the rp_filter check. This makes the risk check and reverse path filtering warnings unnecessary. Updates #3310 Fixes tailscale/corp#37846 Signed-off-by: Mike O'Driscoll <mikeo@tailscale.com>
16 lines
845 B
Go
16 lines
845 B
Go
// Copyright (c) Tailscale Inc & contributors
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
// Package healthmsg contains some constants for health messages.
|
|
//
|
|
// It's a leaf so both the server and CLI can depend on it without bringing too
|
|
// much in to the CLI binary.
|
|
package healthmsg
|
|
|
|
const (
|
|
WarnAcceptRoutesOff = "Some peers are advertising routes but --accept-routes is false"
|
|
TailscaleSSHOnBut = "Tailscale SSH enabled, but " // + ... something from caller
|
|
LockedOut = "this node is locked out; it will not have connectivity until it is signed. For more info, see https://tailscale.com/s/locked-out"
|
|
InMemoryTailnetLockState = "Tailnet Lock state is only being stored in-memory. Set --statedir to store state on disk, which is more secure. See https://tailscale.com/kb/1226/tailnet-lock#tailnet-lock-state"
|
|
)
|