m/n/c/network: fix SNAT The previous change to this broke clusternet as it tried to masquerade traffic destined to that interface, but that is an unnumbered interface, causing the masquerade to fail and all inter-node traffic to be rejected. Fix this by including the clusternet interface in the list of interfaces not to NAT for. Change-Id: I4a79a1978b1aa449fca1dd2d0a2b0a5decc63ea8 Reviewed-on: https://review.monogon.dev/c/monogon/+/1857 Reviewed-by: Tim Windelschmidt <tim@monogon.tech> Tested-by: Jenkins CI

commit: 8481f7506b4c67de54fa96b5510007dc2c66a348 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Tue Jun 27 00:51:28 2023 +0200
committer: Lorenz Brun <lorenz@monogon.tech> Tue Jun 27 10:07:32 2023 +0000
tree: 591d0e285c1d36aeb813b75c0f8d76e62b688a2d
parent: a380d67c4f648aaf576adba0ea22d40d3782bf44 [diff]
diff --git a/metropolis/node/core/network/main.go b/metropolis/node/core/network/main.go
index 04f0afd..3cfe0f5 100644
--- a/metropolis/node/core/network/main.go
+++ b/metropolis/node/core/network/main.go

@@ -291,6 +291,12 @@
 				Register: 8,
 				Data:     []byte{'v', 'e', 't', 'h'},
 			},
+			// Check if outgoing interface isn't clusternet
+			&expr.Cmp{
+				Op:       expr.CmpOpNeq,
+				Register: 8,
+				Data:     []byte{'c', 'l', 'u', 's', 't', 'e', 'r', 'n', 'e', 't'},
+			},
 			&expr.Masq{
 				FullyRandom: true,
 				Persistent:  true,
commit	8481f7506b4c67de54fa96b5510007dc2c66a348	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Tue Jun 27 00:51:28 2023 +0200
committer	Lorenz Brun <lorenz@monogon.tech>	Tue Jun 27 10:07:32 2023 +0000
tree	591d0e285c1d36aeb813b75c0f8d76e62b688a2d
parent	a380d67c4f648aaf576adba0ea22d40d3782bf44 [diff]