wgengine/magicsock: skip stun4localport if explicitconf endpoints availabletomhjp/magicsock-endpoints

When a local port is set, we guess that users may have configured a
static port mapping on their router and add an endpoint that combines
their STUN-discovered IP address with their local port. It's
generally fine if this is invalid, as it simply won't work. However,
when there is explicit static endpoints configuration, there's no
point adding this guessed endpoint, because the user has told us
exactly what port mapping they set up for the client. This reduces
noise/confusion when debugging endpoints for multiple containerized
clients running on the same host, and should also make discovery
very marginally more efficient.

Note, this does not interact with TS_DEBUG_PRETENDPOINTS as that is
a temporary debug setting, and static endpoints configuration is the
only stable way to interact with explicitconf endpoints for now.

Updates #14674, #12578

Change-Id: I4b0788a12e413df0972cde5f102304f88a933df3
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go
index 2e2882110..22b8d1530 100644
--- a/wgengine/magicsock/magicsock.go
+++ b/wgengine/magicsock/magicsock.go
@@ -1128,7 +1128,10 @@ func (c *Conn) determineEndpoints(ctx context.Context) ([]tailcfg.Endpoint, erro
 		// port mapping on their router to the same explicit
 		// port that tailscaled is running with. Worst case
 		// it's an invalid candidate mapping.
-		if port := c.port.Load(); nr.MappingVariesByDestIP.EqualBool(true) && port != 0 {
+		//
+		// However, no need to guess if we have explicit static
+		// endpoints configured.
+		if port := c.port.Load(); nr.MappingVariesByDestIP.EqualBool(true) && port != 0 && c.staticEndpoints.Len() == 0 {
 			addAddr(netip.AddrPortFrom(v4Addrs[0].Addr(), uint16(port)), tailcfg.EndpointSTUN4LocalPort)
 		}
 	}