Block looped Tailscale traffic in tstun

[danderson]

We're hunting an elusive problem where sometimes mac machines seem to generate a routing loop, and so we transmit large amount of our own wireguard packets. To gather more information and mitigate the problem, we should implement a blocklist in tstun.

Magicsock has a list of all peer endpoints it's currently aware of. We should plumb that list into tstun as a blocklist, such that any attempt to send to those endpoints via Tailscale itself will drop the packets and log [unexpected] to help us diagnose.

[bradfitz]

Maybe related:

https://forum.tailscale.com/t/switch-from-cellular-to-wifi-tailscale-still-uses-cellular-to-exchange-data/441/6

I have been trialling the new 1.6 release.

Two days ago while I was on wifi at the office all day I managed to use 6.5GB of cellular data.