Revert "Fix inbound bypass TTL expiry for long-lived TCP connections"

This reverts commit 0c2de366d4.
2026-03-23 14:12:01 +08:00
parent 6d3afeb879
commit 0a118d1544
1 changed files with 1 additions and 2 deletions
--- a/wgengine/netstack/netstack.go
+++ b/wgengine/netstack/netstack.go
@@ -862,7 +862,7 @@ func (ns *Impl) handleLocalPackets(p *packet.Parsed, t *tstun.Wrapper, gro *gro.
 	default:
 		// Not traffic to the service IP or a 4via6 IP, so we don't
 		// care about the packet; resume processing.
-		if p.IPProto == ipproto.TCP {
+		if p.IPProto == ipproto.TCP && p.TCPFlags&packet.TCPSyn != 0 && p.TCPFlags&packet.TCPAck == 0 {
 			ns.recordOutboundTCPFlow(p)
 		}
 		return filter.Accept, gro
@@ -1133,7 +1133,6 @@ func (ns *Impl) shouldBypassInbound(p *packet.Parsed) bool {
 		}
 		return false
 	}
-	ns.outboundTCPFlows[key] = now.Add(outboundTCPFlowTTL)
 	if debugNetstack() && (p.TCPFlags&packet.TCPSynAck == packet.TCPSynAck || p.TCPFlags&packet.TCPRst != 0) {
 		ns.logf("netstack: inbound bypass hit for %v -> %v flags=%v", p.Src, p.Dst, p.TCPFlags)
 	}