60874ec011
ProcessLocalIPs and ProcessSubnets were set unconditionally, causing netstack to intercept all inbound traffic including ICMP echo replies. With a real TUN device, this prevents replies from reaching the kernel networking stack. Selective service intercepts (PeerAPI, SSH, Serve, VIP, 4via6) in shouldProcessInbound still run without these flags.