From 193fa1b7c53d71abbb5435776a494ee311e7fc9b Mon Sep 17 00:00:00 2001
From: gVisor bot <gvisor-bot@google.com>
Date: Wed, 5 Apr 2023 14:05:23 +0800
Subject: [PATCH] Fix: should always drop packet when handle UDP packet (#2659)

---
 tunnel/connection.go | 2 --
 tunnel/tunnel.go     | 6 ++++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/tunnel/connection.go b/tunnel/connection.go
index e21bbdbf..c64a5266 100644
--- a/tunnel/connection.go
+++ b/tunnel/connection.go
@@ -13,8 +13,6 @@ import (
 )
 
 func handleUDPToRemote(packet C.UDPPacket, pc C.PacketConn, metadata *C.Metadata) error {
-	defer packet.Drop()
-
 	addr := metadata.UDPAddr()
 	if addr == nil {
 		return errors.New("udp addr invalid")
diff --git a/tunnel/tunnel.go b/tunnel/tunnel.go
index c4f55fbd..e982afa6 100644
--- a/tunnel/tunnel.go
+++ b/tunnel/tunnel.go
@@ -273,6 +273,7 @@ func resolveMetadata(ctx C.PlainContext, metadata *C.Metadata) (proxy C.Proxy, r
 func handleUDPConn(packet C.PacketAdapter) {
 	metadata := packet.Metadata()
 	if !metadata.Valid() {
+		packet.Drop()
 		log.Warnln("[Metadata] not valid: %#v", metadata)
 		return
 	}
@@ -284,6 +285,7 @@ func handleUDPConn(packet C.PacketAdapter) {
 	}
 
 	if err := preHandleMetadata(metadata); err != nil {
+		packet.Drop()
 		log.Debugln("[Metadata PreHandle] error: %s", err)
 		return
 	}
@@ -292,6 +294,7 @@ func handleUDPConn(packet C.PacketAdapter) {
 	if !metadata.Resolved() {
 		ip, err := resolver.ResolveIP(context.Background(), metadata.Host)
 		if err != nil {
+			packet.Drop()
 			return
 		}
 		metadata.DstIP = ip
@@ -309,6 +312,7 @@ func handleUDPConn(packet C.PacketAdapter) {
 	}
 
 	if handle() {
+		packet.Drop()
 		return
 	}
 
@@ -316,6 +320,8 @@ func handleUDPConn(packet C.PacketAdapter) {
 	cond, loaded := natTable.GetOrCreateLock(lockKey)
 
 	go func() {
+		defer packet.Drop()
+
 		if loaded {
 			cond.L.Lock()
 			cond.Wait()