From 2f237ec82f6c696dc8d8ec50f61750dc907178ec Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Fri, 14 Mar 2025 01:53:05 +1100
Subject: [PATCH] test(connlib): don't send arbitrary payloads to 53535 (#8428)

We reserve port 53535 on the Gateway's TUN IPs for a DNS server so we
must not send arbitrary UDP and TCP payloads to this port.
---
 rust/connlib/tunnel/proptest-regressions/tests.txt | 1 +
 rust/connlib/tunnel/src/tests/transition.rs        | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/rust/connlib/tunnel/proptest-regressions/tests.txt b/rust/connlib/tunnel/proptest-regressions/tests.txt
index cb2ed7104..179b13f60 100644
--- a/rust/connlib/tunnel/proptest-regressions/tests.txt
+++ b/rust/connlib/tunnel/proptest-regressions/tests.txt
@@ -163,3 +163,4 @@ cc b5dc48d89cc4f0c61ed3b7c58338f8f9f06654a5948bad62869ea4bbecf270d8
 cc 4b8aab1f09422751b66d7e46a968bb29fb9b11c8fff9bceb67cd5c8ddeab0a3d
 cc c48e5d18ae2cc7533bbe1d0cd155a1ec7bcaf00e8d029b0345c241ec3371dcca
 cc f2de44e6762e9a681d624467fd19ac9fc00f000dfc1c2a3bda05c905b01674c2
+cc 36a7bb4eff285399b9c431675d4337712e7edf016a3a02b05cba5115c8bf8fe4
diff --git a/rust/connlib/tunnel/src/tests/transition.rs b/rust/connlib/tunnel/src/tests/transition.rs
index f96e5d5a6..d52fa52a6 100644
--- a/rust/connlib/tunnel/src/tests/transition.rs
+++ b/rust/connlib/tunnel/src/tests/transition.rs
@@ -276,7 +276,7 @@ where
 fn non_dns_ports() -> impl Strategy<Value = u16> {
     any::<u16>().prop_filter(
         "avoid using port 53 for non-dns queries for simplicity",
-        |p| *p != 53,
+        |p| *p != 53 && *p != 53535,
     )
 }