MCPcopy Index your code
hub / github.com/tailscale/tailscale / TestHandleLocalPackets

Function TestHandleLocalPackets

wgengine/netstack/netstack_test.go:924–1118  ·  view source on GitHub ↗

TestHandleLocalPackets tests the handleLocalPackets function, ensuring that we are properly deciding to handle packets that are destined for "local" IPs–addresses that are either for this node, or that it is responsible for. See, e.g. #11304

(t *testing.T)

Source from the content-addressed store, hash-verified

922//
923// See, e.g. #11304
924func TestHandleLocalPackets(t *testing.T) {
925 var (
926 selfIP4 = netip.MustParseAddr("100.64.1.2")
927 selfIP6 = netip.MustParseAddr("fd7a:115c:a1e0::123")
928 )
929
930 impl := makeNetstack(t, func(impl *Impl) {
931 impl.ProcessSubnets = false
932 impl.ProcessLocalIPs = false
933 impl.atomicIsLocalIPFunc.Store(func(addr netip.Addr) bool {
934 return addr == selfIP4 || addr == selfIP6
935 })
936 })
937
938 prefs := ipn.NewPrefs()
939 prefs.AdvertiseRoutes = []netip.Prefix{
940 // $ tailscale debug via 7 10.1.1.0/24
941 // fd7a:115c:a1e0:b1a:0:7:a01:100/120
942 netip.MustParsePrefix("fd7a:115c:a1e0:b1a:0:7:a01:100/120"),
943 }
944 prefs.AdvertiseServices = []string{"svc:test-service"}
945 _, err := impl.lb.EditPrefs(&ipn.MaskedPrefs{
946 Prefs: *prefs,
947 AdvertiseRoutesSet: true,
948 AdvertiseServicesSet: true,
949 })
950 if err != nil {
951 t.Fatalf("EditPrefs: %v", err)
952 }
953 IPServiceMap := netmap.IPServiceMappings{
954 netip.MustParseAddr("100.99.55.111"): "svc:test-service",
955 netip.MustParseAddr("fd7a:115c:a1e0::abcd"): "svc:test-service",
956 }
957 impl.lb.SetIPServiceMappingsForTest(IPServiceMap)
958
959 t.Run("ShouldHandleServiceIP", func(t *testing.T) {
960 t.Parallel()
961 pkt := &packet.Parsed{
962 IPVersion: 4,
963 IPProto: ipproto.TCP,
964 Src: netip.MustParseAddrPort("127.0.0.1:9999"),
965 Dst: netip.MustParseAddrPort("100.100.100.100:53"),
966 TCPFlags: packet.TCPSyn,
967 }
968 resp, _ := impl.handleLocalPackets(pkt, impl.tundev, nil)
969 if resp != filter.DropSilently {
970 t.Errorf("got filter outcome %v, want filter.DropSilently", resp)
971 }
972 })
973 // Any port on the quad-100 service IP must be absorbed locally by
974 // netstack and never leak out to the WireGuard / peer-routing
975 // layers. Historically we only intercepted specific ports (UDP 53
976 // and TCP 53/80/8080), causing stray traffic to other ports such
977 // as 100.100.100.100:853 (DoT) to time out in wireguard-go and
978 // produce "open-conn-track: timeout opening ...; no associated
979 // peer node" log spam. See the handleLocalPackets comment.
980 quad100LeakCases := []struct {
981 name string

Callers

nothing calls this directly

Calls 10

NewPrefsFunction · 0.92
makeNetstackFunction · 0.85
StoreMethod · 0.65
EditPrefsMethod · 0.65
FatalfMethod · 0.65
RunMethod · 0.65
ErrorfMethod · 0.65
handleLocalPacketsMethod · 0.45
AddrMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…