MCPcopy Index your code
hub / github.com/tailscale/tailscale / Check

Method Check

wgengine/filter/filter.go:377–400  ·  view source on GitHub ↗

Check determines whether traffic from srcIP to dstIP:dstPort is allowed using protocol proto.

(srcIP, dstIP netip.Addr, dstPort uint16, proto ipproto.Proto)

Source from the content-addressed store, hash-verified

375// Check determines whether traffic from srcIP to dstIP:dstPort is allowed
376// using protocol proto.
377func (f *Filter) Check(srcIP, dstIP netip.Addr, dstPort uint16, proto ipproto.Proto) Response {
378 pkt := &packet.Parsed{}
379 pkt.Decode(dummyPacket) // initialize private fields
380 switch {
381 case (srcIP.Is4() && dstIP.Is6()) || (srcIP.Is6() && srcIP.Is4()):
382 // Mismatched address families, no filters will
383 // match.
384 return Drop
385 case srcIP.Is4():
386 pkt.IPVersion = 4
387 case srcIP.Is6():
388 pkt.IPVersion = 6
389 default:
390 panic("unreachable")
391 }
392 pkt.Src = netip.AddrPortFrom(srcIP, 0)
393 pkt.Dst = netip.AddrPortFrom(dstIP, dstPort)
394 pkt.IPProto = proto
395 if proto == ipproto.TCP {
396 pkt.TCPFlags = packet.TCPSyn
397 }
398
399 return f.RunIn(pkt, 0)
400}
401
402// CheckTCP determines whether TCP traffic from srcIP to dstIP:dstPort
403// is allowed.

Callers 1

CheckTCPMethod · 0.95

Calls 2

DecodeMethod · 0.95
RunInMethod · 0.95

Tested by

no test coverage detected