MCPcopy Index your code
hub / github.com/tailscale/tailscale / RunIn

Method RunIn

wgengine/filter/filter.go:443–472  ·  view source on GitHub ↗

RunIn determines whether this node is allowed to receive q from a Tailscale peer.

(q *packet.Parsed, rf RunFlags)

Source from the content-addressed store, hash-verified

441// RunIn determines whether this node is allowed to receive q from a
442// Tailscale peer.
443func (f *Filter) RunIn(q *packet.Parsed, rf RunFlags) Response {
444 dir := in
445 r, _ := f.pre(q, rf, dir)
446 if r == Accept || r == Drop {
447 // already logged
448 return r
449 }
450
451 var why string
452 switch q.IPVersion {
453 case 4:
454 r, why = f.runIn4(q)
455 case 6:
456 r, why = f.runIn6(q)
457 default:
458 r, why = Drop, "not-ip"
459 }
460
461 if r == noVerdict {
462 for _, pm := range f.IngressAllowHooks {
463 if match, why := pm(*q); match {
464 f.logRateLimit(rf, q, dir, Accept, why)
465 return Accept
466 }
467 }
468 r = Drop
469 }
470 f.logRateLimit(rf, q, dir, r, why)
471 return r
472}
473
474// RunOut determines whether this node is allowed to send q to a
475// Tailscale peer.

Callers 9

CheckMethod · 0.95
TestFilterFunction · 0.80
TestUDPStateFunction · 0.80
TestNoAllocsFunction · 0.80
BenchmarkFilterFunction · 0.80
TestLoggingPrivacyFunction · 0.80
TestIngressAllowHooksFunction · 0.80
benchmarkFileFunction · 0.80

Calls 4

preMethod · 0.95
runIn4Method · 0.95
runIn6Method · 0.95
logRateLimitMethod · 0.95

Tested by 7

TestFilterFunction · 0.64
TestUDPStateFunction · 0.64
TestNoAllocsFunction · 0.64
BenchmarkFilterFunction · 0.64
TestLoggingPrivacyFunction · 0.64
TestIngressAllowHooksFunction · 0.64
benchmarkFileFunction · 0.64