shouldSendToHost determines if the provided packet should be sent to the host (i.e the current machine running Tailscale), in which case it will return true. It will return false if the packet should be sent outbound, for transit via WireGuard to another Tailscale node.
(pkt *stack.PacketBuffer)
| 1099 | // return true. It will return false if the packet should be sent outbound, for |
| 1100 | // transit via WireGuard to another Tailscale node. |
| 1101 | func (ns *Impl) shouldSendToHost(pkt *stack.PacketBuffer) bool { |
| 1102 | // Determine if the packet is from a service IP (100.100.100.100 or the |
| 1103 | // IPv6 variant), in which case it needs to go back into the machine's |
| 1104 | // network (inbound) instead of out. |
| 1105 | hdr := pkt.Network() |
| 1106 | switch v := hdr.(type) { |
| 1107 | case header.IPv4: |
| 1108 | srcIP := netip.AddrFrom4(v.SourceAddress().As4()) |
| 1109 | if serviceIP == srcIP { |
| 1110 | return true |
| 1111 | } |
| 1112 | |
| 1113 | if ns.isVIPServiceIP(srcIP) { |
| 1114 | dstIP := netip.AddrFrom4(v.DestinationAddress().As4()) |
| 1115 | if ns.isLocalIP(dstIP) { |
| 1116 | if debugNetstack() { |
| 1117 | ns.logf("netstack: sending VIP service packet to host: src=%v dst=%v", srcIP, dstIP) |
| 1118 | } |
| 1119 | return true |
| 1120 | } |
| 1121 | } |
| 1122 | |
| 1123 | case header.IPv6: |
| 1124 | srcIP := netip.AddrFrom16(v.SourceAddress().As16()) |
| 1125 | if srcIP == serviceIPv6 { |
| 1126 | return true |
| 1127 | } |
| 1128 | |
| 1129 | if ns.isVIPServiceIP(srcIP) { |
| 1130 | dstIP := netip.AddrFrom16(v.DestinationAddress().As16()) |
| 1131 | if ns.isLocalIP(dstIP) { |
| 1132 | if debugNetstack() { |
| 1133 | ns.logf("netstack: sending VIP service packet to host: src=%v dst=%v", srcIP, dstIP) |
| 1134 | } |
| 1135 | return true |
| 1136 | } |
| 1137 | } |
| 1138 | |
| 1139 | if viaRange.Contains(srcIP) { |
| 1140 | // Only send to the host if this 4via6 route is |
| 1141 | // something this node handles. |
| 1142 | if ns.lb != nil && ns.lb.ShouldHandleViaIP(srcIP) { |
| 1143 | dstIP := netip.AddrFrom16(v.DestinationAddress().As16()) |
| 1144 | // Also, only forward to the host if the packet |
| 1145 | // is destined for a local IP; otherwise, we'd |
| 1146 | // send traffic that's intended for another |
| 1147 | // peer from the local 4via6 address to the |
| 1148 | // host instead of outbound to WireGuard. See: |
| 1149 | // https://github.com/tailscale/tailscale/issues/12448 |
| 1150 | if ns.isLocalIP(dstIP) { |
| 1151 | return true |
| 1152 | } |
| 1153 | if debugNetstack() { |
| 1154 | ns.logf("netstack: sending 4via6 packet to host: src=%v dst=%v", srcIP, dstIP) |
| 1155 | } |
| 1156 | } |
| 1157 | } |
| 1158 | default: |