MCPcopy Index your code
hub / github.com/tailscale/tailscale / shouldSendToHost

Method shouldSendToHost

wgengine/netstack/netstack.go:1101–1166  ·  view source on GitHub ↗

shouldSendToHost determines if the provided packet should be sent to the host (i.e the current machine running Tailscale), in which case it will return true. It will return false if the packet should be sent outbound, for transit via WireGuard to another Tailscale node.

(pkt *stack.PacketBuffer)

Source from the content-addressed store, hash-verified

1099// return true. It will return false if the packet should be sent outbound, for
1100// transit via WireGuard to another Tailscale node.
1101func (ns *Impl) shouldSendToHost(pkt *stack.PacketBuffer) bool {
1102 // Determine if the packet is from a service IP (100.100.100.100 or the
1103 // IPv6 variant), in which case it needs to go back into the machine's
1104 // network (inbound) instead of out.
1105 hdr := pkt.Network()
1106 switch v := hdr.(type) {
1107 case header.IPv4:
1108 srcIP := netip.AddrFrom4(v.SourceAddress().As4())
1109 if serviceIP == srcIP {
1110 return true
1111 }
1112
1113 if ns.isVIPServiceIP(srcIP) {
1114 dstIP := netip.AddrFrom4(v.DestinationAddress().As4())
1115 if ns.isLocalIP(dstIP) {
1116 if debugNetstack() {
1117 ns.logf("netstack: sending VIP service packet to host: src=%v dst=%v", srcIP, dstIP)
1118 }
1119 return true
1120 }
1121 }
1122
1123 case header.IPv6:
1124 srcIP := netip.AddrFrom16(v.SourceAddress().As16())
1125 if srcIP == serviceIPv6 {
1126 return true
1127 }
1128
1129 if ns.isVIPServiceIP(srcIP) {
1130 dstIP := netip.AddrFrom16(v.DestinationAddress().As16())
1131 if ns.isLocalIP(dstIP) {
1132 if debugNetstack() {
1133 ns.logf("netstack: sending VIP service packet to host: src=%v dst=%v", srcIP, dstIP)
1134 }
1135 return true
1136 }
1137 }
1138
1139 if viaRange.Contains(srcIP) {
1140 // Only send to the host if this 4via6 route is
1141 // something this node handles.
1142 if ns.lb != nil && ns.lb.ShouldHandleViaIP(srcIP) {
1143 dstIP := netip.AddrFrom16(v.DestinationAddress().As16())
1144 // Also, only forward to the host if the packet
1145 // is destined for a local IP; otherwise, we'd
1146 // send traffic that's intended for another
1147 // peer from the local 4via6 address to the
1148 // host instead of outbound to WireGuard. See:
1149 // https://github.com/tailscale/tailscale/issues/12448
1150 if ns.isLocalIP(dstIP) {
1151 return true
1152 }
1153 if debugNetstack() {
1154 ns.logf("netstack: sending 4via6 packet to host: src=%v dst=%v", srcIP, dstIP)
1155 }
1156 }
1157 }
1158 default:

Callers 2

injectMethod · 0.95
TestShouldSendToHostFunction · 0.80

Calls 6

isVIPServiceIPMethod · 0.95
isLocalIPMethod · 0.95
ShouldHandleViaIPMethod · 0.80
NetworkMethod · 0.45
logfMethod · 0.45
ContainsMethod · 0.45

Tested by 1

TestShouldSendToHostFunction · 0.64