SetPeerByIPPacketFunc installs a callback used by wireguard-go to look up which peer should handle an outbound packet by destination IP. fn is an optional fast path for exact node-address matches (e.g. dst is a Tailscale IP). On miss (or if fn is nil), the engine's own BART table ([userspaceEngine.
(fn func(netip.Addr) (_ key.NodePublic, ok bool))
| 740 | // so callers that don't call SetPeerByIPPacketFunc (e.g. those not running |
| 741 | // a LocalBackend) still get working outbound packet routing. |
| 742 | func (e *userspaceEngine) SetPeerByIPPacketFunc(fn func(netip.Addr) (_ key.NodePublic, ok bool)) { |
| 743 | e.wgdev.SetPeerByIPPacketFunc(func(_, dst netip.Addr, _ []byte) (device.NoisePublicKey, bool) { |
| 744 | if fn != nil { |
| 745 | if pk, ok := fn(dst); ok { |
| 746 | return pk.Raw32(), true |
| 747 | } |
| 748 | } |
| 749 | if rt := e.peerByIPRoute.Load(); rt != nil { |
| 750 | if pk, ok := rt.Lookup(dst); ok { |
| 751 | return pk.Raw32(), true |
| 752 | } |
| 753 | } |
| 754 | return device.NoisePublicKey{}, false |
| 755 | }) |
| 756 | } |
| 757 | |
| 758 | // hasOverlap checks if there is a IPPrefix which is common amongst the two |
| 759 | // provided slices. |
no test coverage detected