From 79472a4a6e0510785a9cf4182f343978182844e6 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Tue, 8 Nov 2022 19:53:40 -0800
Subject: [PATCH] wgengine/netstack: optimize shouldProcessInbound, avoiding
 4via6 lookups

All IPv6 packets for the self address were doing netip.Prefix.Contains
lookups.

If if we know they're for a self address (which we already previously
computed and have sitting in a bool), then they can't be for a 4via6
range.

Change-Id: Iaaaf1248cb3fecec229935a80548ead0eb4cb892
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 wgengine/netstack/netstack.go      |  4 ++--
 wgengine/netstack/netstack_test.go | 10 +++++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/wgengine/netstack/netstack.go b/wgengine/netstack/netstack.go
index 4adb14894..7c430585a 100644
--- a/wgengine/netstack/netstack.go
+++ b/wgengine/netstack/netstack.go
@@ -559,8 +559,8 @@ func (ns *Impl) shouldProcessInbound(p *packet.Parsed, t *tstun.Wrapper) bool {
 			return true
 		}
 	}
-	if p.IPVersion == 6 && viaRange.Contains(p.Dst.Addr()) {
-		return ns.lb != nil && ns.lb.ShouldHandleViaIP(p.Dst.Addr())
+	if p.IPVersion == 6 && !isLocal && viaRange.Contains(dstIP) {
+		return ns.lb != nil && ns.lb.ShouldHandleViaIP(dstIP)
 	}
 	if !ns.ProcessLocalIPs && !ns.ProcessSubnets {
 		// Fast path for common case (e.g. Linux server in TUN mode) where
diff --git a/wgengine/netstack/netstack_test.go b/wgengine/netstack/netstack_test.go
index 6b8f14beb..6135ad858 100644
--- a/wgengine/netstack/netstack_test.go
+++ b/wgengine/netstack/netstack_test.go
@@ -259,6 +259,13 @@ func TestShouldHandlePing(t *testing.T) {
 	}
 }
 
+// looksLikeATailscaleSelfAddress reports whether addr looks like
+// a Tailscale self address, for tests.
+func looksLikeATailscaleSelfAddress(addr netip.Addr) bool {
+	return addr.Is4() && tsaddr.IsTailscaleIP(addr) ||
+		addr.Is6() && tsaddr.Tailscale4To6Range().Contains(addr)
+}
+
 func TestShouldProcessInbound(t *testing.T) {
 	testCases := []struct {
 		name  string
@@ -289,6 +296,7 @@ func TestShouldProcessInbound(t *testing.T) {
 					StateKey:    ipn.GlobalDaemonStateKey,
 					UpdatePrefs: prefs,
 				})
+				i.atomicIsLocalIPFunc.Store(looksLikeATailscaleSelfAddress)
 
 				// This should be handled even if we're
 				// otherwise not processing local IPs or
@@ -400,7 +408,7 @@ func TestShouldProcessInbound(t *testing.T) {
 				// For testing purposes, assume all Tailscale
 				// IPs are local; the Dst above is something
 				// not in that range.
-				i.atomicIsLocalIPFunc.Store(tsaddr.IsTailscaleIP)
+				i.atomicIsLocalIPFunc.Store(looksLikeATailscaleSelfAddress)
 			},
 			want: true,
 		},