net/connstats: exclude traffic with internal Tailscale service (tailscale#7904)

dsnet · web-flow · commit ff1b35ec6c08 · 2023-04-17T14:24:29.000-07:00
Exclude traffic with 100.100.100.100 (for IPv4) and with fd7a:115c:a1e0::53 (for IPv6) since this traffic with the Tailscale service running locally on the node. This traffic never left the node. It also happens to be a high volume amount of traffic since DNS requests occur over UDP with each request coming from a unique port, thus resulting in many discrete traffic flows. Fixes tailscale/corp#10554 Signed-off-by: Joe Tsai <joetsai@digital-static.net>
diff --git a/net/connstats/stats.go b/net/connstats/stats.go
@@ -13,6 +13,7 @@ import (
 
 	"golang.org/x/sync/errgroup"
 	"tailscale.com/net/packet"
+	"tailscale.com/net/tsaddr"
 	"tailscale.com/types/netlogtype"
 )
 
@@ -92,6 +93,11 @@ func (s *Statistics) UpdateRxVirtual(b []byte) {
 	s.updateVirtual(b, true)
 }
 
+var (
+	tailscaleServiceIPv4 = tsaddr.TailscaleServiceIP()
+	tailscaleServiceIPv6 = tsaddr.TailscaleServiceIPv6()
+)
+
 func (s *Statistics) updateVirtual(b []byte, receive bool) {
 	var p packet.Parsed
 	p.Decode(b)
@@ -100,6 +106,15 @@ func (s *Statistics) updateVirtual(b []byte, receive bool) {
 		conn.Src, conn.Dst = conn.Dst, conn.Src
 	}
 
+	// Network logging is defined as traffic between two Tailscale nodes.
+	// Traffic with the internal Tailscale service is not with another node
+	// and should not be logged. It also happens to be a high volume
+	// amount of discrete traffic flows (e.g., DNS lookups).
+	switch conn.Dst.Addr() {
+	case tailscaleServiceIPv4, tailscaleServiceIPv6:
+		return
+	}
+
 	s.mu.Lock()
 	defer s.mu.Unlock()
 	cnts, found := s.virtual[conn]
