wgengine,net,ipn,disco: split up and define different types of MTU

Prepare for path MTU discovery by splitting up the concept of DefaultMTU() into the concepts of the Tailscale TUN MTU, MTUs of underlying network interfaces, minimum "safe" TUN MTU, user configured TUN MTU, probed path MTU to a peer, and maximum probed MTU. Add a set of likely MTUs to probe. Updates #311 Signed-off-by: Val <valerie@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2023-09-22 17:49:09 +02:00
parent fb2f3e4741
commit 059051c58a
7 changed files with 252 additions and 54 deletions
--- a/wgengine/magicsock/endpoint.go
+++ b/wgengine/magicsock/endpoint.go
@@ -422,6 +422,10 @@ func (de *endpoint) noteActiveLocked() {
 	}
 }

+// MaxDiscoPingSize is the largest useful ping message size that we
+// can send - the maximum packet size minus the IPv4 and UDP headers.
+var MaxDiscoPingSize = tstun.MaxPacketSize - 20 - 8
+
 // cliPing starts a ping for the "tailscale ping" command. res is value to call cb with,
 // already partially filled.
 func (de *endpoint) cliPing(res *ipnstate.PingResult, size int, cb func(*ipnstate.PingResult)) {
@@ -433,6 +437,11 @@ func (de *endpoint) cliPing(res *ipnstate.PingResult, size int, cb func(*ipnstat
 		cb(res)
 		return
 	}
+	if size > MaxDiscoPingSize {
+		res.Err = errPingTooBig.Error()
+		cb(res)
+		return
+	}

 	now := mono.Now()
 	udpAddr, derpAddr, _ := de.addrForSendLocked(now)
@@ -457,6 +466,7 @@ func (de *endpoint) cliPing(res *ipnstate.PingResult, size int, cb func(*ipnstat
 var (
 	errExpired     = errors.New("peer's node key has expired")
 	errNoUDPOrDERP = errors.New("no UDP or DERP addr")
+	errPingTooBig  = errors.New("ping size too big")
 )

 func (de *endpoint) send(buffs [][]byte) error {
@@ -564,13 +574,9 @@ const discoPingSize = len(disco.Magic) + key.DiscoPublicRawLen + disco.NonceLen
 // The caller should use de.discoKey as the discoKey argument.
 // It is passed in so that sendDiscoPing doesn't need to lock de.mu.
 func (de *endpoint) sendDiscoPing(ep netip.AddrPort, discoKey key.DiscoPublic, txid stun.TxID, size int, logLevel discoLogLevel) {
-	padding := 0
-	if size > int(tstun.DefaultMTU()) {
-		size = int(tstun.DefaultMTU())
-	}
-	if size-discoPingSize > 0 {
-		padding = size - discoPingSize
-	}
+	size = min(size, MaxDiscoPingSize)
+	padding := max(size-discoPingSize, 0)
+
 	sent, _ := de.c.sendDiscoMessage(ep, de.publicKey, discoKey, &disco.Ping{
 		TxID:    [12]byte(txid),
 		NodeKey: de.c.publicKeyAtomic.Load(),
--- a/wgengine/netstack/netstack.go
+++ b/wgengine/netstack/netstack.go
@@ -150,10 +150,11 @@ type Impl struct {

 const nicID = 1

-// maxUDPPacketSize is the maximum size of a UDP packet we copy in startPacketCopy
-// when relaying UDP packets. We don't use the 'mtu' const in anticipation of
-// one day making the MTU more dynamic.
-const maxUDPPacketSize = 1500
+// maxUDPPacketSize is the maximum size of a UDP packet we copy in
+// startPacketCopy when relaying UDP packets. The user can configure
+// the tailscale MTU to anything up to this size so we can potentially
+// have a UDP packet as big as the MTU.
+const maxUDPPacketSize = tstun.MaxPacketSize

 // Create creates and populates a new Impl.
 func Create(logf logger.Logf, tundev *tstun.Wrapper, e wgengine.Engine, mc *magicsock.Conn, dialer *tsdial.Dialer, dns *dns.Manager, pm *proxymap.Mapper) (*Impl, error) {
@@ -184,7 +185,7 @@ func Create(logf logger.Logf, tundev *tstun.Wrapper, e wgengine.Engine, mc *magi
 	if tcpipErr != nil {
 		return nil, fmt.Errorf("could not enable TCP SACK: %v", tcpipErr)
 	}
-	linkEP := channel.New(512, tstun.DefaultMTU(), "")
+	linkEP := channel.New(512, uint32(tstun.DefaultTUNMTU()), "")
 	if tcpipProblem := ipstack.CreateNIC(nicID, linkEP); tcpipProblem != nil {
 		return nil, fmt.Errorf("could not create netstack NIC: %v", tcpipProblem)
 	}
@@ -1059,7 +1060,9 @@ func (ns *Impl) acceptUDP(r *udp.ForwarderRequest) {
 	go ns.forwardUDP(c, srcAddr, dstAddr)
 }

-// Buffer pool for forwarding UDP packets.
+// Buffer pool for forwarding UDP packets. Implementations are advised not to
+// exceed 512 bytes per DNS request due to fragmenting but in reality can and do
+// send much larger packets, so use the maximum possible UDP packet size.
 var udpBufPool = &sync.Pool{
 	New: func() any {
 		b := make([]byte, maxUDPPacketSize)
--- a/wgengine/router/ifconfig_windows.go
+++ b/wgengine/router/ifconfig_windows.go
@@ -241,7 +241,7 @@ func interfaceFromLUID(luid winipcfg.LUID, flags winipcfg.GAAFlags) (*winipcfg.I
 var networkCategoryWarning = health.NewWarnable(health.WithMapDebugFlag("warn-network-category-unhealthy"))

 func configureInterface(cfg *Config, tun *tun.NativeTun) (retErr error) {
-	var mtu = tstun.DefaultMTU()
+	var mtu = tstun.DefaultTUNMTU()
 	luid := winipcfg.LUID(tun.LUID())
 	iface, err := interfaceFromLUID(luid,
 		// Issue 474: on early boot, when the network is still