wgengine/router,ipn/ipnlocal: add MTU field to router config

The MacOS client can't set the MTU when creating the tun due to lack of permissions, so add it to the router config and have MacOS set it in the callback using a method that it does have permissions for. Updates #8219 Signed-off-by: Val <valerie@tailscale.com>
2025-02-16 18:08:40 +00:00 · 2023-07-18 23:51:32 +02:00 · 2023-07-18 23:51:32 +02:00 · 1138f4eb5f
commit 1138f4eb5f
parent 9b5e29761c
3 changed files with 31 additions and 5 deletions
--- a/wgengine/router/callback.go
+++ b/wgengine/router/callback.go
@ -24,9 +24,16 @@ type CallbackRouter struct {
 	// will return ErrGetBaseConfigNotSupported.
 	GetBaseConfigFunc func() (dns.OSConfig, error)
-	mu   sync.Mutex    // protects all the following
+	// InitialMTU is the MTU the tun should be initialized with.
-	rcfg *Config       // last applied router config
+	// Zero means don't change the MTU from the default. This MTU
-	dcfg *dns.OSConfig // last applied DNS config
+	// is applied only once, shortly after the TUN is created, and
 	// ignored thereafter.
 	InitialMTU uint32
 	mu        sync.Mutex    // protects all the following
 	didSetMTU bool          // if we set the MTU already
 	rcfg      *Config       // last applied router config
 	dcfg      *dns.OSConfig // last applied DNS config
 }
 // Up implements Router.
@ -41,6 +48,10 @@ func (r *CallbackRouter) Set(rcfg *Config) error {
 	if r.rcfg.Equal(rcfg) {
 		return nil
 	}
 	if r.didSetMTU == false {
 		r.didSetMTU = true
 		rcfg.NewMTU = int(r.InitialMTU)
 	}
 	r.rcfg = rcfg
 	return r.SetBoth(r.rcfg, r.dcfg)
 }
--- a/wgengine/router/router.go
+++ b/wgengine/router/router.go
@ -67,6 +67,11 @@ type Config struct {
 	// routing rules apply.
 	LocalRoutes []netip.Prefix
 	// NewMTU is currently only used by the MacOS network extension
 	// app to set the MTU of the tun in the router configuration
 	// callback. If zero, the MTU is unchanged.
 	NewMTU int
 	// Linux-only things below, ignored on other platforms.
 	SubnetRoutes     []netip.Prefix         // subnets being advertised to other Tailscale nodes
 	SNATSubnetRoutes bool                   // SNAT traffic to local subnets
--- a/wgengine/router/router_test.go
+++ b/wgengine/router/router_test.go
@ -21,8 +21,8 @@ func mustCIDRs(ss ...string) []netip.Prefix {
 func TestConfigEqual(t *testing.T) {
 	testedFields := []string{
-		"LocalAddrs", "Routes", "LocalRoutes", "SubnetRoutes",
+		"LocalAddrs", "Routes", "LocalRoutes", "NewMTU",
-		"SNATSubnetRoutes", "NetfilterMode",
+		"SubnetRoutes", "SNATSubnetRoutes", "NetfilterMode",
 	}
 	configType := reflect.TypeOf(Config{})
 	configFields := []string{}
@ -134,6 +134,16 @@ func TestConfigEqual(t *testing.T) {
 			&Config{NetfilterMode: preftype.NetfilterNoDivert},
 			true,
 		},
 		{
 			&Config{NewMTU: 0},
 			&Config{NewMTU: 0},
 			true,
 		},
 		{
 			&Config{NewMTU: 1280},
 			&Config{NewMTU: 0},
 			false,
 		},
 	}
 	for i, tt := range tests {
 		got := tt.a.Equal(tt.b)