envknob,net/tstun,wgengine: use TS_DEBUG_MTU consistently

Noted on #5915 TS_DEBUG_MTU was not used consistently everywhere. Extract the default into a function that can apply this centrally and use it everywhere. Added envknob.Lookup{Int,Uint}Sized to make it easier to keep CodeQL happy when using converted values. Updates #5915 Signed-off-by: James Tucker <james@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2023-03-30 10:37:06 -07:00
parent 8ed4fd1dbc
commit 40fa2a420c
7 changed files with 105 additions and 25 deletions
--- a/net/tstun/constants.go
+++ b/net/tstun/constants.go
@@ -1,15 +0,0 @@
-// Copyright (c) Tailscale Inc & AUTHORS
-// SPDX-License-Identifier: BSD-3-Clause
-
-package tstun
-
-// DefaultMTU is the Tailscale default MTU for now.
-//
-// wireguard-go defaults to 1420 bytes, which only works if the
-// "outer" MTU is 1500 bytes. This breaks on DSL connections
-// (typically 1492 MTU) and on GCE (1460 MTU?!).
-//
-// 1280 is the smallest MTU allowed for IPv6, which is a sensible
-// "probably works everywhere" setting until we develop proper PMTU
-// discovery.
-const DefaultMTU = 1280
--- a/net/tstun/mtu.go
+++ b/net/tstun/mtu.go
@@ -0,0 +1,33 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+package tstun
+
+import "tailscale.com/envknob"
+
+const (
+	maxMTU     uint32 = 65536
+	defaultMTU uint32 = 1280
+)
+
+// DefaultMTU returns either the constant default MTU of 1280, or the value set
+// in TS_DEBUG_MTU clamped to a maximum of 65536.
+func DefaultMTU() uint32 {
+	// DefaultMTU is the Tailscale default MTU for now.
+	//
+	// wireguard-go defaults to 1420 bytes, which only works if the
+	// "outer" MTU is 1500 bytes. This breaks on DSL connections
+	// (typically 1492 MTU) and on GCE (1460 MTU?!).
+	//
+	// 1280 is the smallest MTU allowed for IPv6, which is a sensible
+	// "probably works everywhere" setting until we develop proper PMTU
+	// discovery.
+	tunMTU := defaultMTU
+	if mtu, ok := envknob.LookupUintSized("TS_DEBUG_MTU", 10, 32); ok {
+		mtu := uint32(mtu)
+		if mtu > maxMTU {
+			mtu = maxMTU
+		}
+		tunMTU = mtu
+	}
+	return tunMTU
+}
--- a/net/tstun/mtu_test.go
+++ b/net/tstun/mtu_test.go
@@ -0,0 +1,28 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+package tstun
+
+import (
+	"os"
+	"testing"
+)
+
+func TestDefaultMTU(t *testing.T) {
+	orig := os.Getenv("TS_DEBUG_MTU")
+	defer os.Setenv("TS_DEBUG_MTU", orig)
+
+	os.Setenv("TS_DEBUG_MTU", "")
+	if DefaultMTU() != 1280 {
+		t.Errorf("DefaultMTU() = %d, want 1280", DefaultMTU())
+	}
+
+	os.Setenv("TS_DEBUG_MTU", "9000")
+	if DefaultMTU() != 9000 {
+		t.Errorf("DefaultMTU() = %d, want 9000", DefaultMTU())
+	}
+
+	os.Setenv("TS_DEBUG_MTU", "123456789")
+	if DefaultMTU() != maxMTU {
+		t.Errorf("DefaultMTU() = %d, want %d", DefaultMTU(), maxMTU)
+	}
+}
--- a/net/tstun/tun.go
+++ b/net/tstun/tun.go
@@ -14,7 +14,6 @@ import (
 	"time"

 	"github.com/tailscale/wireguard-go/tun"
-	"tailscale.com/envknob"
 	"tailscale.com/types/logger"
 )

@@ -45,11 +44,7 @@ func New(logf logger.Logf, tunName string) (tun.Device, string, error) {
 		}
 		dev, err = createTAP(tapName, bridgeName)
 	} else {
-		tunMTU := DefaultMTU
-		if mtu, ok := envknob.LookupInt("TS_DEBUG_MTU"); ok {
-			tunMTU = mtu
-		}
-		dev, err = tun.CreateTUN(tunName, tunMTU)
+		dev, err = tun.CreateTUN(tunName, int(DefaultMTU()))
 	}
 	if err != nil {
 		return nil, "", err