From 8e42510a717d98fbbcc64715d445d0feaace59d7 Mon Sep 17 00:00:00 2001
From: Jordan Whited <jordan@tailscale.com>
Date: Wed, 21 Aug 2024 13:59:29 -0700
Subject: [PATCH] wgengine/netstack: disable gVisor GSO on Linux (#13215)

net/tstun.Wrapper.InjectInboundPacketBuffer is not GSO-aware, which can
break quad-100 TCP streams as a result. Linux is the only platform where
gVisor GSO was previously enabled.

Updates tailscale/corp#22511
Updates #13211

Signed-off-by: Jordan Whited <jordan@tailscale.com>
---
 wgengine/netstack/netstack.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wgengine/netstack/netstack.go b/wgengine/netstack/netstack.go
index 9a1cd08ce..ed98f4bc1 100644
--- a/wgengine/netstack/netstack.go
+++ b/wgengine/netstack/netstack.go
@@ -325,11 +325,11 @@ func Create(logf logger.Logf, tundev *tstun.Wrapper, e wgengine.Engine, mc *magi
 	if err != nil {
 		return nil, err
 	}
-	var supportedGSOKind stack.SupportedGSO
-	var supportedGROKind supportedGRO
+	supportedGSOKind := stack.GSONotSupported
+	supportedGROKind := groNotSupported
 	if runtime.GOOS == "linux" {
 		// TODO(jwhited): add Windows support https://github.com/tailscale/corp/issues/21874
-		supportedGSOKind = stack.HostGSOSupported
+		// TODO(jwhited): re-enable GSO https://github.com/tailscale/corp/issues/22511
 		supportedGROKind = tcpGROSupported
 	}
 	linkEP := newLinkEndpoint(512, uint32(tstun.DefaultTUNMTU()), "", supportedGROKind)