wgengine/magicsock,net/sockopts: export Windows ICMP suppression logic (#16917)

For eventual use by net/udprelay.Server.

Updates tailscale/corp#31506

Signed-off-by: Jordan Whited <jordan@tailscale.com>

wgengine/magicsock/magicsock.go

@@ -3537,7 +3537,6 @@ func (c *Conn) bindSocket(ruc *RebindingUDPConn, network string, curPortFate cur
 				}
 			}
 		}
-		trySetSocketBuffer(pconn, c.logf)
 		trySetUDPSocketOptions(pconn, c.logf)
 
 		// Success.
@@ -3858,11 +3857,7 @@ func (c *Conn) DebugForcePreferDERP(n int) {
 	c.netChecker.SetForcePreferredDERP(n)
 }
 
-// trySetSocketBuffer attempts to set SO_SNDBUFFORCE and SO_RECVBUFFORCE which
-// can overcome the limit of net.core.{r,w}mem_max, but require CAP_NET_ADMIN.
-// It falls back to the portable implementation if that fails, which may be
-// silently capped to net.core.{r,w}mem_max.
-func trySetSocketBuffer(pconn nettype.PacketConn, logf logger.Logf) {
+func trySetUDPSocketOptions(pconn nettype.PacketConn, logf logger.Logf) {
 	directions := []sockopts.BufferDirection{sockopts.ReadDirection, sockopts.WriteDirection}
 	for _, direction := range directions {
 		forceErr, portableErr := sockopts.SetBufferSize(pconn, direction, socketBufferSize)
@@ -3873,6 +3868,11 @@ func trySetSocketBuffer(pconn nettype.PacketConn, logf logger.Logf) {
 			logf("magicsock: failed to set UDP %v buffer size to %d: %v", direction, socketBufferSize, portableErr)
 		}
 	}
+
+	err := sockopts.SetICMPErrImmunity(pconn)
+	if err != nil {
+		logf("magicsock: %v", err)
+	}
 }
 
 // derpStr replaces DERP IPs in s with "derp-".

wgengine/magicsock/magicsock_notwindows.go

@@ -1,13 +0,0 @@
-// Copyright (c) Tailscale Inc & AUTHORS
-// SPDX-License-Identifier: BSD-3-Clause
-
-//go:build !windows
-
-package magicsock
-
-import (
-	"tailscale.com/types/logger"
-	"tailscale.com/types/nettype"
-)
-
-func trySetUDPSocketOptions(pconn nettype.PacketConn, logf logger.Logf) {}

wgengine/magicsock/magicsock_windows.go

@@ -1,58 +0,0 @@
-// Copyright (c) Tailscale Inc & AUTHORS
-// SPDX-License-Identifier: BSD-3-Clause
-
-//go:build windows
-
-package magicsock
-
-import (
-	"net"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-	"tailscale.com/types/logger"
-	"tailscale.com/types/nettype"
-)
-
-func trySetUDPSocketOptions(pconn nettype.PacketConn, logf logger.Logf) {
-	c, ok := pconn.(*net.UDPConn)
-	if !ok {
-		// not a UDP connection; nothing to do
-		return
-	}
-
-	sysConn, err := c.SyscallConn()
-	if err != nil {
-		logf("trySetUDPSocketOptions: getting SyscallConn failed: %v", err)
-		return
-	}
-
-	// Similar to https://github.com/golang/go/issues/5834 (which involved
-	// WSAECONNRESET), Windows can return a WSAENETRESET error, even on UDP
-	// reads. Disable this.
-	const SIO_UDP_NETRESET = windows.IOC_IN | windows.IOC_VENDOR | 15
-
-	var ioctlErr error
-	err = sysConn.Control(func(fd uintptr) {
-		ret := uint32(0)
-		flag := uint32(0)
-		size := uint32(unsafe.Sizeof(flag))
-		ioctlErr = windows.WSAIoctl(
-			windows.Handle(fd),
-			SIO_UDP_NETRESET,               // iocc
-			(*byte)(unsafe.Pointer(&flag)), // inbuf
-			size,                           // cbif
-			nil,                            // outbuf
-			0,                              // cbob
-			&ret,                           // cbbr
-			nil,                            // overlapped
-			0,                              // completionRoutine
-		)
-	})
-	if ioctlErr != nil {
-		logf("trySetUDPSocketOptions: could not set SIO_UDP_NETRESET: %v", ioctlErr)
-	}
-	if err != nil {
-		logf("trySetUDPSocketOptions: SyscallConn.Control failed: %v", err)
-	}
-}