wgengine/netstack/gro: permit building without GRO

This only saves ~32KB in the minimal linux/amd64 binary, but it's a step towards permitting not depending on gvisor for small builds. Updates #17283 Change-Id: Iae8da5e9465127de354dbcaf25e794a6832d891b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-10-27 11:41:14 +00:00 · 2025-09-25 13:19:11 -07:00
parent f2b8d37436
commit b3ae1cb0cc
9 changed files with 51 additions and 8 deletions
--- a/cmd/tailscaled/depaware-minbox.txt
+++ b/cmd/tailscaled/depaware-minbox.txt
@@ -84,7 +84,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
        gvisor.dev/gvisor/pkg/tcpip/ports                            from gvisor.dev/gvisor/pkg/tcpip/stack+
        gvisor.dev/gvisor/pkg/tcpip/seqnum                           from gvisor.dev/gvisor/pkg/tcpip/header+
     💣 gvisor.dev/gvisor/pkg/tcpip/stack                            from gvisor.dev/gvisor/pkg/tcpip/adapters/gonet+
-        gvisor.dev/gvisor/pkg/tcpip/stack/gro                        from tailscale.com/wgengine/netstack/gro
        gvisor.dev/gvisor/pkg/tcpip/transport                        from gvisor.dev/gvisor/pkg/tcpip/transport/icmp+
        gvisor.dev/gvisor/pkg/tcpip/transport/icmp                   from tailscale.com/wgengine/netstack
        gvisor.dev/gvisor/pkg/tcpip/transport/internal/network       from gvisor.dev/gvisor/pkg/tcpip/transport/icmp+
--- a/cmd/tailscaled/deps_test.go
+++ b/cmd/tailscaled/deps_test.go
@@ -198,3 +198,14 @@ func TestOmitPortlist(t *testing.T) {
 		},
 	}.Check(t)
 }
+
+func TestOmitGRO(t *testing.T) {
+	deptest.DepChecker{
+		GOOS:   "linux",
+		GOARCH: "amd64",
+		Tags:   "ts_omit_gro,ts_include_cli",
+		BadDeps: map[string]string{
+			"gvisor.dev/gvisor/pkg/tcpip/stack/gro": "unexpected dep with ts_omit_gro",
+		},
+	}.Check(t)
+}
--- a/feature/buildfeatures/feature_gro_disabled.go
+++ b/feature/buildfeatures/feature_gro_disabled.go
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build ts_omit_gro
+
+package buildfeatures
+
+// HasGRO is whether the binary was built with support for modular feature "Generic Receive Offload support (performance)".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_gro" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasGRO = false
--- a/feature/buildfeatures/feature_gro_enabled.go
+++ b/feature/buildfeatures/feature_gro_enabled.go
@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build !ts_omit_gro
+
+package buildfeatures
+
+// HasGRO is whether the binary was built with support for modular feature "Generic Receive Offload support (performance)".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_gro" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasGRO = true
--- a/feature/featuretags/featuretags.go
+++ b/feature/featuretags/featuretags.go
@@ -106,6 +106,7 @@ var Features = map[FeatureTag]FeatureMeta{
 	},
 	"desktop_sessions": {"DesktopSessions", "Desktop sessions support", nil},
 	"drive":            {"Drive", "Tailscale Drive (file server) support", nil},
+	"gro":              {"GRO", "Generic Receive Offload support (performance)", nil},
 	"kube":             {"Kube", "Kubernetes integration", nil},
 	"linuxdnsfight":    {"LinuxDNSFight", "Linux support for detecting DNS fights (inotify watching of /etc/resolv.conf)", nil},
 	"oauthkey":         {"OAuthKey", "OAuth secret-to-authkey resolution support", nil},
--- a/wgengine/netstack/gro/gro_default.go
+++ b/wgengine/netstack/gro/gro_default.go
@@ -1,7 +1,7 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause

-//go:build !ios
+//go:build !ios && !ts_omit_gro

 package gro

--- a/wgengine/netstack/gro/gro_disabled.go
+++ b/wgengine/netstack/gro/gro_disabled.go
@@ -1,22 +1,27 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause

-//go:build ios
+//go:build ios || ts_omit_gro

 package gro

 import (
-	"gvisor.dev/gvisor/pkg/tcpip/stack"
+	"runtime"
+
 	"tailscale.com/net/packet"
 )

 type GRO struct{}

 func NewGRO() *GRO {
-	panic("unsupported on iOS")
+	if runtime.GOOS == "ios" {
+		panic("unsupported on iOS")
+	}
+	panic("GRO disabled in build")
+
 }

-func (g *GRO) SetDispatcher(_ stack.NetworkDispatcher) {}
+func (g *GRO) SetDispatcher(any) {}

 func (g *GRO) Enqueue(_ *packet.Parsed) {}

--- a/wgengine/netstack/link_endpoint.go
+++ b/wgengine/netstack/link_endpoint.go
@@ -10,6 +10,7 @@ import (
 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/header"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
+	"tailscale.com/feature/buildfeatures"
 	"tailscale.com/net/packet"
 	"tailscale.com/types/ipproto"
 	"tailscale.com/wgengine/netstack/gro"
@@ -133,7 +134,7 @@ func newLinkEndpoint(size int, mtu uint32, linkAddr tcpip.LinkAddress, supported
 // If gro allocates a *gro.GRO it will have l's stack.NetworkDispatcher set via
 // SetDispatcher().
 func (l *linkEndpoint) gro(p *packet.Parsed, g *gro.GRO) *gro.GRO {
-	if l.supportedGRO == groNotSupported || p.IPProto != ipproto.TCP {
+	if !buildfeatures.HasGRO || l.supportedGRO == groNotSupported || p.IPProto != ipproto.TCP {
 		// IPv6 may have extension headers preceding a TCP header, but we trade
 		// for a fast path and assume p cannot be coalesced in such a case.
 		l.injectInbound(p)
--- a/wgengine/netstack/netstack.go
+++ b/wgengine/netstack/netstack.go
@@ -344,7 +344,7 @@ func Create(logf logger.Logf, tundev *tstun.Wrapper, e wgengine.Engine, mc *magi
 	}
 	supportedGSOKind := stack.GSONotSupported
 	supportedGROKind := groNotSupported
-	if runtime.GOOS == "linux" {
+	if runtime.GOOS == "linux" && buildfeatures.HasGRO {
 		// TODO(jwhited): add Windows support https://github.com/tailscale/corp/issues/21874
 		supportedGROKind = tcpGROSupported
 		supportedGSOKind = stack.HostGSOSupported