tailcfg, ipn/ipnlocal: add debug flag to enable one-big-CGNAT/10 route

To experiment with avoiding Chrome ERR_NETWORK_CHANGED errors on route changes. Updates #3102 Change-Id: I339da14c684fdac45ac261566aa21bf2198672ff Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-12 13:48:01 +00:00 · 2022-04-14 14:40:17 -07:00
parent 52d32c94d8
commit df9ce972c7
2 changed files with 12 additions and 3 deletions
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -1957,6 +1957,7 @@ func (b *LocalBackend) authReconfig() {
 	nm := b.netMap
 	hasPAC := b.prevIfState.HasPAC()
 	disableSubnetsIfPAC := nm != nil && nm.Debug != nil && nm.Debug.DisableSubnetsIfPAC.EqualBool(true)
+	oneCGNATRoute := nm != nil && nm.Debug != nil && nm.Debug.OneCGNATRoute.EqualBool(true)
 	b.mu.Unlock()

 	if blocked {
@@ -2001,7 +2002,7 @@ func (b *LocalBackend) authReconfig() {
 		return
 	}

-	rcfg := b.routerConfig(cfg, prefs)
+	rcfg := b.routerConfig(cfg, prefs, oneCGNATRoute)
 	dcfg := dnsConfigForNetmap(nm, prefs, b.logf, version.OS())

 	err = b.e.Reconfig(cfg, rcfg, dcfg, nm.Debug)
@@ -2412,13 +2413,17 @@ func ipPrefixLess(ri, rj netaddr.IPPrefix) bool {
 }

 // routerConfig produces a router.Config from a wireguard config and IPN prefs.
-func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs) *router.Config {
+func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs, oneCGNATRoute bool) *router.Config {
+	singleRouteThreshold := 10_000
+	if oneCGNATRoute {
+		singleRouteThreshold = 1
+	}
 	rs := &router.Config{
 		LocalAddrs:       unmapIPPrefixes(cfg.Addresses),
 		SubnetRoutes:     unmapIPPrefixes(prefs.AdvertiseRoutes),
 		SNATSubnetRoutes: !prefs.NoSNAT,
 		NetfilterMode:    prefs.NetfilterMode,
-		Routes:           peerRoutes(cfg.Peers, 10_000),
+		Routes:           peerRoutes(cfg.Peers, singleRouteThreshold),
 	}

 	if distro.Get() == distro.Synology {