Skip to content

fix: stop selecting direct connections with too-small MTU #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jun 10, 2025
Merged

fix: stop selecting direct connections with too-small MTU #85

merged 8 commits into from
Jun 10, 2025

Conversation

spikecurtis
Copy link

related to: coder/coder#15523

This PR:

  1. pads disco Ping and Pong packets so they are the largest size we expect to get from the inner tunnel IP stack, which has a hardcoded MTU of 1280 (minimum to support IPv6).
  2. configures Windows, macOS, and Linux not to fragment UDP packets sent out over the magicsock.

The end result is that Disco Ping and Pong packets are not directly exchanged over paths with too-small MTU, and thus, those endpoints are not chosen for direct connections. (Alternate direct paths with bigger MTU may be chosen, or we may fall back to DERP.)

@spikecurtis spikecurtis requested a review from a team as a code owner June 9, 2025 07:38
deansheather
deansheather reviewed Jun 10, 2025
View reviewed changes
disco/disco_test.go
@@ -77,8 +77,8 @@ func TestMarshalAndParse(t *testing.T) {
}

gotHex := fmt.Sprintf("% x", got)
if gotHex != tt.want {
t.Fatalf("wrong marshal\n got: %s\nwant: %s\n", gotHex, tt.want)
if !strings.HasPrefix(gotHex, tt.want) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we expect the end of the ping payload to be a bunch of 00s we should probably test that, either by changing the want for each of the ping/pong cases to be the full value or by some other method

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't care that it's zeros per se, but I'll add a check that it's the padded length.

@spikecurtis spikecurtis requested a review from deansheather June 10, 2025 06:01
deansheather
deansheather approved these changes Jun 10, 2025
View reviewed changes
@spikecurtis Graphite App
Copy link
Author

spikecurtis commented Jun 10, 2025
edited
Loading

Merge activity

  • Jun 10, 10:51 AM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Jun 10, 10:51 AM UTC: @spikecurtis merged this pull request with Graphite.

@spikecurtis spikecurtis merged commit 83bb998 into main Jun 10, 2025
21 of 25 checks passed
@spikecurtis spikecurtis mentioned this pull request Jun 11, 2025
Merged
spikecurtis added a commit to coder/coder that referenced this pull request Jun 11, 2025
@spikecurtis
fix: use tailscale that avoids small MTU paths (#18323)
af4a668 
Fixes #15523

Uses latest https://github.com/coder/tailscale which includes coder/tailscale#85 to stop selecting paths with small MTU for direct connections.

Also updates the tailnet integration test to reproduce the issue. The previous version had the 2 peers connected by a single veth, but this allows the OS to fragment the packet. In the new version, the 2 peers (and server) are all connected by a central router. The link between peer 1 and the router has an adjustable MTU. IPv6 does not allow packets to be fragmented by intermediate routers, so sending a too-large packet in this scenario forces the router to drop packets and reproduce the issue (without the tailscale changes).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deansheather deansheather deansheather approved these changes

@ethanndickson ethanndickson ethanndickson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@spikecurtis @deansheather @ethanndickson