vanja/gluetun
1
0
Fork 0
mirror of https://github.com/qdm12/gluetun.git synced 2026-05-06 20:10:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

hotfix(pmtud/tcp): block kernel from racing to send RST packets

Browse Source 
- this makes PMTUD TCP reliable
- this only works on kernels with the mark module
- on kernels without the mark module, the icmp pmtud mtu found is used
This commit is contained in:
Quentin McGaw
2026-02-17 19:33:51 +00:00
parent 5f903d1fbf
commit 04d7cef294
15 changed files with 226 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/vpn/interfaces.go
+2
View File
@@ -8,6 +8,7 @@ import (
"github.com/qdm12/gluetun/internal/configuration/settings"
"github.com/qdm12/gluetun/internal/models"
"github.com/qdm12/gluetun/internal/netlink"
"github.com/qdm12/gluetun/internal/pmtud/tcp"
portforward "github.com/qdm12/gluetun/internal/portforward"
"github.com/qdm12/gluetun/internal/provider"
"github.com/qdm12/gluetun/internal/provider/utils"
@@ -17,6 +18,7 @@ type Firewall interface {
SetVPNConnection(ctx context.Context, connection models.Connection, interfaceName string) error
SetAllowedPort(ctx context.Context, port uint16, interfaceName string) error
RemoveAllowedPort(ctx context.Context, port uint16) error
tcp.Firewall
}
type Routing interface {
internal/vpn/tunnelup.go
+4 -3
View File
@@ -10,6 +10,7 @@ import (
"github.com/qdm12/gluetun/internal/constants"
"github.com/qdm12/gluetun/internal/pmtud"
pconstants "github.com/qdm12/gluetun/internal/pmtud/constants"
"github.com/qdm12/gluetun/internal/pmtud/tcp"
"github.com/qdm12/gluetun/internal/version"
"github.com/qdm12/log"
)
@@ -58,7 +59,7 @@ func (l *Loop) onTunnelUp(ctx, loopCtx context.Context, data tunnelUpData) {
mtuLogger := l.logger.New(log.SetComponent("MTU discovery"))
err := updateToMaxMTU(ctx, data.vpnIntf, data.pmtud.vpnType,
data.pmtud.network, data.pmtud.icmpAddrs, data.pmtud.tcpAddrs,
l.netLinker, l.routing, mtuLogger)
l.netLinker, l.routing, l.fw, mtuLogger)
if err != nil {
mtuLogger.Error(err.Error())
}
@@ -156,7 +157,7 @@ func (l *Loop) restartVPN(ctx context.Context, healthErr error) {
func updateToMaxMTU(ctx context.Context, vpnInterface string,
vpnType, network string, icmpAddrs []netip.Addr, tcpAddrs []netip.AddrPort,
netlinker NetLinker, routing Routing, logger *log.Logger,
netlinker NetLinker, routing Routing, firewall tcp.Firewall, logger *log.Logger,
) error {
logger.Info("finding maximum MTU, this can take up to 6 seconds")
@@ -185,7 +186,7 @@ func updateToMaxMTU(ctx context.Context, vpnInterface string,
const pingTimeout = time.Second
vpnLinkMTU, err = pmtud.PathMTUDiscover(ctx, icmpAddrs, tcpAddrs,
vpnLinkMTU, pingTimeout, logger)
vpnLinkMTU, pingTimeout, firewall, logger)
if err != nil {
vpnLinkMTU = originalMTU
logger.Infof("reverting VPN interface %s MTU to %d (due to: %s)",