Path MTU discovery fixes and improvements (#3109)

- Existing option `WIREGUARD_MTU` , if set, disables PMTUD and is used - New option `PMTUD_ICMP_ADDRESSES=1.1.1.1,8.8.8.8` and `PMTUD_TCP_ADDRESSES=1.1.1.1:443,8.8.8.8:443` - ICMP PMTUD now targets external-by-default IP addresses - New TCP PMTUD (binary search only) as a second MTU confirmation and fallback mechanism. - Force set TCP MSS to MTU - IP header - TCP base header - "magic 20 bytes" 🎆 - Fix #3108
2026-05-09 20:29:23 +02:00 · 2026-02-15 01:40:34 +01:00
parent 8f1fda7646
commit be92aa2ac4
59 changed files with 2050 additions and 376 deletions
@@ -0,0 +1,36 @@
+package test
+
+import "math"
+
+// MakeMTUsToTest determines a slice of MTU values to test
+// between minMTU and maxMTU inclusive. It creates an MTU
+// slice of length up to 11 MTUs such that:
+// - the first element is the minMTU
+// - the last element is the maxMTU
+// - elements in-between are separated as close to each other
+// The number 11 is chosen to find the final MTU in 3 searches,
+// with a total search space of 1728 MTUs which is enough;
+// to find it in 2 searches requires 37 parallel queries which
+// could be blocked by firewalls.
+func MakeMTUsToTest(minMTU, maxMTU uint32) (mtus []uint32) {
+	const mtusLength = 11 // find the final MTU in 3 searches
+	diff := maxMTU - minMTU
+	switch {
+	case minMTU > maxMTU:
+		panic("minMTU > maxMTU")
+	case diff <= mtusLength:
+		mtus = make([]uint32, 0, diff)
+		for mtu := minMTU; mtu <= maxMTU; mtu++ {
+			mtus = append(mtus, mtu)
+		}
+	default:
+		step := float64(diff) / float64(mtusLength-1)
+		mtus = make([]uint32, 0, mtusLength)
+		for mtu := float64(minMTU); len(mtus) < mtusLength-1; mtu += step {
+			mtus = append(mtus, uint32(math.Round(mtu)))
+		}
+		mtus = append(mtus, maxMTU) // last element is the maxMTU
+	}
+
+	return mtus
+}
@@ -0,0 +1,55 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_MakeMTUsToTest(t *testing.T) {
+	t.Parallel()
+
+	testCases := map[string]struct {
+		minMTU uint32
+		maxMTU uint32
+		mtus   []uint32
+	}{
+		"0_0": {
+			mtus: []uint32{0},
+		},
+		"0_1": {
+			maxMTU: 1,
+			mtus:   []uint32{0, 1},
+		},
+		"0_8": {
+			maxMTU: 8,
+			mtus:   []uint32{0, 1, 2, 3, 4, 5, 6, 7, 8},
+		},
+		"0_12": {
+			maxMTU: 12,
+			mtus:   []uint32{0, 1, 2, 4, 5, 6, 7, 8, 10, 11, 12},
+		},
+		"0_80": {
+			maxMTU: 80,
+			mtus:   []uint32{0, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80},
+		},
+		"0_100": {
+			maxMTU: 100,
+			mtus:   []uint32{0, 10, 20, 30, 40, 50, 60, 70, 80, 90, 100},
+		},
+		"1280_1500": {
+			minMTU: 1280,
+			maxMTU: 1500,
+			mtus:   []uint32{1280, 1302, 1324, 1346, 1368, 1390, 1412, 1434, 1456, 1478, 1500},
+		},
+	}
+
+	for name, testCase := range testCases {
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			mtus := MakeMTUsToTest(testCase.minMTU, testCase.maxMTU)
+			assert.Equal(t, testCase.mtus, mtus)
+		})
+	}
+}