Path MTU discovery fixes and improvements (#3109)

- Existing option `WIREGUARD_MTU` , if set, disables PMTUD and is used - New option `PMTUD_ICMP_ADDRESSES=1.1.1.1,8.8.8.8` and `PMTUD_TCP_ADDRESSES=1.1.1.1:443,8.8.8.8:443` - ICMP PMTUD now targets external-by-default IP addresses - New TCP PMTUD (binary search only) as a second MTU confirmation and fallback mechanism. - Force set TCP MSS to MTU - IP header - TCP base header - "magic 20 bytes" 🎆 - Fix #3108
2026-05-09 20:29:23 +02:00 · 2026-02-15 01:40:34 +01:00
parent 8f1fda7646
commit be92aa2ac4
59 changed files with 2050 additions and 376 deletions
@@ -0,0 +1,40 @@
+package pmtud
+
+import (
+	"net/netip"
+
+	"github.com/qdm12/gluetun/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants/vpn"
+	pconstants "github.com/qdm12/gluetun/internal/pmtud/constants"
+)
+
+// MaxTheoreticalVPNMTU returns the theoretical maximum MTU for a VPN tunnel
+// given the VPN type, network protocol, and VPN gateway IP address.
+// This is notably useful to skip testing MTU values higher than this value.
+// The function panics if the network or VPN type is unknown.
+func MaxTheoreticalVPNMTU(vpnType, network string, vpnGateway netip.Addr) uint32 {
+	const physicalLinkMTU = pconstants.MaxEthernetFrameSize
+	vpnLinkMTU := physicalLinkMTU
+	if vpnGateway.Is4() {
+		vpnLinkMTU -= pconstants.IPv4HeaderLength
+	} else {
+		vpnLinkMTU -= pconstants.IPv6HeaderLength
+	}
+	switch network {
+	case constants.TCP:
+		vpnLinkMTU -= pconstants.BaseTCPHeaderLength
+	case constants.UDP:
+		vpnLinkMTU -= pconstants.UDPHeaderLength
+	default:
+		panic("unknown network protocol: " + network)
+	}
+	switch vpnType {
+	case vpn.Wireguard:
+		vpnLinkMTU -= pconstants.WireguardHeaderLength
+	case vpn.OpenVPN:
+		vpnLinkMTU -= pconstants.OpenVPNHeaderMaxLength
+	default:
+		panic("unknown VPN type: " + vpnType)
+	}
+	return vpnLinkMTU
+}