mirror of
https://github.com/qdm12/gluetun.git
synced 2026-05-06 20:10:11 +02:00
Quentin McGaw
be92aa2ac4
- Existing option `WIREGUARD_MTU` , if set, disables PMTUD and is used - New option `PMTUD_ICMP_ADDRESSES=1.1.1.1,8.8.8.8` and `PMTUD_TCP_ADDRESSES=1.1.1.1:443,8.8.8.8:443` - ICMP PMTUD now targets external-by-default IP addresses - New TCP PMTUD (binary search only) as a second MTU confirmation and fallback mechanism. - Force set TCP MSS to MTU - IP header - TCP base header - "magic 20 bytes" 🎆 - Fix #3108
200 lines
5.0 KiB
Go
200 lines
5.0 KiB
Go
package tcp
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"net/netip"
|
|
"syscall"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/qdm12/gluetun/internal/netlink"
|
|
"github.com/qdm12/gluetun/internal/routing"
|
|
"github.com/qdm12/log"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func Test_runTest(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
noopLogger := &noopLogger{}
|
|
netlinker := netlink.New(noopLogger)
|
|
loopbackMTU, err := findLoopbackMTU(netlinker)
|
|
require.NoError(t, err, "finding loopback IPv4 MTU")
|
|
defaultIPv4MTU, err := findDefaultIPv4RouteMTU(netlinker)
|
|
require.NoError(t, err, "finding default IPv4 route MTU")
|
|
|
|
ctx, cancel := context.WithCancel(t.Context())
|
|
|
|
const family = syscall.AF_INET
|
|
fd, stop, err := startRawSocket(family)
|
|
require.NoError(t, err)
|
|
|
|
const ipv4 = true
|
|
tracker := newTracker(fd, ipv4)
|
|
trackerCh := make(chan error)
|
|
go func() {
|
|
trackerCh <- tracker.listen(ctx)
|
|
}()
|
|
|
|
t.Cleanup(func() {
|
|
stop()
|
|
cancel() // stop listening
|
|
err = <-trackerCh
|
|
require.NoError(t, err)
|
|
})
|
|
|
|
testCases := map[string]struct {
|
|
timeout time.Duration
|
|
dst func(t *testing.T) netip.AddrPort
|
|
mtu uint32
|
|
success bool
|
|
}{
|
|
"local_not_listening": {
|
|
timeout: time.Hour,
|
|
dst: func(t *testing.T) netip.AddrPort {
|
|
t.Helper()
|
|
port := reserveClosedPort(t)
|
|
return netip.AddrPortFrom(netip.AddrFrom4([4]byte{127, 0, 0, 1}), port)
|
|
},
|
|
mtu: loopbackMTU,
|
|
success: true,
|
|
},
|
|
"remote_not_listening": {
|
|
timeout: 50 * time.Millisecond,
|
|
dst: func(_ *testing.T) netip.AddrPort {
|
|
return netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 12345)
|
|
},
|
|
mtu: defaultIPv4MTU,
|
|
},
|
|
"1.1.1.1:443": {
|
|
timeout: time.Second,
|
|
dst: func(_ *testing.T) netip.AddrPort {
|
|
return netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 443)
|
|
},
|
|
mtu: defaultIPv4MTU,
|
|
success: true,
|
|
},
|
|
"1.1.1.1:80": {
|
|
timeout: time.Second,
|
|
dst: func(_ *testing.T) netip.AddrPort {
|
|
return netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 80)
|
|
},
|
|
mtu: defaultIPv4MTU,
|
|
success: true,
|
|
},
|
|
"8.8.8.8:443": {
|
|
timeout: time.Second,
|
|
dst: func(_ *testing.T) netip.AddrPort {
|
|
return netip.AddrPortFrom(netip.AddrFrom4([4]byte{8, 8, 8, 8}), 443)
|
|
},
|
|
mtu: defaultIPv4MTU,
|
|
success: true,
|
|
},
|
|
}
|
|
|
|
for name, testCase := range testCases {
|
|
t.Run(name, func(t *testing.T) {
|
|
t.Parallel()
|
|
ctx, cancel := context.WithTimeout(t.Context(), testCase.timeout)
|
|
defer cancel()
|
|
dst := testCase.dst(t)
|
|
err := runTest(ctx, fd, tracker, dst, testCase.mtu)
|
|
if testCase.success {
|
|
require.NoError(t, err)
|
|
} else {
|
|
require.Error(t, err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
var errRouteNotFound = errors.New("route not found")
|
|
|
|
func findLoopbackMTU(netlinker *netlink.NetLink) (mtu uint32, err error) {
|
|
routes, err := netlinker.RouteList(netlink.FamilyV4)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("getting routes list: %w", err)
|
|
}
|
|
for _, route := range routes {
|
|
if route.Dst.IsValid() && route.Dst.Addr().IsLoopback() {
|
|
link, err := netlinker.LinkByIndex(route.LinkIndex)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("getting link by index: %w", err)
|
|
}
|
|
// Quirk: make sure it is maximum 65535, and not i.e. 65536
|
|
// or the IP header 16 bits will fail to fit that packet length value.
|
|
const maxMTU = 65535
|
|
return min(link.MTU, maxMTU), nil
|
|
}
|
|
}
|
|
return 0, fmt.Errorf("%w: no loopback route found", errRouteNotFound)
|
|
}
|
|
|
|
func findDefaultIPv4RouteMTU(netlinker *netlink.NetLink) (mtu uint32, err error) {
|
|
noopLogger := &noopLogger{}
|
|
routing := routing.New(netlinker, noopLogger)
|
|
defaultRoutes, err := routing.DefaultRoutes()
|
|
if err != nil {
|
|
return 0, fmt.Errorf("getting default routes: %w", err)
|
|
}
|
|
for _, route := range defaultRoutes {
|
|
if route.Family != netlink.FamilyV4 {
|
|
continue
|
|
}
|
|
link, err := netlinker.LinkByName(defaultRoutes[0].NetInterface)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("getting link by name: %w", err)
|
|
}
|
|
return link.MTU, nil
|
|
}
|
|
return 0, fmt.Errorf("%w: no default route found", errRouteNotFound)
|
|
}
|
|
|
|
func reserveClosedPort(t *testing.T) (port uint16) {
|
|
t.Helper()
|
|
|
|
fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_TCP)
|
|
require.NoError(t, err)
|
|
t.Cleanup(func() {
|
|
err := syscall.Close(fd)
|
|
assert.NoError(t, err)
|
|
})
|
|
|
|
addr := &syscall.SockaddrInet4{
|
|
Port: 0,
|
|
Addr: [4]byte{127, 0, 0, 1},
|
|
}
|
|
|
|
err = syscall.Bind(fd, addr)
|
|
if err != nil {
|
|
_ = syscall.Close(fd)
|
|
t.Fatal(err)
|
|
}
|
|
|
|
sockAddr, err := syscall.Getsockname(fd)
|
|
if err != nil {
|
|
_ = syscall.Close(fd)
|
|
t.Fatal(err)
|
|
}
|
|
|
|
sockAddr4, ok := sockAddr.(*syscall.SockaddrInet4)
|
|
if !ok {
|
|
_ = syscall.Close(fd)
|
|
t.Fatal("not an IPv4 address")
|
|
}
|
|
|
|
return uint16(sockAddr4.Port) //nolint:gosec
|
|
}
|
|
|
|
type noopLogger struct{}
|
|
|
|
func (l *noopLogger) Patch(_ ...log.Option) {}
|
|
func (l *noopLogger) Debug(_ string) {}
|
|
func (l *noopLogger) Debugf(_ string, _ ...any) {}
|
|
func (l *noopLogger) Info(_ string) {}
|
|
func (l *noopLogger) Warn(_ string) {}
|
|
func (l *noopLogger) Error(_ string) {}
|