David Bond 5f390d4845 cmd/containerboot: clamp MSS to PMTU for proxy group pods (#19686) (#19900) ... Single-pod ingress/egress proxies already called ClampMSSToPMTU when setting up forwarding rules, but the proxy group (HA) code paths in egressservices.go and ingressservices.go did not. This caused TCP connections through proxy group pods to suffer from MSS/MTU mismatch issues in environments where path MTU discovery is not working. Add ClampMSSToPMTU calls in the egress sync loop (alongside the existing EnsureSNATForDst call) and in addDNATRuleForSvc (alongside the existing EnsureDNATRuleForSvc call), mirroring what the single-pod forwarding rules already do. Also add MSS clamping assertions to TestSyncIngressConfigs and track ClampMSSToPMTU calls in FakeNetfilterRunner. Fixes issue #19812 https://github.com/tailscale/tailscale/issues/19812. Tracking internal ticket TSS-86326. (cherry picked from commit 4b8115bb2c) Signed-off-by: Jay Tung <ltung@crusoeenergy.com> Co-authored-by: dragondscv <dragondscv@gmail.com> Co-authored-by: Jay Tung <ltung@crusoeenergy.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-05-28 13:22:46 +01:00
..
addlicense	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
build-webclient	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
checkmetrics	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
cigocacher	cmd/cigocacher: make --stats flag best-effort (#18761)	2026-02-19 16:06:12 +00:00
cloner	cmd/cloner: preserve nil-valued entries when cloning map (#19749)	2026-05-14 10:37:18 -04:00
connector-gen	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
containerboot	cmd/containerboot: clamp MSS to PMTU for proxy group pods (#19686) (#19900)	2026-05-28 13:22:46 +01:00
derper	cmd/derper,derp: add metrics for rate limit hits (#19560)	2026-04-29 10:29:09 -07:00
derpprobe	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
dist	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
distsign	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
featuretags	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
get-authkey	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
gitops-pusher	tsnet: make workload identity federation opt-in	2026-05-07 08:24:14 -07:00
hello	cmd/hello: split server into helloserver package	2026-04-30 08:40:55 -07:00
jsonimports	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
k8s-nameserver	cmd/vet: add subtestnames analyzer; fix all existing violations	2026-04-05 15:52:51 -07:00
k8s-operator	cmd/k8s-operator: fix token exchange for identity federation (#19845) (#19897)	2026-05-28 10:37:12 +01:00
k8s-proxy	cmd/containerboot,cmd/k8s-proxy,kube: add authkey renewal to k8s-proxy (#19221)	2026-04-15 16:13:46 +01:00
mkmanifest	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
mkpkg	all: use Go 1.26 things, run most gofix modernizers	2026-03-06 13:32:03 -08:00
mkversion	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
nardump	tool/updateflakes, cmd/nardump: replace update-flake.sh with Go tool	2026-04-28 10:18:32 -07:00
natc	all: use bart.Lite instead of bart.Table where appropriate	2026-03-24 14:45:23 +00:00
netlogfmt	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
nginx-auth	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
omitsize	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
pgproxy	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
printdep	cmd/printdep: add --next flag to use rc Go build hash instead	2026-01-27 14:49:56 -08:00
proxy-test-server	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
proxy-to-grafana	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
sniproxy	all: migrate code off Notify.NetMap to Notify.SelfChange	2026-05-01 06:51:40 -07:00
speedtest	all: use Go 1.26 things, run most gofix modernizers	2026-03-06 13:32:03 -08:00
ssh-auth-none-demo	ssh: replace tempfork with tailscale/gliderssh	2026-04-07 11:59:38 +01:00
stunc	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
stund	derp,types,util: use bufio Peek+Discard for allocation-free fast reads (#19067)	2026-03-24 10:52:20 -04:00
stunstamp	all: use Go 1.26 things, run most gofix modernizers	2026-03-06 13:32:03 -08:00
sync-containers	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
systray	client/systray: support several different color themes	2026-04-27 18:54:14 -07:00
tailscale	cmd/tailscale/cli: unhide --report posture flag in up	2026-05-05 10:12:36 +01:00
tailscaled	wgengine/netstack, net/ping: stop using pro-bing and use our net/ping instead	2026-05-04 14:05:24 -07:00
testcontrol	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
testwrapper	cmd/testwrapper: make test tolerant of a GOEXPERIMENT being set	2026-03-06 14:05:35 -08:00
tl-longchain	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
tsconnect	all: migrate code off Notify.NetMap to Notify.SelfChange	2026-05-01 06:51:40 -07:00
tsidp	tsnet: make workload identity federation opt-in	2026-05-07 08:24:14 -07:00
tsnet-proxy	cmd/tsnet-proxy: add tsnet-based port proxy tool (#19468)	2026-04-22 13:34:18 -04:00
tsp	control/tsp, cmd/tsp: add low-level Tailscale protocol client and tool	2026-04-16 20:00:25 -07:00
tsshd	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
tta	tstest/natlab/vmtest: add TestDiscoKeyChange	2026-04-29 12:58:00 -07:00
vet	cmd/vet/lowerell, drive/driveimpl: forbid variables named "l" or "I"	2026-05-04 14:03:28 -07:00
viewer	cmd/cloner: preserve nil-valued entries when cloning map (#19749)	2026-05-14 10:37:18 -04:00
vnet	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00
xdpderper	all: remove AUTHORS file and references to it	2026-01-23 15:49:45 -08:00