mirror of
https://github.com/tailscale/tailscale.git
synced 2026-06-06 21:01:11 +08:00
5f390d4845
Single-pod ingress/egress proxies already called ClampMSSToPMTU when
setting up forwarding rules, but the proxy group (HA) code paths in
egressservices.go and ingressservices.go did not. This caused TCP
connections through proxy group pods to suffer from MSS/MTU mismatch
issues in environments where path MTU discovery is not working.
Add ClampMSSToPMTU calls in the egress sync loop (alongside the existing
EnsureSNATForDst call) and in addDNATRuleForSvc (alongside the existing
EnsureDNATRuleForSvc call), mirroring what the single-pod forwarding
rules already do.
Also add MSS clamping assertions to TestSyncIngressConfigs and track
ClampMSSToPMTU calls in FakeNetfilterRunner.
Fixes issue #19812 https://github.com/tailscale/tailscale/issues/19812.
Tracking internal ticket TSS-86326.
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| egressservices_test.go | ||
| egressservices.go | ||
| forwarding.go | ||
| ingressservices_test.go | ||
| ingressservices.go | ||
| kube_test.go | ||
| kube.go | ||
| main_test.go | ||
| main.go | ||
| serve_test.go | ||
| serve.go | ||
| settings_test.go | ||
| settings.go | ||
| tailscaled.go | ||
| test_tailscale.sh | ||
| test_tailscaled.sh | ||