From fb9d9ba86e42680cde20c890de8857cbfe40f2c3 Mon Sep 17 00:00:00 2001 From: Jordan Whited Date: Wed, 10 Sep 2025 16:48:40 -0700 Subject: [PATCH] wgengine/magicsock: add TS_DEBUG_NEVER_DIRECT_UDP debug knob (#17094) Updates tailscale/corp#30903 Signed-off-by: Jordan Whited --- wgengine/magicsock/debugknobs.go | 3 +++ wgengine/magicsock/debugknobs_stubs.go | 1 + wgengine/magicsock/endpoint.go | 3 +++ 3 files changed, 7 insertions(+) diff --git a/wgengine/magicsock/debugknobs.go b/wgengine/magicsock/debugknobs.go index f8fd9f040..b0a47ff87 100644 --- a/wgengine/magicsock/debugknobs.go +++ b/wgengine/magicsock/debugknobs.go @@ -62,6 +62,9 @@ var ( // //lint:ignore U1000 used on Linux/Darwin only debugPMTUD = envknob.RegisterBool("TS_DEBUG_PMTUD") + // debugNeverDirectUDP disables the use of direct UDP connections, forcing + // all peer communication over DERP or peer relay. + debugNeverDirectUDP = envknob.RegisterBool("TS_DEBUG_NEVER_DIRECT_UDP") // Hey you! Adding a new debugknob? Make sure to stub it out in the // debugknobs_stubs.go file too. ) diff --git a/wgengine/magicsock/debugknobs_stubs.go b/wgengine/magicsock/debugknobs_stubs.go index 336d7baa1..7dee1d6b0 100644 --- a/wgengine/magicsock/debugknobs_stubs.go +++ b/wgengine/magicsock/debugknobs_stubs.go @@ -31,3 +31,4 @@ func debugRingBufferMaxSizeBytes() int { return 0 } func inTest() bool { return false } func debugPeerMap() bool { return false } func pretendpoints() []netip.AddrPort { return []netip.AddrPort{} } +func debugNeverDirectUDP() bool { return false } diff --git a/wgengine/magicsock/endpoint.go b/wgengine/magicsock/endpoint.go index b8778b8d8..1f36aabd3 100644 --- a/wgengine/magicsock/endpoint.go +++ b/wgengine/magicsock/endpoint.go @@ -1286,6 +1286,9 @@ func (de *endpoint) startDiscoPingLocked(ep epAddr, now mono.Time, purpose disco if runtime.GOOS == "js" { return } + if debugNeverDirectUDP() && !ep.vni.IsSet() && ep.ap.Addr() != tailcfg.DerpMagicIPAddr { + return + } epDisco := de.disco.Load() if epDisco == nil { return