tun: disqualify tcp4 packets w/IP options from coalescing

IP options were not being compared prior to coalescing. They are not commonly used. Disqualification due to nonzero options is in line with the kernel. Reviewed-by: Denton Gentry <dgentry@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2025-10-05 16:47:02 +08:00 · 2023-03-24 15:09:47 -07:00
parent 6f895be10d
commit aad7fca9c5
2 changed files with 55 additions and 5 deletions
--- a/tun/tcp_offload_linux.go
+++ b/tun/tcp_offload_linux.go
@@ -397,9 +397,6 @@ func tcpGRO(bufs [][]byte, offset int, pktI int, table *tcpGROTable, isV6 bool)
 		if totalLen != len(pkt) {
 			return false
 		}
-		if iphLen < 20 || iphLen > 60 {
-			return false
-		}
 	}
 	if len(pkt) < iphLen {
 		return false
@@ -474,13 +471,16 @@ func tcpGRO(bufs [][]byte, offset int, pktI int, table *tcpGROTable, isV6 bool)
 	return false
 }

-func isTCP4(b []byte) bool {
+func isTCP4NoIPOptions(b []byte) bool {
 	if len(b) < 40 {
 		return false
 	}
 	if b[0]>>4 != 4 {
 		return false
 	}
+	if b[0]&0x0F != 5 {
+		return false
+	}
 	if b[9] != unix.IPPROTO_TCP {
 		return false
 	}
@@ -511,7 +511,7 @@ func handleGRO(bufs [][]byte, offset int, tcp4Table, tcp6Table *tcpGROTable, toW
 		}
 		var coalesced bool
 		switch {
-		case isTCP4(bufs[i][offset:]):
+		case isTCP4NoIPOptions(bufs[i][offset:]): // ipv4 packets w/IP options do not coalesce
 			coalesced = tcpGRO(bufs, offset, i, tcp4Table, false)
 		case isTCP6NoEH(bufs[i][offset:]): // ipv6 packets w/extension headers do not coalesce
 			coalesced = tcpGRO(bufs, offset, i, tcp6Table, true)