ipn/wg: test mtu compat for hops

intra/ipn/proxies.go

@@ -61,33 +61,34 @@ const (
 )
 
 var (
-	errProxyScheme      = errors.New("proxy: unsupported scheme")
-	errUnexpectedProxy  = errors.New("proxy: unexpected type")
-	errAddProxy         = errors.New("proxy: add failed")
-	errProxyNotFound    = errors.New("proxy: not found")
-	errGetProxyTimeout  = errors.New("proxy: get timeout")
-	errProxyAllDown     = errors.New("proxy: all down")
-	errNoProxyHealthy   = errors.New("proxy: no chosen healthy")
-	errMissingProxyOpt  = errors.New("proxy: opts nil")
-	errNoProxyConn      = errors.New("proxy: not a tcp/udp conn")
-	errNotUDPConn       = errors.New("proxy: not a udp conn")
-	errProxyStopped     = errors.New("proxy: stopped")
-	errProxyConfig      = errors.New("proxy: invalid config")
-	errNoProxyResponse  = errors.New("proxy: no response from upstream")
-	errNoSig            = errors.New("proxy: auth missing sig")
-	errNoMtu            = errors.New("proxy: missing mtu")
-	errNoOpts           = errors.New("proxy: no opts")
-	errMissingRev       = errors.New("proxy: missing reverse proxy")
-	errNoAuto464XLAT    = errors.New("auto: no 464xlat")
-	errNotPinned        = errors.New("auto: another proxy pinned")
-	errInvalidAddr      = errors.New("proxy: invaild ip:port")
-	errUnreachable      = errors.New("proxy: destination unreachable")
-	errNoRouteToHost    = errors.New("proxy: no route to host")
-	errMissingProxyID   = errors.New("proxy: missing proxy id")
-	errHopDefaultRoutes = errors.New("proxy: hop must route all ip4/ip6")
-	errNoHop            = errors.New("proxy: no hop")
-	errHopWireGuard     = errors.New("proxy: hop must be wireguard")
-	errHopGlobalProxy   = errors.New("proxy: hop must be global proxy")
+	errProxyScheme        = errors.New("proxy: unsupported scheme")
+	errUnexpectedProxy    = errors.New("proxy: unexpected type")
+	errAddProxy           = errors.New("proxy: add failed")
+	errProxyNotFound      = errors.New("proxy: not found")
+	errGetProxyTimeout    = errors.New("proxy: get timeout")
+	errProxyAllDown       = errors.New("proxy: all down")
+	errNoProxyHealthy     = errors.New("proxy: no chosen healthy")
+	errMissingProxyOpt    = errors.New("proxy: opts nil")
+	errNoProxyConn        = errors.New("proxy: not a tcp/udp conn")
+	errNotUDPConn         = errors.New("proxy: not a udp conn")
+	errProxyStopped       = errors.New("proxy: stopped")
+	errProxyConfig        = errors.New("proxy: invalid config")
+	errNoProxyResponse    = errors.New("proxy: no response from upstream")
+	errNoSig              = errors.New("proxy: auth missing sig")
+	errNoMtu              = errors.New("proxy: missing mtu")
+	errNoOpts             = errors.New("proxy: no opts")
+	errMissingRev         = errors.New("proxy: missing reverse proxy")
+	errNoAuto464XLAT      = errors.New("auto: no 464xlat")
+	errNotPinned          = errors.New("auto: another proxy pinned")
+	errInvalidAddr        = errors.New("proxy: invaild ip:port")
+	errUnreachable        = errors.New("proxy: destination unreachable")
+	errNoRouteToHost      = errors.New("proxy: no route to host")
+	errMissingProxyID     = errors.New("proxy: missing proxy id")
+	errHopDefaultRoutes   = errors.New("proxy: hop must route all ip4/ip6")
+	errNoHop              = errors.New("proxy: no hop")
+	errHopWireGuard       = errors.New("proxy: hop must be wireguard")
+	errHopMtuInsufficient = errors.New("proxy: hop mtu insufficient")
+	errHopGlobalProxy     = errors.New("proxy: hop must be global proxy")
 )
 
 const (

intra/ipn/wgproxy.go

@@ -986,6 +986,13 @@ func (h *wgproxy) Hop(p Proxy) error {
 	if !isWG(p.ID()) { // for now, only wg can hop another wg
 		return errHopWireGuard
 	}
+	// mtu needed to tunnel this wg
+	mtuNeeded := calcNetMtu(h.mtu)
+	// mtu affordable by this hop
+	if mtuAvail, err := p.Router().MTU(); err != nil || mtuNeeded > mtuAvail {
+		return core.OneErr(err, errHopMtuInsufficient)
+	}
+
 	// todo: check if all routes for p & h overlap
 	old = h.via.Tango(p)
 	return nil