diff --git a/intra/ipn/proxies.go b/intra/ipn/proxies.go index 7f6517c4..925758aa 100644 --- a/intra/ipn/proxies.go +++ b/intra/ipn/proxies.go @@ -61,33 +61,34 @@ const ( ) var ( - errProxyScheme = errors.New("proxy: unsupported scheme") - errUnexpectedProxy = errors.New("proxy: unexpected type") - errAddProxy = errors.New("proxy: add failed") - errProxyNotFound = errors.New("proxy: not found") - errGetProxyTimeout = errors.New("proxy: get timeout") - errProxyAllDown = errors.New("proxy: all down") - errNoProxyHealthy = errors.New("proxy: no chosen healthy") - errMissingProxyOpt = errors.New("proxy: opts nil") - errNoProxyConn = errors.New("proxy: not a tcp/udp conn") - errNotUDPConn = errors.New("proxy: not a udp conn") - errProxyStopped = errors.New("proxy: stopped") - errProxyConfig = errors.New("proxy: invalid config") - errNoProxyResponse = errors.New("proxy: no response from upstream") - errNoSig = errors.New("proxy: auth missing sig") - errNoMtu = errors.New("proxy: missing mtu") - errNoOpts = errors.New("proxy: no opts") - errMissingRev = errors.New("proxy: missing reverse proxy") - errNoAuto464XLAT = errors.New("auto: no 464xlat") - errNotPinned = errors.New("auto: another proxy pinned") - errInvalidAddr = errors.New("proxy: invaild ip:port") - errUnreachable = errors.New("proxy: destination unreachable") - errNoRouteToHost = errors.New("proxy: no route to host") - errMissingProxyID = errors.New("proxy: missing proxy id") - errHopDefaultRoutes = errors.New("proxy: hop must route all ip4/ip6") - errNoHop = errors.New("proxy: no hop") - errHopWireGuard = errors.New("proxy: hop must be wireguard") - errHopGlobalProxy = errors.New("proxy: hop must be global proxy") + errProxyScheme = errors.New("proxy: unsupported scheme") + errUnexpectedProxy = errors.New("proxy: unexpected type") + errAddProxy = errors.New("proxy: add failed") + errProxyNotFound = errors.New("proxy: not found") + errGetProxyTimeout = errors.New("proxy: get timeout") + errProxyAllDown = errors.New("proxy: all down") + errNoProxyHealthy = errors.New("proxy: no chosen healthy") + errMissingProxyOpt = errors.New("proxy: opts nil") + errNoProxyConn = errors.New("proxy: not a tcp/udp conn") + errNotUDPConn = errors.New("proxy: not a udp conn") + errProxyStopped = errors.New("proxy: stopped") + errProxyConfig = errors.New("proxy: invalid config") + errNoProxyResponse = errors.New("proxy: no response from upstream") + errNoSig = errors.New("proxy: auth missing sig") + errNoMtu = errors.New("proxy: missing mtu") + errNoOpts = errors.New("proxy: no opts") + errMissingRev = errors.New("proxy: missing reverse proxy") + errNoAuto464XLAT = errors.New("auto: no 464xlat") + errNotPinned = errors.New("auto: another proxy pinned") + errInvalidAddr = errors.New("proxy: invaild ip:port") + errUnreachable = errors.New("proxy: destination unreachable") + errNoRouteToHost = errors.New("proxy: no route to host") + errMissingProxyID = errors.New("proxy: missing proxy id") + errHopDefaultRoutes = errors.New("proxy: hop must route all ip4/ip6") + errNoHop = errors.New("proxy: no hop") + errHopWireGuard = errors.New("proxy: hop must be wireguard") + errHopMtuInsufficient = errors.New("proxy: hop mtu insufficient") + errHopGlobalProxy = errors.New("proxy: hop must be global proxy") ) const ( diff --git a/intra/ipn/wgproxy.go b/intra/ipn/wgproxy.go index 08d4ad6e..25014e64 100644 --- a/intra/ipn/wgproxy.go +++ b/intra/ipn/wgproxy.go @@ -986,6 +986,13 @@ func (h *wgproxy) Hop(p Proxy) error { if !isWG(p.ID()) { // for now, only wg can hop another wg return errHopWireGuard } + // mtu needed to tunnel this wg + mtuNeeded := calcNetMtu(h.mtu) + // mtu affordable by this hop + if mtuAvail, err := p.Router().MTU(); err != nil || mtuNeeded > mtuAvail { + return core.OneErr(err, errHopMtuInsufficient) + } + // todo: check if all routes for p & h overlap old = h.via.Tango(p) return nil