From 3b6d542923cc1e53fa304a5b366c94789662e260 Mon Sep 17 00:00:00 2001 From: Jordan Whited Date: Thu, 29 Jan 2026 15:41:55 -0800 Subject: [PATCH] wgengine/magicsock: make debugNeverDirectUDP influence remote peer decisions By dropping inbound disco.Ping messages received over direct UDP paths. Fixes #18560 Signed-off-by: Jordan Whited --- wgengine/magicsock/debugknobs.go | 3 ++- wgengine/magicsock/magicsock.go | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/wgengine/magicsock/debugknobs.go b/wgengine/magicsock/debugknobs.go index 39cec25e6..580d954c0 100644 --- a/wgengine/magicsock/debugknobs.go +++ b/wgengine/magicsock/debugknobs.go @@ -62,7 +62,8 @@ var ( // //lint:ignore U1000 used on Linux/Darwin only debugPMTUD = envknob.RegisterBool("TS_DEBUG_PMTUD") - // debugNeverDirectUDP disables the use of direct UDP connections, forcing + // debugNeverDirectUDP disables the use of direct UDP connections by + // suppressing/dropping inbound/outbound [disco.Ping] messages, forcing // all peer communication over DERP or peer relay. debugNeverDirectUDP = envknob.RegisterBool("TS_DEBUG_NEVER_DIRECT_UDP") // Hey you! Adding a new debugknob? Make sure to stub it out in the diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go index 7c5442d0b..d6f411f4a 100644 --- a/wgengine/magicsock/magicsock.go +++ b/wgengine/magicsock/magicsock.go @@ -2555,6 +2555,10 @@ func (c *Conn) handlePingLocked(dm *disco.Ping, src epAddr, di *discoInfo, derpN // This is a naked [disco.Ping] without a VNI. + if debugNeverDirectUDP() && !isDerp { + return + } + // If we can figure out with certainty which node key this disco // message is for, eagerly update our [epAddr]<>node and disco<>node // mappings to make p2p path discovery faster in simple