tun/netstack: enable TCP Selective Acknowledgements

Enable TCP SACK for the gVisor Stack used in tun/netstack. This can
improve throughput by an order of magnitude in the presence of packet
loss.

Reviewed-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/tun/netstack/tun.go b/tun/netstack/tun.go
index a0b212a74fc212dd08b64608a7023abad718d490..fa15f5361237bc1988e9b3b70a53025aa4fae22f 100644 (file)
--- a/tun/netstack/tun.go
+++ b/tun/netstack/tun.go
@@ -65,8 +65,13 @@ func CreateNetTUN(localAddresses, dnsServers []netip.Addr, mtu int) (tun.Device,
                dnsServers:     dnsServers,
                mtu:            mtu,
        }
+       sackEnabledOpt := tcpip.TCPSACKEnabled(true) // TCP SACK is disabled by default
+       tcpipErr := dev.stack.SetTransportProtocolOption(tcp.ProtocolNumber, &sackEnabledOpt)
+       if tcpipErr != nil {
+               return nil, nil, fmt.Errorf("could not enable TCP SACK: %v", tcpipErr)
+       }
        dev.ep.AddNotify(dev)
-       tcpipErr := dev.stack.CreateNIC(1, dev.ep)
+       tcpipErr = dev.stack.CreateNIC(1, dev.ep)
        if tcpipErr != nil {
                return nil, nil, fmt.Errorf("CreateNIC: %v", tcpipErr)
        }