Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Author here.

This started as a blank page on one device and ended two weeks later at the intersection of two bugs: webrtc-rs hardcodes INITIAL_MTU=1228 [never updated, no path probing, retransmits at the same size forever], and Tailscale's packet filter classifies any IPv6 packet with a Fragment header as unknown protocol, so the default deny fires. On every platform, counted under reason="acl". Neither is unreasonable alone. Together: silent wedge, every health check green, because everything that tests the path is small and only the payload fragments. Two-command repro on any tailnet: ping -s 100 works, ping -s 1400 over the Tailscale IPv6 address is 100% loss. Full WebRTC repro and captures: https://github.com/phact/mtu-webrtc-bug. We've reported upstream to both projects https://github.com/tailscale/tailscale/issues/20083 and https://github.com/webrtc-rs/webrtc/issues/806. Happy to answer questions. Especially interested if anyone knows the history behind the IPv6 fragment decision in Tailscale's filter.



Just tried ping -s 1400 over Yggdrasil (IPv6 overlay) and it works. Reinforces my overlay choice.

Getting screwed by browsers though because their WebRTC implementations completely ignore Yggdrasil addresses.


> Getting screwed by browsers though because their WebRTC implementations completely ignore Yggdrasil addresses.

How does that work, exactly? How does the browser differentiate between Yggdrasil addresses and others?


I believe that has to do with Yggdrasil intentionally using the address range that does not intersect with IETF (?) dedicated range for public IPv6 addresses, browsers see that and treat them as internal and never report them to ICE (candidate exchange).


just wait till you try to send a data packet in webrtc that's too large in the browser. https://stackoverflow.com/questions/35381237/webrtc-data-cha...

last I checked, all browsers silently fail if it's too big.


This should be fixed!

I added this in Pion here[0] and I remember testing against Chrome + FireFox and it seemed to work great!

[0] https://github.com/pion/webrtc/commit/e4ff415b2bff31382bdb80...


Good to know, thanks!

Though maybe I’ll keep my old limits for old browser compatibility.


Yes! that's the "other reconstruct" I mention on the post. maxMessageSize at least appears in SDP and getStats. We ended up patching both at our client to be safe [800 bytes and 16kb respectively].




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: