wgengine/magicsock: add TS_DEBUG_NEVER_DIRECT_UDP debug knob (#17094)

Updates tailscale/corp#30903

Signed-off-by: Jordan Whited <[email protected]>

wgengine/magicsock/debugknobs.go

@@ -62,6 +62,9 @@ var (
 	//
 	//lint:ignore U1000 used on Linux/Darwin only
 	debugPMTUD = envknob.RegisterBool("TS_DEBUG_PMTUD")
+	// debugNeverDirectUDP disables the use of direct UDP connections, forcing
+	// all peer communication over DERP or peer relay.
+	debugNeverDirectUDP = envknob.RegisterBool("TS_DEBUG_NEVER_DIRECT_UDP")
 	// Hey you! Adding a new debugknob? Make sure to stub it out in the
 	// debugknobs_stubs.go file too.
 )

wgengine/magicsock/debugknobs_stubs.go

@@ -31,3 +31,4 @@ func debugRingBufferMaxSizeBytes() int { return 0 }
 func inTest() bool                     { return false }
 func debugPeerMap() bool               { return false }
 func pretendpoints() []netip.AddrPort  { return []netip.AddrPort{} }
+func debugNeverDirectUDP() bool        { return false }

wgengine/magicsock/endpoint.go

@@ -1286,6 +1286,9 @@ func (de *endpoint) startDiscoPingLocked(ep epAddr, now mono.Time, purpose disco
 	if runtime.GOOS == "js" {
 		return
 	}
+	if debugNeverDirectUDP() && !ep.vni.IsSet() && ep.ap.Addr() != tailcfg.DerpMagicIPAddr {
+		return
+	}
 	epDisco := de.disco.Load()
 	if epDisco == nil {
 		return