Update dependencies

vendor/tailscale.com/net/neterror/neterror.go

@@ -0,0 +1,82 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Package neterror classifies network errors.
+package neterror
+
+import (
+	"errors"
+	"fmt"
+	"runtime"
+	"syscall"
+)
+
+var errEPERM error = syscall.EPERM // box it into interface just once
+
+// TreatAsLostUDP reports whether err is an error from a UDP send
+// operation that should be treated as a UDP packet that just got
+// lost.
+//
+// Notably, on Linux this reports true for EPERM errors (from outbound
+// firewall blocks) which aren't really send errors; they're just
+// sends that are never going to make it because the local OS blocked
+// it.
+func TreatAsLostUDP(err error) bool {
+	if err == nil {
+		return false
+	}
+	switch runtime.GOOS {
+	case "linux":
+		// Linux, while not documented in the man page,
+		// returns EPERM when there's an OUTPUT rule with -j
+		// DROP or -j REJECT.  We use this very specific
+		// Linux+EPERM check rather than something super broad
+		// like net.Error.Temporary which could be anything.
+		//
+		// For now we only do this on Linux, as such outgoing
+		// firewall violations mapping to syscall errors
+		// hasn't yet been observed on other OSes.
+		return errors.Is(err, errEPERM)
+	}
+	return false
+}
+
+var packetWasTruncated func(error) bool // non-nil on Windows at least
+
+// PacketWasTruncated reports whether err indicates truncation but the RecvFrom
+// that generated err was otherwise successful. On Windows, Go's UDP RecvFrom
+// calls WSARecvFrom which returns the WSAEMSGSIZE error code when the received
+// datagram is larger than the provided buffer. When that happens, both a valid
+// size and an error are returned (as per the partial fix for golang/go#14074).
+// If the WSAEMSGSIZE error is returned, then we ignore the error to get
+// semantics similar to the POSIX operating systems. One caveat is that it
+// appears that the source address is not returned when WSAEMSGSIZE occurs, but
+// we do not currently look at the source address.
+func PacketWasTruncated(err error) bool {
+	if packetWasTruncated == nil {
+		return false
+	}
+	return packetWasTruncated(err)
+}
+
+var shouldDisableUDPGSO func(error) bool // non-nil on Linux
+
+func ShouldDisableUDPGSO(err error) bool {
+	if shouldDisableUDPGSO == nil {
+		return false
+	}
+	return shouldDisableUDPGSO(err)
+}
+
+type ErrUDPGSODisabled struct {
+	OnLaddr  string
+	RetryErr error
+}
+
+func (e ErrUDPGSODisabled) Error() string {
+	return fmt.Sprintf("disabled UDP GSO on %s, NIC(s) may not support checksum offload", e.OnLaddr)
+}
+
+func (e ErrUDPGSODisabled) Unwrap() error {
+	return e.RetryErr
+}

vendor/tailscale.com/net/neterror/neterror_linux.go

@@ -0,0 +1,26 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package neterror
+
+import (
+	"errors"
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+func init() {
+	shouldDisableUDPGSO = func(err error) bool {
+		var serr *os.SyscallError
+		if errors.As(err, &serr) {
+			// EIO is returned by udp_send_skb() if the device driver does not
+			// have tx checksumming enabled, which is a hard requirement of
+			// UDP_SEGMENT. See:
+			// https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man7/udp.7?id=806eabd74910447f21005160e90957bde4db0183#n228
+			// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/udp.c?h=v6.2&id=c9c3395d5e3dcc6daee66c6908354d47bf98cb0c#n942
+			return serr.Err == unix.EIO
+		}
+		return false
+	}
+}

vendor/tailscale.com/net/neterror/neterror_windows.go

@@ -0,0 +1,16 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package neterror
+
+import (
+	"errors"
+
+	"golang.org/x/sys/windows"
+)
+
+func init() {
+	packetWasTruncated = func(err error) bool {
+		return errors.Is(err, windows.WSAEMSGSIZE)
+	}
+}