Merge pull request #697 from mrbuk/master

Fix description of 'adjust-mss' option
author: Robert Göhler <github@ghlr.de> 2022-01-17 12:47:31 +0100
committer: GitHub <noreply@github.com> 2022-01-17 12:47:31 +0100
commit: 09f087740844b447085be46a37728c896e6c1544 (patch)
tree: ca6d3a19ae67b2b0e20425f472c21e546a3d5cfe
parent: 7ee5c8a55b56706a42a48ec00681c7992f7f1491 (diff)
parent: 83f983ceef5ff683ac25855d6dfae96a6af1d05d (diff)
download: vyos-documentation-09f087740844b447085be46a37728c896e6c1544.tar.gz
vyos-documentation-09f087740844b447085be46a37728c896e6c1544.zip
8 files changed, 80 insertions, 39 deletions
diff --git a/docs/_include/interface-adjust-mss.txt b/docs/_include/interface-adjust-mss.txt
deleted file mode 100644
index 195682e7..00000000
--- a/docs/_include/interface-adjust-mss.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
-  {{ var5 }} {{ var6 }} adjust-mss <mss>
-
-  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
-  TCP MSS value to a specific value. This is a field in the TCP options part of
-  a SYN packet. By setting the MSS value, you are telling the remote side
-  unequivocally 'do not try to send me packets bigger than this value'.
-
-  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
-    ``set firewall options interface <name> adjust-mss <value>``
-
-  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in
-    1452 bytes on a 1492 byte MTU.
diff --git a/docs/_include/interface-common.txt b/docs/_include/interface-common.txt
index 4c6ebbe8..5a997482 100644
--- a/docs/_include/interface-common.txt
+++ b/docs/_include/interface-common.txt
@@ -22,10 +22,6 @@
   :var0: {{ var0 }}
   :var1: {{ var1 }}
 
-.. cmdinclude:: /_include/interface-adjust-mss.txt
-  :var0: {{ var0 }}
-  :var1: {{ var1 }}
-
 .. cmdinclude:: /_include/interface-ip.txt
   :var0: {{ var0 }}
   :var1: {{ var1 }}
diff --git a/docs/_include/interface-ip.txt b/docs/_include/interface-ip.txt
index abbed529..75441040 100644
--- a/docs/_include/interface-ip.txt
+++ b/docs/_include/interface-ip.txt
@@ -1,4 +1,21 @@
 .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+  {{ var5 }} {{ var6 }} ip adjust-mss <mss | clamp-mss-to-pmtu>
+
+  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
+  TCP MSS value to a specific value. This is a field in the TCP options part of
+  a SYN packet. By setting the MSS value, you are telling the remote side
+  unequivocally 'do not try to send me packets bigger than this value'.
+
+  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
+    ``set firewall options interface <name> adjust-mss <value>``
+
+  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in
+    1452 bytes on a 1492 byte MTU.
+
+  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to 
+  automatically set the proper value.
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
   {{ var5 }} {{ var6 }} ip arp-cache-timeout
 
   Once a neighbor has been found, the entry is considered to be valid for at
diff --git a/docs/_include/interface-ipv6.txt b/docs/_include/interface-ipv6.txt
index d1ed8837..eb60b4e8 100644
--- a/docs/_include/interface-ipv6.txt
+++ b/docs/_include/interface-ipv6.txt
@@ -55,7 +55,7 @@
     set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 disable-forwarding
 
 .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
-  {{ var5 }} {{ var6 }} ipv6 adjust-mss <mss>
+  {{ var5 }} {{ var6 }} ipv6 adjust-mss <mss | clamp-mss-to-pmtu>
 
   As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
   TCP MSS value to a specific value. This is a field in the TCP options part of
@@ -67,3 +67,6 @@
 
   .. hint:: MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in
     1432 bytes on a 1492 byte MTU.
+  
+  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to 
+  automatically set the proper value.
diff --git a/docs/_include/interface-vlan-8021ad.txt b/docs/_include/interface-vlan-8021ad.txt
index 0b37560f..0a1722dc 100644
--- a/docs/_include/interface-vlan-8021ad.txt
+++ b/docs/_include/interface-vlan-8021ad.txt
@@ -88,16 +88,6 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG
    :var6: <vlan-id>
    :var7: 20
 
-.. cmdinclude:: /_include/interface-adjust-mss.txt
-   :var0: {{ var0 }}
-   :var1: {{ var1 }}
-   :var2: vif-s
-   :var3: <vlan-id>
-   :var4: 1000
-   :var5: vif-c
-   :var6: <vlan-id>
-   :var7: 20
-
 .. cmdinclude:: /_include/interface-ip.txt
    :var0: {{ var0 }}
    :var1: {{ var1 }}
diff --git a/docs/_include/interface-vlan-8021q.txt b/docs/_include/interface-vlan-8021q.txt
index 7eb8d350..1a527590 100644
--- a/docs/_include/interface-vlan-8021q.txt
+++ b/docs/_include/interface-vlan-8021q.txt
@@ -73,13 +73,6 @@ term used for this is ``vif``.
    :var3: <vlan-id>
    :var4: 10
 
-.. cmdinclude:: /_include/interface-adjust-mss.txt
-   :var0: {{ var0 }}
-   :var1: {{ var1 }}
-   :var2: vif
-   :var3: <vlan-id>
-   :var4: 10
-
 .. cmdinclude:: /_include/interface-ip.txt
    :var0: {{ var0 }}
    :var1: {{ var1 }}
diff --git a/docs/configuration/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst
index 41f22ed6..4a31efc5 100644
--- a/docs/configuration/interfaces/pppoe.rst
+++ b/docs/configuration/interfaces/pppoe.rst
@@ -177,6 +177,44 @@ PPPoE options
    PPPoE connection must be established over a physical interface. Interfaces
    can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs.
 
+.. cfgcmd:: set interfaces pppoe <interface> ip adjust-mss <mss | clamp-mss-to-pmtu>
+
+  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
+  TCP MSS value to a specific value. This is a field in the TCP options part of
+  a SYN packet. By setting the MSS value, you are telling the remote side
+  unequivocally 'do not try to send me packets bigger than this value'.
+
+  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
+    ``set firewall options interface <name> adjust-mss <value>``
+
+  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in
+    1452 bytes on a 1492 byte MTU.
+
+  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to 
+  automatically set the proper value.
+
+.. cfgcmd:: set interfaces pppoe <interface> ip disable-forwarding
+
+  Configure interface-specific Host/Router behaviour. If set, the interface will
+  switch to host mode and IPv6 forwarding will be disabled on this interface.
+
+.. cfgcmd:: set interfaces pppoe <interface> ip source-validation <strict | loose | disable>
+
+  Enable policy for source validation by reversed path, as specified in
+  :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict
+  mode to prevent IP spoofing from DDos attacks. If using asymmetric routing
+  or other complicated routing, then loose mode is recommended.
+
+  - strict: Each incoming packet is tested against the FIB and if the interface
+    is not the best reverse path the packet check will fail. By default failed
+    packets are discarded.
+
+  - loose: Each incoming packet's source address is also tested against the FIB
+    and if the source address is not reachable via any interface the packet
+    check will fail.
+
+  - disable: No source validation
+
 IPv6
 ----
 
@@ -185,6 +223,27 @@ IPv6
    Use this command to enable acquisition of IPv6 address using stateless
    autoconfig (SLAAC).
 
+.. cfgcmd:: set interfaces pppoe <interface> ipv6 adjust-mss <mss | clamp-mss-to-pmtu>
+
+  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
+  TCP MSS value to a specific value. This is a field in the TCP options part of
+  a SYN packet. By setting the MSS value, you are telling the remote side
+  unequivocally 'do not try to send me packets bigger than this value'.
+
+  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
+    ``set firewall options interface <name> adjust-mss <value>``
+
+  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in
+    1452 bytes on a 1492 byte MTU.
+  
+  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to 
+  automatically set the proper value.
+
+.. cfgcmd:: set interfaces pppoe <interface> ipv6 disable-forwarding
+
+  Configure interface-specific Host/Router behaviour. If set, the interface will
+  switch to host mode and IPv6 forwarding will be disabled on this interface.
+
 .. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt
   :var0: pppoe
   :var1: pppoe0
diff --git a/docs/configuration/interfaces/wwan.rst b/docs/configuration/interfaces/wwan.rst
index eb530c27..0c820471 100644
--- a/docs/configuration/interfaces/wwan.rst
+++ b/docs/configuration/interfaces/wwan.rst
@@ -39,10 +39,6 @@ Common interface configuration
    :var0: wwan
    :var1: wwan0
 
-.. cmdinclude:: /_include/interface-adjust-mss.txt
-   :var0: wwan
-   :var1: wwan0
-
 .. cmdinclude:: /_include/interface-ip.txt
    :var0: wwan
    :var1: wwan0
author	Robert Göhler <github@ghlr.de>	2022-01-17 12:47:31 +0100
committer	GitHub <noreply@github.com>	2022-01-17 12:47:31 +0100
commit	09f087740844b447085be46a37728c896e6c1544 (patch)
tree	ca6d3a19ae67b2b0e20425f472c21e546a3d5cfe
parent	7ee5c8a55b56706a42a48ec00681c7992f7f1491 (diff)
parent	83f983ceef5ff683ac25855d6dfae96a6af1d05d (diff)
download	vyos-documentation-09f087740844b447085be46a37728c896e6c1544.tar.gz vyos-documentation-09f087740844b447085be46a37728c896e6c1544.zip