interfaces: T3090: add new TCP MSS clamping CLI commands

5 files changed, 48 insertions, 0 deletions

diff --git a/docs/_include/interface-adjust-mss.txt b/docs/_include/interface-adjust-mss.txt
new file mode 100644
index 00000000..195682e7
--- /dev/null
+++ b/docs/_include/interface-adjust-mss.txt
@@ -0,0 +1,13 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+  {{ var5 }} {{ var6 }} adjust-mss <mss>
+
+  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
+  TCP MSS value to a specific value. This is a field in the TCP options part of
+  a SYN packet. By setting the MSS value, you are telling the remote side
+  unequivocally 'do not try to send me packets bigger than this value'.
+
+  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
+    ``set firewall options interface <name> adjust-mss <value>``
+
+  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in
+    1452 bytes on a 1492 byte MTU.
diff --git a/docs/_include/interface-common.txt b/docs/_include/interface-common.txt
index 5a997482..4c6ebbe8 100644
--- a/docs/_include/interface-common.txt
+++ b/docs/_include/interface-common.txt
@@ -22,6 +22,10 @@
   :var0: {{ var0 }}
   :var1: {{ var1 }}
 
+.. cmdinclude:: /_include/interface-adjust-mss.txt
+  :var0: {{ var0 }}
+  :var1: {{ var1 }}
+
 .. cmdinclude:: /_include/interface-ip.txt
   :var0: {{ var0 }}
   :var1: {{ var1 }}
diff --git a/docs/_include/interface-ipv6.txt b/docs/_include/interface-ipv6.txt
index e03817cf..d1ed8837 100644
--- a/docs/_include/interface-ipv6.txt
+++ b/docs/_include/interface-ipv6.txt
@@ -53,3 +53,17 @@
   .. code-block:: none
 
     set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 disable-forwarding
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+  {{ var5 }} {{ var6 }} ipv6 adjust-mss <mss>
+
+  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
+  TCP MSS value to a specific value. This is a field in the TCP options part of
+  a SYN packet. By setting the MSS value, you are telling the remote side
+  unequivocally 'do not try to send me packets bigger than this value'.
+
+  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
+    ``set firewall options interface <name> adjust-mss6 <value>``
+
+  .. hint:: MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in
+    1432 bytes on a 1492 byte MTU.
diff --git a/docs/_include/interface-vlan-8021ad.txt b/docs/_include/interface-vlan-8021ad.txt
index 0a1722dc..0b37560f 100644
--- a/docs/_include/interface-vlan-8021ad.txt
+++ b/docs/_include/interface-vlan-8021ad.txt
@@ -88,6 +88,16 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG
    :var6: <vlan-id>
    :var7: 20
 
+.. cmdinclude:: /_include/interface-adjust-mss.txt
+   :var0: {{ var0 }}
+   :var1: {{ var1 }}
+   :var2: vif-s
+   :var3: <vlan-id>
+   :var4: 1000
+   :var5: vif-c
+   :var6: <vlan-id>
+   :var7: 20
+
 .. cmdinclude:: /_include/interface-ip.txt
    :var0: {{ var0 }}
    :var1: {{ var1 }}
diff --git a/docs/_include/interface-vlan-8021q.txt b/docs/_include/interface-vlan-8021q.txt
index 1a527590..7eb8d350 100644
--- a/docs/_include/interface-vlan-8021q.txt
+++ b/docs/_include/interface-vlan-8021q.txt
@@ -73,6 +73,13 @@ term used for this is ``vif``.
    :var3: <vlan-id>
    :var4: 10
 
+.. cmdinclude:: /_include/interface-adjust-mss.txt
+   :var0: {{ var0 }}
+   :var1: {{ var1 }}
+   :var2: vif
+   :var3: <vlan-id>
+   :var4: 10
+
 .. cmdinclude:: /_include/interface-ip.txt
    :var0: {{ var0 }}
    :var1: {{ var1 }}