1 files changed, 95 insertions, 0 deletions

diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index a1928ba51..45a220e22 100755
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -52,6 +52,10 @@ from vyos.ifconfig.vrrp import VRRP
 from vyos.ifconfig.operational import Operational
 from vyos.ifconfig import Section
 
+from netaddr import EUI
+from netaddr import mac_unix_expanded
+from random import getrandbits
+
 class Interface(Control):
     # This is the class which will be used to create
     # self.operational, it allows subclasses, such as
@@ -389,6 +393,31 @@ class Interface(Control):
         """
         return self.get_interface('mac')
 
+    def get_mac_synthetic(self):
+        """
+        Get a synthetic MAC address. This is a common method which can be called
+        from derived classes to overwrite the get_mac() call in a generic way.
+
+        NOTE: Tunnel interfaces have no "MAC" address by default. The content
+              of the 'address' file in /sys/class/net/device contains the
+              local-ip thus we generate a random MAC address instead
+
+        Example:
+        >>> from vyos.ifconfig import Interface
+        >>> Interface('eth0').get_mac()
+        '00:50:ab:cd:ef:00'
+        """
+        # we choose 40 random bytes for the MAC address, this gives
+        # us e.g. EUI('00-EA-EE-D6-A3-C8') or EUI('00-41-B9-0D-F2-2A')
+        tmp = EUI(getrandbits(48)).value
+        # set locally administered bit in MAC address
+        tmp |= 0xf20000000000
+        # convert integer to "real" MAC address representation
+        mac = EUI(hex(tmp).split('x')[-1])
+        # change dialect to use : as delimiter instead of -
+        mac.dialect = mac_unix_expanded
+        return str(mac)
+
     def set_mac(self, mac):
         """
         Set interface MAC (Media Access Contrl) address to given value.
@@ -436,6 +465,62 @@ class Interface(Control):
         """
         return self.set_interface('arp_cache_tmo', tmo)
 
+    def set_tcp_ipv4_mss(self, mss):
+        """
+        Set IPv4 TCP MSS value advertised when TCP SYN packets leave this
+        interface. Value is in bytes.
+
+        A value of 0 will disable the MSS adjustment
+
+        Example:
+        >>> from vyos.ifconfig import Interface
+        >>> Interface('eth0').set_tcp_ipv4_mss(1340)
+        """
+        iptables_bin = 'iptables'
+        base_options = f'-A FORWARD -o {self.ifname} -p tcp -m tcp --tcp-flags SYN,RST SYN'
+        out = self._cmd(f'{iptables_bin}-save -t mangle')
+        for line in out.splitlines():
+            if line.startswith(base_options):
+                # remove OLD MSS mangling configuration
+                line = line.replace('-A FORWARD', '-D FORWARD')
+                self._cmd(f'{iptables_bin} -t mangle {line}')
+
+        cmd_mss = f'{iptables_bin} -t mangle {base_options} --jump TCPMSS'
+        if mss == 'clamp-mss-to-pmtu':
+            self._cmd(f'{cmd_mss} --clamp-mss-to-pmtu')
+        elif int(mss) > 0:
+            # probably add option to clamp only if bigger:
+            low_mss = str(int(mss) + 1)
+            self._cmd(f'{cmd_mss} -m tcpmss --mss {low_mss}:65535 --set-mss {mss}')
+
+    def set_tcp_ipv6_mss(self, mss):
+        """
+        Set IPv6 TCP MSS value advertised when TCP SYN packets leave this
+        interface. Value is in bytes.
+
+        A value of 0 will disable the MSS adjustment
+
+        Example:
+        >>> from vyos.ifconfig import Interface
+        >>> Interface('eth0').set_tcp_mss(1320)
+        """
+        iptables_bin = 'ip6tables'
+        base_options = f'-A FORWARD -o {self.ifname} -p tcp -m tcp --tcp-flags SYN,RST SYN'
+        out = self._cmd(f'{iptables_bin}-save -t mangle')
+        for line in out.splitlines():
+            if line.startswith(base_options):
+                # remove OLD MSS mangling configuration
+                line = line.replace('-A FORWARD', '-D FORWARD')
+                self._cmd(f'{iptables_bin} -t mangle {line}')
+
+        cmd_mss = f'{iptables_bin} -t mangle {base_options} --jump TCPMSS'
+        if mss == 'clamp-mss-to-pmtu':
+            self._cmd(f'{cmd_mss} --clamp-mss-to-pmtu')
+        elif int(mss) > 0:
+            # probably add option to clamp only if bigger:
+            low_mss = str(int(mss) + 1)
+            self._cmd(f'{cmd_mss} -m tcpmss --mss {low_mss}:65535 --set-mss {mss}')
+
     def set_arp_filter(self, arp_filter):
         """
         Filter ARP requests
@@ -1202,6 +1287,16 @@ class Interface(Control):
             # checked before
             self.set_vrf(config.get('vrf', ''))
 
+        # Configure MSS value for IPv4 TCP connections
+        tmp = dict_search('ip.adjust_mss', config)
+        value = tmp if (tmp != None) else '0'
+        self.set_tcp_ipv4_mss(value)
+
+        # Configure MSS value for IPv6 TCP connections
+        tmp = dict_search('ipv6.adjust_mss', config)
+        value = tmp if (tmp != None) else '0'
+        self.set_tcp_ipv6_mss(value)
+
         # Configure ARP cache timeout in milliseconds - has default value
         tmp = dict_search('ip.arp_cache_timeout', config)
         value = tmp if (tmp != None) else '30'