From a7bd26d39049cf3ac5579b47f1732f07a53f92a4 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 5 Jun 2008 14:59:43 -0700 Subject: Turn off TCP SACK This is a workaround for bug 3313. The problem is that MD5 uses up what little space there for TCP options in header. --- sysconf/vyatta-sysctl.conf | 3 +++ templates/system/login/user/node.tag/shell/node.def | 8 ++++++++ 2 files changed, 11 insertions(+) create mode 100644 templates/system/login/user/node.tag/shell/node.def diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index 73c4c8ff..cb03a614 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -21,3 +21,6 @@ net.ipv4.icmp_ignore_bogus_error_responses=1 # Send ICMP responses with primary address of exiting interface net.ipv4.icmp_errors_use_inbound_ifaddr=1 + +# Turn off SACK since it causes problems with MD5 due to lack of options space +net.ipv4.tcp_sack=0 diff --git a/templates/system/login/user/node.tag/shell/node.def b/templates/system/login/user/node.tag/shell/node.def new file mode 100644 index 00000000..b1163fdf --- /dev/null +++ b/templates/system/login/user/node.tag/shell/node.def @@ -0,0 +1,8 @@ +type: txt +help: Set command shell +default: fusioncli +syntax:expression: ( $VAR(@) in "fusioncli" "linux" || + exec "if [ -x $VAR(@) -a grep -q $VAR(@) /etc/shells ]; then exit 0; \ + else echo 'Not a valid command shell'; exit 1; fi" +allowed: echo "fusioncli linux" + awk '! /^[ ]*#/ { printf "%s ", $0 }'