diff options
| author | Daniil Baturin <daniil@baturin.org> | 2023-08-08 20:28:38 +0100 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2023-08-17 16:30:00 +0100 |
| commit | 6e1333d1e71651e9822ef74d989b928df313ea6e (patch) | |
| tree | aadf8232178786c0aca6f796ff83bc5b0f10289d | |
| parent | 0e92ee262d8ec6ee88d7331f2cbffe8b6b689437 (diff) | |
| download | vyos-1x-6e1333d1e71651e9822ef74d989b928df313ea6e.tar.gz vyos-1x-6e1333d1e71651e9822ef74d989b928df313ea6e.zip | |
system-ip: T5449: add TCP MSS probing options
| -rw-r--r-- | interface-definitions/system-ip.xml.in | 58 | ||||
| -rwxr-xr-x | src/conf_mode/system-ip.py | 21 |
2 files changed, 79 insertions, 0 deletions
diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system-ip.xml.in index abdede979..6db4dbfc7 100644 --- a/interface-definitions/system-ip.xml.in +++ b/interface-definitions/system-ip.xml.in @@ -48,6 +48,64 @@ </leafNode> </children> </node> + <node name="tcp"> + <properties> + <help>IPv4 TCP parameters</help> + </properties> + <children> + <node name="mss"> + <properties> + <help>IPv4 TCP MSS probing options</help> + </properties> + <children> + <leafNode name="probing"> + <properties> + <help>Attempt to lower the MSS if TCP connections fail to establish</help> + <completionHelp> + <list>on-icmp-black-hole force</list> + </completionHelp> + <valueHelp> + <format>on-icmp-black-hole</format> + <description>Attempt TCP MSS probing when an ICMP black hole is detected</description> + </valueHelp> + <valueHelp> + <format>force</format> + <description>Attempt TCP MSS probing by default</description> + </valueHelp> + <constraint> + <regex>(on-icmp-black-hole|force)</regex> + </constraint> + <constraintErrorMessage>Must be on-icmp-black-hole or force</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="base"> + <properties> + <help>Base MSS to start probing from (applicable to "probing force")</help> + <valueHelp> + <format>u32:48-1460</format> + <description>Base MSS value for probing (default: 1024)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 48-1460"/> + </constraint> + </properties> + </leafNode> + <leafNode name="floor"> + <properties> + <help>Minimum MSS to stop probing at (default: 48)</help> + <valueHelp> + <format>u32:48-1460</format> + <description>Minimum MSS value to probe</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 48-1460"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> #include <include/system-ip-protocol.xml.i> </children> </node> diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system-ip.py index cca996e4f..c89267afc 100755 --- a/src/conf_mode/system-ip.py +++ b/src/conf_mode/system-ip.py @@ -98,6 +98,27 @@ def apply(opt): value = '1' if (tmp != None) else '0' sysctl_write('net.ipv4.fib_multipath_hash_policy', value) + # configure TCP options (defaults as of Linux 6.4) + tmp = dict_search('tcp.mss.probing', opt) + if tmp is None: + value = 0 + elif tmp == 'on-icmp-black-hole': + value = 1 + elif tmp == 'force': + value = 2 + else: + # Shouldn't happen + raise ValueError("TCP MSS probing is neither 'on-icmp-black-hole' nor 'force'!") + sysctl_write('net.ipv4.tcp_mtu_probing', value) + + tmp = dict_search('tcp.mss.base', opt) + value = '1024' if (tmp is None) else tmp + sysctl_write('net.ipv4.tcp_base_mss', value) + + tmp = dict_search('tcp.mss.floor', opt) + value = '48' if (tmp is None) else tmp + sysctl_write('net.ipv4.tcp_mtu_probe_floor', value) + if 'protocol' in opt: zebra_daemon = 'zebra' # Save original configuration prior to starting any commit actions |