diff options
author | Christian Breunig <christian@breunig.cc> | 2023-08-23 20:21:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-23 20:21:12 +0200 |
commit | bf7e94a6606c9245721194b7d5c18c24a9f8baef (patch) | |
tree | 06f56c3f2aeef4f6c8bae2f04d53bef2a7a71e2e | |
parent | db67bc204e77fb2dd7d4a76672c63bc9bbfc07e1 (diff) | |
parent | 6e1333d1e71651e9822ef74d989b928df313ea6e (diff) | |
download | vyos-1x-bf7e94a6606c9245721194b7d5c18c24a9f8baef.tar.gz vyos-1x-bf7e94a6606c9245721194b7d5c18c24a9f8baef.zip |
Merge pull request #2139 from dmbaturin/T5449-mss-probing
system-ip: T5449: add TCP MSS probing options
-rw-r--r-- | interface-definitions/system-ip.xml.in | 58 | ||||
-rwxr-xr-x | src/conf_mode/system-ip.py | 21 |
2 files changed, 79 insertions, 0 deletions
diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system-ip.xml.in index abdede979..6db4dbfc7 100644 --- a/interface-definitions/system-ip.xml.in +++ b/interface-definitions/system-ip.xml.in @@ -48,6 +48,64 @@ </leafNode> </children> </node> + <node name="tcp"> + <properties> + <help>IPv4 TCP parameters</help> + </properties> + <children> + <node name="mss"> + <properties> + <help>IPv4 TCP MSS probing options</help> + </properties> + <children> + <leafNode name="probing"> + <properties> + <help>Attempt to lower the MSS if TCP connections fail to establish</help> + <completionHelp> + <list>on-icmp-black-hole force</list> + </completionHelp> + <valueHelp> + <format>on-icmp-black-hole</format> + <description>Attempt TCP MSS probing when an ICMP black hole is detected</description> + </valueHelp> + <valueHelp> + <format>force</format> + <description>Attempt TCP MSS probing by default</description> + </valueHelp> + <constraint> + <regex>(on-icmp-black-hole|force)</regex> + </constraint> + <constraintErrorMessage>Must be on-icmp-black-hole or force</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="base"> + <properties> + <help>Base MSS to start probing from (applicable to "probing force")</help> + <valueHelp> + <format>u32:48-1460</format> + <description>Base MSS value for probing (default: 1024)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 48-1460"/> + </constraint> + </properties> + </leafNode> + <leafNode name="floor"> + <properties> + <help>Minimum MSS to stop probing at (default: 48)</help> + <valueHelp> + <format>u32:48-1460</format> + <description>Minimum MSS value to probe</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 48-1460"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> #include <include/system-ip-protocol.xml.i> </children> </node> diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system-ip.py index 63dff0e36..9ed34c735 100755 --- a/src/conf_mode/system-ip.py +++ b/src/conf_mode/system-ip.py @@ -95,6 +95,27 @@ def apply(opt): value = '1' if (tmp != None) else '0' sysctl_write('net.ipv4.fib_multipath_hash_policy', value) + # configure TCP options (defaults as of Linux 6.4) + tmp = dict_search('tcp.mss.probing', opt) + if tmp is None: + value = 0 + elif tmp == 'on-icmp-black-hole': + value = 1 + elif tmp == 'force': + value = 2 + else: + # Shouldn't happen + raise ValueError("TCP MSS probing is neither 'on-icmp-black-hole' nor 'force'!") + sysctl_write('net.ipv4.tcp_mtu_probing', value) + + tmp = dict_search('tcp.mss.base', opt) + value = '1024' if (tmp is None) else tmp + sysctl_write('net.ipv4.tcp_base_mss', value) + + tmp = dict_search('tcp.mss.floor', opt) + value = '48' if (tmp is None) else tmp + sysctl_write('net.ipv4.tcp_mtu_probe_floor', value) + if 'protocol' in opt: zebra_daemon = 'zebra' # Save original configuration prior to starting any commit actions |