diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-08-19 18:14:13 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-08-21 15:26:35 +0200 |
commit | b7bfcb6ef0e712bb8c39241051e716a833b2ffe8 (patch) | |
tree | 6bc7ae43df3fd7e20976dad68cf98a856b236cab /interface-definitions | |
parent | 6bd780887c0e13dc9272ec499ebc6f01cfaf7ea6 (diff) | |
download | vyos-1x-b7bfcb6ef0e712bb8c39241051e716a833b2ffe8.tar.gz vyos-1x-b7bfcb6ef0e712bb8c39241051e716a833b2ffe8.zip |
interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" level
Getting rid of "set firewall options" and move it from:
set firewall options interface ethX adjust-mss 1400
set firewall options interface ethX adjust-mss6 1400
to:
set interfaces ethernet ethX ip adjust-mss 1400
set interfaces ethernet ethX ipv6 adjust-mss 1400
In addition add an extra option called clamp-mss-to-pmtu instead of a value.
Diffstat (limited to 'interface-definitions')
5 files changed, 27 insertions, 50 deletions
diff --git a/interface-definitions/firewall-options.xml.in b/interface-definitions/firewall-options.xml.in deleted file mode 100644 index 8d9225a9a..000000000 --- a/interface-definitions/firewall-options.xml.in +++ /dev/null @@ -1,50 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="firewall"> - <children> - <node name="options"> - <properties> - <help>Firewall options/Packet manipulation</help> - <priority>990</priority> - </properties> - <children> - <tagNode name="interface" owner="${vyos_conf_scripts_dir}/firewall_options.py"> - <properties> - <help>Interface clamping options</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> - </completionHelp> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - <leafNode name="adjust-mss"> - <properties> - <help>Adjust MSS for IPv4 transit packets</help> - <valueHelp> - <format>500-1460</format> - <description>TCP Maximum segment size in bytes</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 500-1460"/> - </constraint> - </properties> - </leafNode> - <leafNode name="adjust-mss6"> - <properties> - <help>Adjust MSS for IPv6 transit packets</help> - <valueHelp> - <format>1280-1492</format> - <description>TCP Maximum segment size in bytes</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1280-1492"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/include/interface/adjust-mss.xml.i b/interface-definitions/include/interface/adjust-mss.xml.i new file mode 100644 index 000000000..57019f02c --- /dev/null +++ b/interface-definitions/include/interface/adjust-mss.xml.i @@ -0,0 +1,23 @@ +<!-- include start from interface/adjust-mss.xml.i --> +<!-- https://datatracker.ietf.org/doc/html/rfc6691 --> +<leafNode name="adjust-mss"> + <properties> + <help>Adjust TCP MSS value</help> + <completionHelp> + <list>clamp-mss-to-pmtu</list> + </completionHelp> + <valueHelp> + <format>clamp-mss-to-pmtu</format> + <description>Automatically sets the MSS to the proper value</description> + </valueHelp> + <valueHelp> + <format>u32:500-65535</format> + <description>TCP Maximum segment size in bytes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 500-65535"/> + <regex>^(clamp-mss-to-pmtu)$</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv4-options.xml.i b/interface-definitions/include/interface/ipv4-options.xml.i index 10884b6eb..bca1229c6 100644 --- a/interface-definitions/include/interface/ipv4-options.xml.i +++ b/interface-definitions/include/interface/ipv4-options.xml.i @@ -4,6 +4,7 @@ <help>IPv4 routing parameters</help> </properties> <children> + #include <include/interface/adjust-mss.xml.i> #include <include/interface/arp-cache-timeout.xml.i> #include <include/interface/disable-arp-filter.xml.i> #include <include/interface/disable-forwarding.xml.i> diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i index e57c242b0..2d2d1d3b2 100644 --- a/interface-definitions/include/interface/ipv6-options.xml.i +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -4,6 +4,7 @@ <help>IPv6 routing parameters</help> </properties> <children> + #include <include/interface/adjust-mss.xml.i> #include <include/interface/ipv6-address.xml.i> #include <include/interface/ipv6-disable-forwarding.xml.i> #include <include/interface/ipv6-dup-addr-detect-transmits.xml.i> diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in index 1bbfa63af..ac8fa378b 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces-pppoe.xml.in @@ -70,6 +70,7 @@ <help>IPv4 routing parameters</help> </properties> <children> + #include <include/interface/adjust-mss.xml.i> #include <include/interface/source-validation.xml.i> </children> </node> @@ -86,6 +87,7 @@ #include <include/interface/ipv6-address-autoconf.xml.i> </children> </node> + #include <include/interface/adjust-mss.xml.i> </children> </node> <leafNode name="source-interface"> |