diff options
| -rw-r--r-- | docs/_include/interface-adjust-mss.txt | 13 | ||||
| -rw-r--r-- | docs/_include/interface-common.txt | 4 | ||||
| -rw-r--r-- | docs/_include/interface-ip.txt | 17 | ||||
| -rw-r--r-- | docs/_include/interface-ipv6.txt | 5 | ||||
| -rw-r--r-- | docs/_include/interface-vlan-8021ad.txt | 10 | ||||
| -rw-r--r-- | docs/_include/interface-vlan-8021q.txt | 7 | ||||
| -rw-r--r-- | docs/configuration/interfaces/pppoe.rst | 59 | ||||
| -rw-r--r-- | docs/configuration/interfaces/wwan.rst | 4 | 
8 files changed, 80 insertions, 39 deletions
| diff --git a/docs/_include/interface-adjust-mss.txt b/docs/_include/interface-adjust-mss.txt deleted file mode 100644 index 195682e7..00000000 --- a/docs/_include/interface-adjust-mss.txt +++ /dev/null @@ -1,13 +0,0 @@ -.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} -  {{ var5 }} {{ var6 }} adjust-mss <mss> - -  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our -  TCP MSS value to a specific value. This is a field in the TCP options part of -  a SYN packet. By setting the MSS value, you are telling the remote side -  unequivocally 'do not try to send me packets bigger than this value'. - -  .. note:: This command was introduced in VyOS 1.4 - it was previously called: -    ``set firewall options interface <name> adjust-mss <value>`` - -  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in -    1452 bytes on a 1492 byte MTU. diff --git a/docs/_include/interface-common.txt b/docs/_include/interface-common.txt index 4c6ebbe8..5a997482 100644 --- a/docs/_include/interface-common.txt +++ b/docs/_include/interface-common.txt @@ -22,10 +22,6 @@    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: /_include/interface-adjust-mss.txt -  :var0: {{ var0 }} -  :var1: {{ var1 }} -  .. cmdinclude:: /_include/interface-ip.txt    :var0: {{ var0 }}    :var1: {{ var1 }} diff --git a/docs/_include/interface-ip.txt b/docs/_include/interface-ip.txt index abbed529..75441040 100644 --- a/docs/_include/interface-ip.txt +++ b/docs/_include/interface-ip.txt @@ -1,4 +1,21 @@  .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} +  {{ var5 }} {{ var6 }} ip adjust-mss <mss | clamp-mss-to-pmtu> + +  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our +  TCP MSS value to a specific value. This is a field in the TCP options part of +  a SYN packet. By setting the MSS value, you are telling the remote side +  unequivocally 'do not try to send me packets bigger than this value'. + +  .. note:: This command was introduced in VyOS 1.4 - it was previously called: +    ``set firewall options interface <name> adjust-mss <value>`` + +  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in +    1452 bytes on a 1492 byte MTU. + +  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to  +  automatically set the proper value. + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}    {{ var5 }} {{ var6 }} ip arp-cache-timeout    Once a neighbor has been found, the entry is considered to be valid for at diff --git a/docs/_include/interface-ipv6.txt b/docs/_include/interface-ipv6.txt index d1ed8837..eb60b4e8 100644 --- a/docs/_include/interface-ipv6.txt +++ b/docs/_include/interface-ipv6.txt @@ -55,7 +55,7 @@      set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 disable-forwarding  .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} -  {{ var5 }} {{ var6 }} ipv6 adjust-mss <mss> +  {{ var5 }} {{ var6 }} ipv6 adjust-mss <mss | clamp-mss-to-pmtu>    As Internet wide PMTU discovery rarely works, we sometimes need to clamp our    TCP MSS value to a specific value. This is a field in the TCP options part of @@ -67,3 +67,6 @@    .. hint:: MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in      1432 bytes on a 1492 byte MTU. +   +  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to  +  automatically set the proper value. diff --git a/docs/_include/interface-vlan-8021ad.txt b/docs/_include/interface-vlan-8021ad.txt index 0b37560f..0a1722dc 100644 --- a/docs/_include/interface-vlan-8021ad.txt +++ b/docs/_include/interface-vlan-8021ad.txt @@ -88,16 +88,6 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG     :var6: <vlan-id>     :var7: 20 -.. cmdinclude:: /_include/interface-adjust-mss.txt -   :var0: {{ var0 }} -   :var1: {{ var1 }} -   :var2: vif-s -   :var3: <vlan-id> -   :var4: 1000 -   :var5: vif-c -   :var6: <vlan-id> -   :var7: 20 -  .. cmdinclude:: /_include/interface-ip.txt     :var0: {{ var0 }}     :var1: {{ var1 }} diff --git a/docs/_include/interface-vlan-8021q.txt b/docs/_include/interface-vlan-8021q.txt index 7eb8d350..1a527590 100644 --- a/docs/_include/interface-vlan-8021q.txt +++ b/docs/_include/interface-vlan-8021q.txt @@ -73,13 +73,6 @@ term used for this is ``vif``.     :var3: <vlan-id>     :var4: 10 -.. cmdinclude:: /_include/interface-adjust-mss.txt -   :var0: {{ var0 }} -   :var1: {{ var1 }} -   :var2: vif -   :var3: <vlan-id> -   :var4: 10 -  .. cmdinclude:: /_include/interface-ip.txt     :var0: {{ var0 }}     :var1: {{ var1 }} diff --git a/docs/configuration/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst index 41f22ed6..4a31efc5 100644 --- a/docs/configuration/interfaces/pppoe.rst +++ b/docs/configuration/interfaces/pppoe.rst @@ -177,6 +177,44 @@ PPPoE options     PPPoE connection must be established over a physical interface. Interfaces     can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs. +.. cfgcmd:: set interfaces pppoe <interface> ip adjust-mss <mss | clamp-mss-to-pmtu> + +  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our +  TCP MSS value to a specific value. This is a field in the TCP options part of +  a SYN packet. By setting the MSS value, you are telling the remote side +  unequivocally 'do not try to send me packets bigger than this value'. + +  .. note:: This command was introduced in VyOS 1.4 - it was previously called: +    ``set firewall options interface <name> adjust-mss <value>`` + +  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in +    1452 bytes on a 1492 byte MTU. + +  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to  +  automatically set the proper value. + +.. cfgcmd:: set interfaces pppoe <interface> ip disable-forwarding + +  Configure interface-specific Host/Router behaviour. If set, the interface will +  switch to host mode and IPv6 forwarding will be disabled on this interface. + +.. cfgcmd:: set interfaces pppoe <interface> ip source-validation <strict | loose | disable> + +  Enable policy for source validation by reversed path, as specified in +  :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict +  mode to prevent IP spoofing from DDos attacks. If using asymmetric routing +  or other complicated routing, then loose mode is recommended. + +  - strict: Each incoming packet is tested against the FIB and if the interface +    is not the best reverse path the packet check will fail. By default failed +    packets are discarded. + +  - loose: Each incoming packet's source address is also tested against the FIB +    and if the source address is not reachable via any interface the packet +    check will fail. + +  - disable: No source validation +  IPv6  ---- @@ -185,6 +223,27 @@ IPv6     Use this command to enable acquisition of IPv6 address using stateless     autoconfig (SLAAC). +.. cfgcmd:: set interfaces pppoe <interface> ipv6 adjust-mss <mss | clamp-mss-to-pmtu> + +  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our +  TCP MSS value to a specific value. This is a field in the TCP options part of +  a SYN packet. By setting the MSS value, you are telling the remote side +  unequivocally 'do not try to send me packets bigger than this value'. + +  .. note:: This command was introduced in VyOS 1.4 - it was previously called: +    ``set firewall options interface <name> adjust-mss <value>`` + +  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in +    1452 bytes on a 1492 byte MTU. +   +  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to  +  automatically set the proper value. + +.. cfgcmd:: set interfaces pppoe <interface> ipv6 disable-forwarding + +  Configure interface-specific Host/Router behaviour. If set, the interface will +  switch to host mode and IPv6 forwarding will be disabled on this interface. +  .. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt    :var0: pppoe    :var1: pppoe0 diff --git a/docs/configuration/interfaces/wwan.rst b/docs/configuration/interfaces/wwan.rst index eb530c27..0c820471 100644 --- a/docs/configuration/interfaces/wwan.rst +++ b/docs/configuration/interfaces/wwan.rst @@ -39,10 +39,6 @@ Common interface configuration     :var0: wwan     :var1: wwan0 -.. cmdinclude:: /_include/interface-adjust-mss.txt -   :var0: wwan -   :var1: wwan0 -  .. cmdinclude:: /_include/interface-ip.txt     :var0: wwan     :var1: wwan0 | 
