Merge pull request #697 from mrbuk/master

Fix description of 'adjust-mss' option
2025-10-26 08:41:46 +01:00 · 2022-01-17 12:47:31 +01:00 · 2022-01-17 12:47:31 +01:00 · 09f0877408
commit 09f0877408
parent 7ee5c8a55b 83f983ceef
8 changed files with 80 additions and 39 deletions
--- a/docs/_include/interface-adjust-mss.txt
+++ b/docs/_include/interface-adjust-mss.txt
@ -1,13 +0,0 @@
-.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
-  {{ var5 }} {{ var6 }} adjust-mss <mss>
-
-  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
-  TCP MSS value to a specific value. This is a field in the TCP options part of
-  a SYN packet. By setting the MSS value, you are telling the remote side
-  unequivocally 'do not try to send me packets bigger than this value'.
-
-  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
-    ``set firewall options interface <name> adjust-mss <value>``
-
-  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in
-    1452 bytes on a 1492 byte MTU.
--- a/docs/_include/interface-common.txt
+++ b/docs/_include/interface-common.txt
@ -22,10 +22,6 @@
  :var0: {{ var0 }}
  :var1: {{ var1 }}

-.. cmdinclude:: /_include/interface-adjust-mss.txt
-  :var0: {{ var0 }}
-  :var1: {{ var1 }}
-
 .. cmdinclude:: /_include/interface-ip.txt
  :var0: {{ var0 }}
  :var1: {{ var1 }}
--- a/docs/_include/interface-ip.txt
+++ b/docs/_include/interface-ip.txt
@ -1,3 +1,20 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+  {{ var5 }} {{ var6 }} ip adjust-mss <mss | clamp-mss-to-pmtu>
+
+  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
+  TCP MSS value to a specific value. This is a field in the TCP options part of
+  a SYN packet. By setting the MSS value, you are telling the remote side
+  unequivocally 'do not try to send me packets bigger than this value'.
+
+  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
+    ``set firewall options interface <name> adjust-mss <value>``
+
+  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in
+    1452 bytes on a 1492 byte MTU.
+
+  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to 
+  automatically set the proper value.
+
 .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
  {{ var5 }} {{ var6 }} ip arp-cache-timeout

--- a/docs/_include/interface-ipv6.txt
+++ b/docs/_include/interface-ipv6.txt
@ -55,7 +55,7 @@
    set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 disable-forwarding

 .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
-  {{ var5 }} {{ var6 }} ipv6 adjust-mss <mss>
+  {{ var5 }} {{ var6 }} ipv6 adjust-mss <mss | clamp-mss-to-pmtu>

  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
  TCP MSS value to a specific value. This is a field in the TCP options part of
@ -67,3 +67,6 @@

  .. hint:: MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in
    1432 bytes on a 1492 byte MTU.
+  
+  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to 
+  automatically set the proper value.
--- a/docs/_include/interface-vlan-8021ad.txt
+++ b/docs/_include/interface-vlan-8021ad.txt
@ -88,16 +88,6 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG
   :var6: <vlan-id>
   :var7: 20

-.. cmdinclude:: /_include/interface-adjust-mss.txt
-   :var0: {{ var0 }}
-   :var1: {{ var1 }}
-   :var2: vif-s
-   :var3: <vlan-id>
-   :var4: 1000
-   :var5: vif-c
-   :var6: <vlan-id>
-   :var7: 20
-
 .. cmdinclude:: /_include/interface-ip.txt
   :var0: {{ var0 }}
   :var1: {{ var1 }}
--- a/docs/_include/interface-vlan-8021q.txt
+++ b/docs/_include/interface-vlan-8021q.txt
@ -73,13 +73,6 @@ term used for this is ``vif``.
   :var3: <vlan-id>
   :var4: 10

-.. cmdinclude:: /_include/interface-adjust-mss.txt
-   :var0: {{ var0 }}
-   :var1: {{ var1 }}
-   :var2: vif
-   :var3: <vlan-id>
-   :var4: 10
-
 .. cmdinclude:: /_include/interface-ip.txt
   :var0: {{ var0 }}
   :var1: {{ var1 }}
--- a/docs/configuration/interfaces/pppoe.rst
+++ b/docs/configuration/interfaces/pppoe.rst
@ -177,6 +177,44 @@ PPPoE options
   PPPoE connection must be established over a physical interface. Interfaces
   can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs.

+.. cfgcmd:: set interfaces pppoe <interface> ip adjust-mss <mss | clamp-mss-to-pmtu>
+
+  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
+  TCP MSS value to a specific value. This is a field in the TCP options part of
+  a SYN packet. By setting the MSS value, you are telling the remote side
+  unequivocally 'do not try to send me packets bigger than this value'.
+
+  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
+    ``set firewall options interface <name> adjust-mss <value>``
+
+  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in
+    1452 bytes on a 1492 byte MTU.
+
+  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to 
+  automatically set the proper value.
+
+.. cfgcmd:: set interfaces pppoe <interface> ip disable-forwarding
+
+  Configure interface-specific Host/Router behaviour. If set, the interface will
+  switch to host mode and IPv6 forwarding will be disabled on this interface.
+
+.. cfgcmd:: set interfaces pppoe <interface> ip source-validation <strict | loose | disable>
+
+  Enable policy for source validation by reversed path, as specified in
+  :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict
+  mode to prevent IP spoofing from DDos attacks. If using asymmetric routing
+  or other complicated routing, then loose mode is recommended.
+
+  - strict: Each incoming packet is tested against the FIB and if the interface
+    is not the best reverse path the packet check will fail. By default failed
+    packets are discarded.
+
+  - loose: Each incoming packet's source address is also tested against the FIB
+    and if the source address is not reachable via any interface the packet
+    check will fail.
+
+  - disable: No source validation
+
 IPv6
 ----

@ -185,6 +223,27 @@ IPv6
   Use this command to enable acquisition of IPv6 address using stateless
   autoconfig (SLAAC).

+.. cfgcmd:: set interfaces pppoe <interface> ipv6 adjust-mss <mss | clamp-mss-to-pmtu>
+
+  As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
+  TCP MSS value to a specific value. This is a field in the TCP options part of
+  a SYN packet. By setting the MSS value, you are telling the remote side
+  unequivocally 'do not try to send me packets bigger than this value'.
+
+  .. note:: This command was introduced in VyOS 1.4 - it was previously called:
+    ``set firewall options interface <name> adjust-mss <value>``
+
+  .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in
+    1452 bytes on a 1492 byte MTU.
+  
+  Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to 
+  automatically set the proper value.
+
+.. cfgcmd:: set interfaces pppoe <interface> ipv6 disable-forwarding
+
+  Configure interface-specific Host/Router behaviour. If set, the interface will
+  switch to host mode and IPv6 forwarding will be disabled on this interface.
+
 .. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt
  :var0: pppoe
  :var1: pppoe0
--- a/docs/configuration/interfaces/wwan.rst
+++ b/docs/configuration/interfaces/wwan.rst
@ -39,10 +39,6 @@ Common interface configuration
   :var0: wwan
   :var1: wwan0

-.. cmdinclude:: /_include/interface-adjust-mss.txt
-   :var0: wwan
-   :var1: wwan0
-
 .. cmdinclude:: /_include/interface-ip.txt
   :var0: wwan
   :var1: wwan0