View | Details | Raw Unified | Return to bug 197230 | Differences between
and this patch

Collapse All | Expand All

(-)etc/defaults/rc.conf (+4 lines)
Lines 205-210 Link Here
205
pfsync_syncpeer=""		# IP address of pfsync peer host
205
pfsync_syncpeer=""		# IP address of pfsync peer host
206
pfsync_ifconfig=""		# Additional options to ifconfig(8) for pfsync
206
pfsync_ifconfig=""		# Additional options to ifconfig(8) for pfsync
207
tcp_extensions="YES"		# Set to NO to turn off RFC1323 extensions.
207
tcp_extensions="YES"		# Set to NO to turn off RFC1323 extensions.
208
tcpmss_enable="NO"		# Set to YES to use ipfw(8) for MSS adjustements
209
tcpmss_verbose="NO"		# Set to YES to enable verbose configuration messages
210
#tcpmss_instances="555"		# Space separated list of ng_tcpmss(4) nodes (netgraph cookies)
211
#tcpmss_555="1452"		# maxMSS value for this ng_tcpmss(4) instance
208
log_in_vain="0"			# >=1 to log connects to ports w/o listeners.
212
log_in_vain="0"			# >=1 to log connects to ports w/o listeners.
209
tcp_keepalive="YES"		# Enable stale TCP connection timeout (or NO).
213
tcp_keepalive="YES"		# Enable stale TCP connection timeout (or NO).
210
tcp_drop_synfin="NO"		# Set to YES to drop TCP packets with SYN+FIN
214
tcp_drop_synfin="NO"		# Set to YES to drop TCP packets with SYN+FIN
(-)share/man/man5/rc.conf.5 (-1 / +58 lines)
Lines 1001-1008 Link Here
1001
or other weird behavior.
1001
or other weird behavior.
1002
Some network devices are known
1002
Some network devices are known
1003
to be broken with respect to these options.
1003
to be broken with respect to these options.
1004
.It Va tcpmss_enable
1005
.Pq Vt bool
1006
Set to
1007
.Dq Li NO
1008
by default.
1009
Setting this to
1010
.Dq Li YES
1011
enables configuration of
1012
.Xr ng_tcpmss 4
1013
netgraph nodes to perform custom TCP MSS adjustments using
1014
.Xr ipfw 8
1015
rules. The
1016
.Va tcpmss_instances
1017
variable must also be set then. Kernel modules
1018
.Xr netgraph 4 ,
1019
.Xr ng_ipfw 4 ,
1020
and
1021
.Xr ng_tcpmss 4
1022
will be loaded if the kernel was not built with corresponding
1023
.Cd "options NETGRAPH" ,
1024
.Cd "options NETGRAPH_IPFW" ,
1025
and
1026
.Cd "options NETGRAPH_TCPMSS" .
1027
.It Va tcpmss_instances
1028
.Pq Vt str
1029
Set to the list of
1030
.Xr ng_tcpmss 4
1031
instances to configure on this host. Values of the list
1032
are used to form instance names and as netgraph cookies,
1033
so they should be numbers. A
1034
.Va tcpmss_ Ns Aq Ar number
1035
variable is assumed to exist for each value of the list.
1036
The value of this variable is used as
1037
.Va maxMSS
1038
to configure the
1039
.Xr ng_tcpmss 4
1040
instance.
1041
.Pp
1042
To adjust MSS to corresponding
1043
.Va maxMSS
1044
value configured with
1045
.Va tcpmss_ Ns Aq Ar number
1046
variable
1047
one can use
1048
.Xr ipfw 8
1049
rules like:
1050
.Pp
1051
netgraph
1052
.Va Ns Aq Ar number
1053
tcp from any to any setup in
1054
.It Va tcpmss_verbose
1055
.Pq Vt bool
1056
Set to
1057
.Dq Li YES
1058
to enable verbose ng_tcpmss(4) configuration messages.
1004
.It Va log_in_vain
1059
.It Va log_in_vain
1005
.Pq Vt int
1006
Set to 0 by default.
1060
Set to 0 by default.
1007
The
1061
The
1008
.Xr sysctl 8
1062
.Xr sysctl 8
Lines 4714-4719 Link Here
4714
.Xr pfsync 4 ,
4768
.Xr pfsync 4 ,
4715
.Xr tcp 4 ,
4769
.Xr tcp 4 ,
4716
.Xr udp 4 ,
4770
.Xr udp 4 ,
4771
.Xr netgraph 4 ,
4772
.Xr ng_ipfw 4 ,
4773
.Xr ng_tcpmss 4 ,
4717
.Xr exports 5 ,
4774
.Xr exports 5 ,
4718
.Xr fstab 5 ,
4775
.Xr fstab 5 ,
4719
.Xr ipf 5 ,
4776
.Xr ipf 5 ,
(-)etc/rc.d/tcpmss (+75 lines)
Line 0 Link Here
1
#!/bin/sh
2
#
3
# $FreeBSD$
4
#
5
6
# PROVIDE: tcpmss
7
# BEFORE: ipfw
8
# REQUIRE: netif
9
# KEYWORD: nojail
10
11
. /etc/rc.subr
12
13
name="tcpmss"
14
rcvar="${name}_enable"
15
start_cmd="${name}_start"
16
start_precmd="${name}_prestart"
17
stop_cmd="${name}_stop"
18
19
tcpmss_prestart() {
20
	[ -n "$1" ] && tcpmss_instances="$1"
21
	[ -z "$tcpmss_instances" ] && return 1
22
	required_modules="netgraph ng_ipfw ng_tcpmss"
23
}
24
25
tcpmss_start()
26
{
27
	local	_i _m _v
28
29
	[ -n "$1" ] && tcpmss_instances="$1"
30
	checkyesno tcpmss_verbose && _v=yes
31
32
	rc=0
33
	for _i in $tcpmss_instances
34
	do
35
	    # get value of tcpmss_NAME="1452"
36
	    eval _m=\"\$tcpmss_${_i}\"
37
	    if [ -z "$_m" ]; then
38
		echo "Warning: variable tcpmss_$_i not defined" >&2
39
		continue
40
	    fi
41
	    [ -n "$_v" ] && echo -n "Setup ng_tcpmss instance $_i: mss=$_m"
42
	    ngctl mkpeer ipfw: tcpmss $_i mss_$_m && ngctl msg ipfw:$_i config \
43
		'{ inHook="'mss_$_m'" outHook="'mss_$_m'" maxMSS='$_i' }' && \
44
	    ngctl name ipfw:$_i mss_$_i
45
	    rc=$(($rc + $?))
46
	
47
	    [ -n "$_v" ] && echo .
48
	done
49
50
	return $rc
51
}
52
53
tcpmss_stop()
54
{
55
	local	_i _v
56
57
	[ -n "$1" ] && tcpmss_instances="$1"
58
	checkyesno tcpmss_verbose && _v=yes
59
60
	rc=0
61
	for _i in $tcpmss_instances
62
	do
63
	    [ -n "$_v" ] && echo -n "Shutdown ng_tcpmss instance $_i"
64
	    ngctl shutdown mss_${_i}:
65
	    rc=$(($rc + $?))
66
	    [ -n "$_v" ] && echo .
67
	done
68
69
	return $rc
70
71
	kldunload ng_ipfw ng_tcpmss netgraph 
72
}
73
74
load_rc_config $name
75
run_rc_command "$@"

Return to bug 197230