FreeBSD Bugzilla – Attachment 152425 Details for
Bug 197230
[patch] Add rcNG startup script to configure ng_tcpmss(4)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
rc.d/tcpmss script and documentation
tcpmss.diff (text/plain), 4.10 KB, created by
Eugene Grosbein
on 2015-01-31 21:38:24 UTC
(
hide
)
Description:
rc.d/tcpmss script and documentation
Filename:
MIME Type:
Creator:
Eugene Grosbein
Created:
2015-01-31 21:38:24 UTC
Size:
4.10 KB
patch
obsolete
>--- etc/defaults/rc.conf.orig 2014-11-23 11:02:31.000000000 +0700 >+++ etc/defaults/rc.conf 2015-02-01 04:17:09.000000000 +0700 >@@ -205,6 +205,10 @@ > pfsync_syncpeer="" # IP address of pfsync peer host > pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync > tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions. >+tcpmss_enable="NO" # Set to YES to use ipfw(8) for MSS adjustements >+tcpmss_verbose="NO" # Set to YES to enable verbose configuration messages >+#tcpmss_instances="555" # Space separated list of ng_tcpmss(4) nodes (netgraph cookies) >+#tcpmss_555="1452" # maxMSS value for this ng_tcpmss(4) instance > log_in_vain="0" # >=1 to log connects to ports w/o listeners. > tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). > tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN >--- share/man/man5/rc.conf.5.orig 2014-11-23 11:02:37.000000000 +0700 >+++ share/man/man5/rc.conf.5 2015-02-01 04:22:20.000000000 +0700 >@@ -1001,8 +1001,62 @@ > or other weird behavior. > Some network devices are known > to be broken with respect to these options. >+.It Va tcpmss_enable >+.Pq Vt bool >+Set to >+.Dq Li NO >+by default. >+Setting this to >+.Dq Li YES >+enables configuration of >+.Xr ng_tcpmss 4 >+netgraph nodes to perform custom TCP MSS adjustments using >+.Xr ipfw 8 >+rules. The >+.Va tcpmss_instances >+variable must also be set then. Kernel modules >+.Xr netgraph 4 , >+.Xr ng_ipfw 4 , >+and >+.Xr ng_tcpmss 4 >+will be loaded if the kernel was not built with corresponding >+.Cd "options NETGRAPH" , >+.Cd "options NETGRAPH_IPFW" , >+and >+.Cd "options NETGRAPH_TCPMSS" . >+.It Va tcpmss_instances >+.Pq Vt str >+Set to the list of >+.Xr ng_tcpmss 4 >+instances to configure on this host. Values of the list >+are used to form instance names and as netgraph cookies, >+so they should be numbers. A >+.Va tcpmss_ Ns Aq Ar number >+variable is assumed to exist for each value of the list. >+The value of this variable is used as >+.Va maxMSS >+to configure the >+.Xr ng_tcpmss 4 >+instance. >+.Pp >+To adjust MSS to corresponding >+.Va maxMSS >+value configured with >+.Va tcpmss_ Ns Aq Ar number >+variable >+one can use >+.Xr ipfw 8 >+rules like: >+.Pp >+netgraph >+.Va Ns Aq Ar number >+tcp from any to any setup in >+.It Va tcpmss_verbose >+.Pq Vt bool >+Set to >+.Dq Li YES >+to enable verbose ng_tcpmss(4) configuration messages. > .It Va log_in_vain >-.Pq Vt int > Set to 0 by default. > The > .Xr sysctl 8 >@@ -4714,6 +4768,9 @@ > .Xr pfsync 4 , > .Xr tcp 4 , > .Xr udp 4 , >+.Xr netgraph 4 , >+.Xr ng_ipfw 4 , >+.Xr ng_tcpmss 4 , > .Xr exports 5 , > .Xr fstab 5 , > .Xr ipf 5 , >--- etc/rc.d/tcpmss.orig 1970-01-01 07:00:00.000000000 +0700 >+++ etc/rc.d/tcpmss 2015-02-01 04:23:34.575436000 +0700 >@@ -0,0 +1,75 @@ >+#!/bin/sh >+# >+# $FreeBSD$ >+# >+ >+# PROVIDE: tcpmss >+# BEFORE: ipfw >+# REQUIRE: netif >+# KEYWORD: nojail >+ >+. /etc/rc.subr >+ >+name="tcpmss" >+rcvar="${name}_enable" >+start_cmd="${name}_start" >+start_precmd="${name}_prestart" >+stop_cmd="${name}_stop" >+ >+tcpmss_prestart() { >+ [ -n "$1" ] && tcpmss_instances="$1" >+ [ -z "$tcpmss_instances" ] && return 1 >+ required_modules="netgraph ng_ipfw ng_tcpmss" >+} >+ >+tcpmss_start() >+{ >+ local _i _m _v >+ >+ [ -n "$1" ] && tcpmss_instances="$1" >+ checkyesno tcpmss_verbose && _v=yes >+ >+ rc=0 >+ for _i in $tcpmss_instances >+ do >+ # get value of tcpmss_NAME="1452" >+ eval _m=\"\$tcpmss_${_i}\" >+ if [ -z "$_m" ]; then >+ echo "Warning: variable tcpmss_$_i not defined" >&2 >+ continue >+ fi >+ [ -n "$_v" ] && echo -n "Setup ng_tcpmss instance $_i: mss=$_m" >+ ngctl mkpeer ipfw: tcpmss $_i mss_$_m && ngctl msg ipfw:$_i config \ >+ '{ inHook="'mss_$_m'" outHook="'mss_$_m'" maxMSS='$_i' }' && \ >+ ngctl name ipfw:$_i mss_$_i >+ rc=$(($rc + $?)) >+ >+ [ -n "$_v" ] && echo . >+ done >+ >+ return $rc >+} >+ >+tcpmss_stop() >+{ >+ local _i _v >+ >+ [ -n "$1" ] && tcpmss_instances="$1" >+ checkyesno tcpmss_verbose && _v=yes >+ >+ rc=0 >+ for _i in $tcpmss_instances >+ do >+ [ -n "$_v" ] && echo -n "Shutdown ng_tcpmss instance $_i" >+ ngctl shutdown mss_${_i}: >+ rc=$(($rc + $?)) >+ [ -n "$_v" ] && echo . >+ done >+ >+ return $rc >+ >+ kldunload ng_ipfw ng_tcpmss netgraph >+} >+ >+load_rc_config $name >+run_rc_command "$@"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=152425">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 197230
:
152425
|
152426
|
152435