Page MenuHomePhabricator

policy route path-MTU clamping
Closed, DuplicatePublicBUG

Description

This should work.

set policy route pppoe-out rule 1 protocol 'tcp'
set policy route pppoe-out rule 1 set tcp-mss 'pmtu'
set policy route pppoe-out rule 1 tcp flags 'SYN'

set interfaces ethernet eth0 policy route pppoe-out

But we get:

xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks

Most of the policy route stuff needs to be applied to the input side of an interface, but the mss clamping needs to be applied to the output side. I am not sure that is resolvable in the current config scheme, since the same policy route object can include both types.

/opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet/node.tag/policy/route/node.def calls /opt/vyatta/sbin/vyatta-firewall.pl with an 'in' argument.

The tcp mss clamping has nothing to do with routing, so should not be under the policy route tree.

Details

Difficulty level
Unknown (require assessment)
Version
1.2 current
Why the issue appeared?
Will be filled on close

After some discussion surrounding similar issue in IRC recently, I believe FORWARD is the correct place for this, and 'set-mss' should be configurable in a rule which can specify one or both of input *and* output interface to allow proper expression of explicit MSS for inbound and outbound connections.

syncer triaged this task as Low priority.Dec 21 2017, 9:06 PM