-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Install Iptables rules to set TCPMSS for 'lo' interface #3452
Conversation
it is probably easier to integrate this into hostcfgd, i suspect. |
@jleveque to comment on the suitability for implementing this in hostcfgd |
I agree to have this invoked from hostcfgd. This can also take care of changes to loopback IP instead of handling it in sonic-utilities. |
One thing to keep in mind: Currently caclmgrd is the only service manipulating iptables rules. I wrote it under this assumption. When it receives notification of service ACL changes, it flushes all iptables rules and writes all new. Thus, if rules are written from any other source, they will be lost. This may require logical changes to caclmgrd to play nice with other services. |
Agree, thats the reason, this was not put into iptables filter table. It will have to be seperate from the control plane acl rules. |
retest this please |
* Install Iptables rules to set TCPMSS for lo interface * Moved implementation to hostcfgd to maintain at one place
- What I did
ssh to loopback address to use TCPMSS as 1460. By using MSS based on connected front panel interface (MTU = 9100), observed that in some cases ssh session hangs when transit devices are dropping jumbo frames.
- How I did it
Script to install iptables rules during reboot and first boot (updategraph)
- How to verify it
Establish ssh session to lo address and verity the MSS value
- Description for the changelog
Output of
"/usr/bin/iptables_install.sh"