launchpad-buildd

Merge lp:~cjwatson/launchpad-buildd/lxd-clamp-mss into lp:launchpad-buildd

  1. lxd-clamp-mss
  2. Merge into trunk
Proposed by Colin Watson on 2017-09-01
Status: Merged
Merged at revision: 275
Proposed branch: lp:~cjwatson/launchpad-buildd/lxd-clamp-mss
Merge into: lp:launchpad-buildd
Diff against target: 70 lines (+27/-0)
3 files modified
debian/changelog (+7/-0)
lpbuildd/target/lxd.py (+8/-0)
lpbuildd/target/tests/test_lxd.py (+12/-0)
To merge this branch: bzr merge lp:~cjwatson/launchpad-buildd/lxd-clamp-mss
Reviewer Review Type Date Requested Status
William Grant code 2017-09-01 Approve on 2017-09-01
Review via email: mp+330078@code.launchpad.net

Commit Message

Clamp the TCP MSS on the LXD bridge interface to the path MTU, to avoid
problems in environments where the path MTU is lower than 1500.

To post a comment you must log in.
William Grant (wgrant) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2017-08-30 14:23:43 +0000
3+++ debian/changelog 2017-09-01 12:47:57 +0000
4@@ -1,3 +1,10 @@
5+launchpad-buildd (149) UNRELEASED; urgency=medium
6+
7+ * Clamp the TCP MSS on the LXD bridge interface to the path MTU, to avoid
8+ problems in environments where the path MTU is lower than 1500.
9+
10+ -- Colin Watson <cjwatson@ubuntu.com> Fri, 01 Sep 2017 13:46:25 +0100
11+
12 launchpad-buildd (148) xenial; urgency=medium
13
14 * Move the contents of /usr/share/launchpad-buildd/slavebin/ into bin/ in
15
16=== modified file 'lpbuildd/target/lxd.py'
17--- lpbuildd/target/lxd.py 2017-08-30 13:13:10 +0000
18+++ lpbuildd/target/lxd.py 2017-09-01 12:47:57 +0000
19@@ -203,6 +203,10 @@
20 subprocess.check_call(
21 ["sudo", "sysctl", "-q", "-w", "net.ipv4.ip_forward=1"])
22 self.iptables(
23+ ["-t", "mangle", "-A", "FORWARD", "-i", self.bridge_name,
24+ "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN",
25+ "-j", "TCPMSS", "--clamp-mss-to-pmtu"])
26+ self.iptables(
27 ["-t", "nat", "-A", "POSTROUTING",
28 "-s", str(self.ipv4_network), "!", "-d", str(self.ipv4_network),
29 "-j", "MASQUERADE"])
30@@ -221,6 +225,10 @@
31 subprocess.call(
32 ["sudo", "ip", "link", "set", "dev", self.bridge_name, "down"])
33 self.iptables(
34+ ["-t", "mangle", "-D", "FORWARD", "-i", self.bridge_name,
35+ "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN",
36+ "-j", "TCPMSS", "--clamp-mss-to-pmtu"])
37+ self.iptables(
38 ["-t", "nat", "-D", "POSTROUTING",
39 "-s", str(self.ipv4_network), "!", "-d", str(self.ipv4_network),
40 "-j", "MASQUERADE"], check=False)
41
42=== modified file 'lpbuildd/target/tests/test_lxd.py'
43--- lpbuildd/target/tests/test_lxd.py 2017-08-30 12:21:21 +0000
44+++ lpbuildd/target/tests/test_lxd.py 2017-09-01 12:47:57 +0000
45@@ -189,6 +189,12 @@
46 ["sudo", "sysctl", "-q", "-w", "net.ipv4.ip_forward=1"]),
47 Equals(
48 iptables +
49+ ["-t", "mangle", "-A", "FORWARD", "-i", "lpbuilddbr0",
50+ "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN",
51+ "-j", "TCPMSS", "--clamp-mss-to-pmtu"] +
52+ iptables_comment),
53+ Equals(
54+ iptables +
55 ["-t", "nat", "-A", "POSTROUTING",
56 "-s", "10.10.10.1/24", "!", "-d", "10.10.10.1/24",
57 "-j", "MASQUERADE"] +
58@@ -433,6 +439,12 @@
59 Equals(ip + ["link", "set", "dev", "lpbuilddbr0", "down"]),
60 Equals(
61 iptables +
62+ ["-t", "mangle", "-D", "FORWARD", "-i", "lpbuilddbr0",
63+ "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN",
64+ "-j", "TCPMSS", "--clamp-mss-to-pmtu"] +
65+ iptables_comment),
66+ Equals(
67+ iptables +
68 ["-t", "nat", "-D", "POSTROUTING",
69 "-s", "10.10.10.1/24", "!", "-d", "10.10.10.1/24",
70 "-j", "MASQUERADE"] +

Subscribers

People subscribed via source and target branches

to all changes: