gluon-iptables-clamp-mss-to-pmtu: add new package

2017-12-31 16:09:32 +01:00 · 2017-12-31 16:09:32 +01:00 · 6241ba5435
parent 0e21d17032
commit 6241ba5435
3 changed files with 38 additions and 0 deletions
--- a/package/gluon-iptables-clamp-mss-to-pmtu/Makefile
+++ b/package/gluon-iptables-clamp-mss-to-pmtu/Makefile
@ -0,0 +1,25 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-iptables-clamp-mss-to-pmtu
+
+GLUON_VERSION = $(shell git describe --always --dirty=+ 2>/dev/null || echo unknown)
+PKG_VERSION:=$(if $(DUMP),x,$(GLUON_VERSION))
+
+include ../gluon.mk
+
+define Package/$(PKG_NAME)
+  TITLE:=This will establish a firewall rule to clamp the mss to pmtu on the mesh-vpn interface when the connection is towards 64:ff9b::/96
+  DEPENDS:= +ip6tables
+endef
+
+define Package/$(PKG_NAME)/description
+	Package working around icmp blackholes in the internet.
+endef
+
+define Package/$(PKG_NAME)/install
+	$(Gluon/Build/Install)
+
+	$(INSTALL_DIR) $(1)/lib/gluon
+endef
+
+$(eval $(call BuildPackageGluon,$(PKG_NAME)))
--- a/package/gluon-iptables-clamp-mss-to-pmtu/files/lib/gluon/mesh-vpn/iptables-mss.rules
+++ b/package/gluon-iptables-clamp-mss-to-pmtu/files/lib/gluon/mesh-vpn/iptables-mss.rules
@ -0,0 +1,3 @@
+*mangle
+-A FORWARD -o mesh-vpn -p tcp -m tcp --tcp-flags SYN,RST SYN -d 64:ff9b::/96 -j TCPMSS --clamp-mss-to-pmtu
+COMMIT
--- a/package/gluon-iptables-clamp-mss-to-pmtu/luasrc/lib/gluon/upgrade/800-iptables-mesh-vpn-clamp-mss-to-pmtu
+++ b/package/gluon-iptables-clamp-mss-to-pmtu/luasrc/lib/gluon/upgrade/800-iptables-mesh-vpn-clamp-mss-to-pmtu
@ -0,0 +1,10 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+uci:section('firewall', 'include', 'vpn_clamp_mss', {
+	family = 'ipv6',
+	type = 'restore',
+	path = '/lib/gluon/mesh-vpn/iptables-mss.rules'
+})
+
+uci:save('firewall')