launchpad-reviewers team mailing list archive

[Colin Watson <cjwatson@xxxxxxxxxxxxx>]

Colin Watson has proposed merging lp:~cjwatson/launchpad-buildd/lxd-clamp-mss into lp:launchpad-buildd.

Commit message:
Clamp the TCP MSS on the LXD bridge interface to the path MTU, to avoid
problems in environments where the path MTU is lower than 1500.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad-buildd/lxd-clamp-mss/+merge/330078
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad-buildd/lxd-clamp-mss into lp:launchpad-buildd.

=== modified file 'debian/changelog'
--- debian/changelog	2017-08-30 14:23:43 +0000
+++ debian/changelog	2017-09-01 12:47:57 +0000
@@ -1,3 +1,10 @@
+launchpad-buildd (149) UNRELEASED; urgency=medium
+
+  * Clamp the TCP MSS on the LXD bridge interface to the path MTU, to avoid
+    problems in environments where the path MTU is lower than 1500.
+
+ -- Colin Watson <cjwatson@xxxxxxxxxx>  Fri, 01 Sep 2017 13:46:25 +0100
+
 launchpad-buildd (148) xenial; urgency=medium
 
   * Move the contents of /usr/share/launchpad-buildd/slavebin/ into bin/ in

=== modified file 'lpbuildd/target/lxd.py'
--- lpbuildd/target/lxd.py	2017-08-30 13:13:10 +0000
+++ lpbuildd/target/lxd.py	2017-09-01 12:47:57 +0000
@@ -203,6 +203,10 @@
         subprocess.check_call(
             ["sudo", "sysctl", "-q", "-w", "net.ipv4.ip_forward=1"])
         self.iptables(
+            ["-t", "mangle", "-A", "FORWARD", "-i", self.bridge_name,
+             "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN",
+             "-j", "TCPMSS", "--clamp-mss-to-pmtu"])
+        self.iptables(
             ["-t", "nat", "-A", "POSTROUTING",
              "-s", str(self.ipv4_network), "!", "-d", str(self.ipv4_network),
              "-j", "MASQUERADE"])
@@ -221,6 +225,10 @@
         subprocess.call(
             ["sudo", "ip", "link", "set", "dev", self.bridge_name, "down"])
         self.iptables(
+            ["-t", "mangle", "-D", "FORWARD", "-i", self.bridge_name,
+             "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN",
+             "-j", "TCPMSS", "--clamp-mss-to-pmtu"])
+        self.iptables(
             ["-t", "nat", "-D", "POSTROUTING",
              "-s", str(self.ipv4_network), "!", "-d", str(self.ipv4_network),
              "-j", "MASQUERADE"], check=False)

=== modified file 'lpbuildd/target/tests/test_lxd.py'
--- lpbuildd/target/tests/test_lxd.py	2017-08-30 12:21:21 +0000
+++ lpbuildd/target/tests/test_lxd.py	2017-09-01 12:47:57 +0000
@@ -189,6 +189,12 @@
                     ["sudo", "sysctl", "-q", "-w", "net.ipv4.ip_forward=1"]),
                 Equals(
                     iptables +
+                    ["-t", "mangle", "-A", "FORWARD", "-i", "lpbuilddbr0",
+                     "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN",
+                     "-j", "TCPMSS", "--clamp-mss-to-pmtu"] +
+                    iptables_comment),
+                Equals(
+                    iptables +
                     ["-t", "nat", "-A", "POSTROUTING",
                      "-s", "10.10.10.1/24", "!", "-d", "10.10.10.1/24",
                      "-j", "MASQUERADE"] +
@@ -433,6 +439,12 @@
                 Equals(ip + ["link", "set", "dev", "lpbuilddbr0", "down"]),
                 Equals(
                     iptables +
+                    ["-t", "mangle", "-D", "FORWARD", "-i", "lpbuilddbr0",
+                     "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN",
+                     "-j", "TCPMSS", "--clamp-mss-to-pmtu"] +
+                    iptables_comment),
+                Equals(
+                    iptables +
                     ["-t", "nat", "-D", "POSTROUTING",
                      "-s", "10.10.10.1/24", "!", "-d", "10.10.10.1/24",
                      "-j", "MASQUERADE"] +