Skip to content

Commit e223ea8

Browse files
icefedaauren
icefed
authored and
aauren
committed
Fix DSR(tunneling) mode mtu limit
cloudnativelabs#630
1 parent 45b7fd1 commit e223ea8

File tree

1 file changed

+36
-0
lines changed

1 file changed

+36
-0
lines changed

pkg/controllers/proxy/network_services_controller.go

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2040,6 +2040,18 @@ func setupMangleTableRule(ip string, protocol string, port string, fwmark string
20402040
if err != nil {
20412041
return errors.New("Failed to run iptables command to set up FWMARK due to " + err.Error())
20422042
}
2043+
2044+
// setup iptables rule TCPMSS for DSR mode to fix mtu problem
2045+
mtuArgs := []string{"-d", ip, "-m", "tcp", "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN", "-j", "TCPMSS", "--set-mss", "1440"}
2046+
err = iptablesCmdHandler.AppendUnique("mangle", "PREROUTING", mtuArgs...)
2047+
if err != nil {
2048+
return errors.New("Failed to run iptables command to set up TCPMSS due to " + err.Error())
2049+
}
2050+
mtuArgs[0] = "-s"
2051+
err = iptablesCmdHandler.AppendUnique("mangle", "POSTROUTING", mtuArgs...)
2052+
if err != nil {
2053+
return errors.New("Failed to run iptables command to set up TCPMSS due to " + err.Error())
2054+
}
20432055
return nil
20442056
}
20452057

@@ -2070,6 +2082,30 @@ func (ln *linuxNetworking) cleanupMangleTableRule(ip string, protocol string, po
20702082
}
20712083
}
20722084

2085+
// cleanup iptables rule TCPMSS
2086+
mtuArgs := []string{"-d", ip, "-m", "tcp", "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN", "-j", "TCPMSS", "--set-mss", "1440"}
2087+
exists, err = iptablesCmdHandler.Exists("mangle", "PREROUTING", mtuArgs...)
2088+
if err != nil {
2089+
return errors.New("Failed to cleanup iptables command to set up TCPMSS due to " + err.Error())
2090+
}
2091+
if exists {
2092+
err = iptablesCmdHandler.Delete("mangle", "PREROUTING", mtuArgs...)
2093+
if err != nil {
2094+
return errors.New("Failed to cleanup iptables command to set up TCPMSS due to " + err.Error())
2095+
}
2096+
}
2097+
mtuArgs[0] = "-s"
2098+
exists, err = iptablesCmdHandler.Exists("mangle", "POSTROUTING", mtuArgs...)
2099+
if err != nil {
2100+
return errors.New("Failed to cleanup iptables command to set up TCPMSS due to " + err.Error())
2101+
}
2102+
if exists {
2103+
err = iptablesCmdHandler.Delete("mangle", "POSTROUTING", mtuArgs...)
2104+
if err != nil {
2105+
return errors.New("Failed to cleanup iptables command to set up TCPMSS due to " + err.Error())
2106+
}
2107+
}
2108+
20732109
return nil
20742110
}
20752111

0 commit comments

Comments
 (0)