Add MSS Clamping option for Essentials (closes #45)
Rename "MSS correction" to the correct term "MSS Clamping" in Firewall Automatically set "defaultroute" and "peerdns" when PPP is selected in Essentials
This commit is contained in:
Steven Barth
parent
afd569dfca
commit
c56307acc3
17 changed files with 72 additions and 9 deletions
|
|
@ -12,7 +12,7 @@ fw_fw1 = 'Die Firewall erstellt Netzwerkzonen über bestimmte Netzwerkschnittste
|
|||
fw_src = 'Quelle'
|
||||
fw_dest = 'Ziel'
|
||||
fw_traffic = 'Verkehrskontrolle'
|
||||
fw_mtufix = 'MSS-Korrektur'
|
||||
fw_mtufix = 'MSS Clamping'
|
||||
fw_dropinvalid = 'Ungültige Pakete verwerfen'
|
||||
firewall_rule_src = 'Eingangszone'
|
||||
firewall_rule_dest = 'Ausgangszone'
|
||||
|
|
@ -35,7 +35,7 @@ firewall_redirect_destport = 'Interner Port (optional)'
|
|||
firewall_redirect_destport_desc = 'Port od. Erster-Letzter Port'
|
||||
firewall_redirect_srcip = 'Quelladresse'
|
||||
firewall_redirect_srcmac = 'Quell-MAC-Adresse'
|
||||
fw_forwarding1 = 'An dieser Stelle kann festgelegt zwischen welchen Zonen Netzverkehr hin und her fließen kann. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert. Bei gelegentlich auftretenden Verbindungsproblemen kann eine MSS-Korrektur helfen, ansonsten sollte dies aus Performancegründen deaktiviert bleiben.'
|
||||
fw_forwarding1 = 'An dieser Stelle kann festgelegt zwischen welchen Zonen Netzverkehr hin und her fließen kann. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert. Bei gelegentlich auftretenden Verbindungsproblemen kann MSS Clamping helfen, ansonsten sollte dies aus Performancegründen deaktiviert bleiben.'
|
||||
firewall_forwarding_src = 'Eingang'
|
||||
firewall_forwarding_dest = 'Ausgang'
|
||||
firewall_defaults = 'Grundeinstellungen'
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<i18n:msg xml:id="fw_src">Quelle</i18n:msg>
|
||||
<i18n:msg xml:id="fw_dest">Ziel</i18n:msg>
|
||||
<i18n:msg xml:id="fw_traffic">Verkehrskontrolle</i18n:msg>
|
||||
<i18n:msg xml:id="fw_mtufix">MSS-Korrektur</i18n:msg>
|
||||
<i18n:msg xml:id="fw_mtufix">MSS Clamping</i18n:msg>
|
||||
<i18n:msg xml:id="fw_dropinvalid">Ungültige Pakete verwerfen</i18n:msg>
|
||||
<i18n:msg xml:id="firewall_rule_src">Eingangszone</i18n:msg>
|
||||
<i18n:msg xml:id="firewall_rule_dest">Ausgangszone</i18n:msg>
|
||||
|
|
@ -42,7 +42,7 @@
|
|||
<i18n:msg xml:id="firewall_redirect_srcmac">Quell-MAC-Adresse</i18n:msg>
|
||||
|
||||
|
||||
<i18n:msg xml:id="fw_forwarding1">An dieser Stelle kann festgelegt zwischen welchen Zonen Netzverkehr hin und her fließen kann. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert. Bei gelegentlich auftretenden Verbindungsproblemen kann eine MSS-Korrektur helfen, ansonsten sollte dies aus Performancegründen deaktiviert bleiben.</i18n:msg>
|
||||
<i18n:msg xml:id="fw_forwarding1">An dieser Stelle kann festgelegt zwischen welchen Zonen Netzverkehr hin und her fließen kann. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert. Bei gelegentlich auftretenden Verbindungsproblemen kann MSS Clamping helfen, ansonsten sollte dies aus Performancegründen deaktiviert bleiben.</i18n:msg>
|
||||
<i18n:msg xml:id="firewall_forwarding_src">Eingang</i18n:msg>
|
||||
<i18n:msg xml:id="firewall_forwarding_dest">Ausgang</i18n:msg>
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ fw_drop = 'drop'
|
|||
fw_src = 'Source'
|
||||
fw_dest = 'Destination'
|
||||
fw_traffic = 'Traffic Control'
|
||||
fw_mtufix = 'MSS-Correction'
|
||||
fw_mtufix = 'MSS Clamping'
|
||||
fw_dropinvalid = 'Drop invalid packets'
|
||||
fw_portfw1 = 'Port forwarding allows to provide network services in the internal network to an external network.'
|
||||
firewall_redirect_src_desc = 'External Zone'
|
||||
|
|
@ -35,7 +35,7 @@ firewall_redirect_destip = 'Internal address'
|
|||
firewall_redirect_destip_desc = 'IP-Address'
|
||||
firewall_redirect_destport = 'Internal port (optional)'
|
||||
firewall_redirect_destport_desc = 'port or range as first-last'
|
||||
fw_forwarding1 = 'Here you can specify which network traffic is allowed to flow between network zones. Only new connections will be matched. Packets belonging to already open connections are automatically allowed to pass the firewall. If you experience occasional connection problems try enabling MSS-Correction otherwise disable it for performance reasons.'
|
||||
fw_forwarding1 = 'Here you can specify which network traffic is allowed to flow between network zones. Only new connections will be matched. Packets belonging to already open connections are automatically allowed to pass the firewall. If you experience occasional connection problems try enabling MSS Clamping otherwise disable it for performance reasons.'
|
||||
firewall_forwarding_src = 'Input'
|
||||
firewall_forwarding_dest = 'Output'
|
||||
firewall_defaults = 'Defaults'
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
<i18n:msg xml:id="fw_src">Source</i18n:msg>
|
||||
<i18n:msg xml:id="fw_dest">Destination</i18n:msg>
|
||||
<i18n:msg xml:id="fw_traffic">Traffic Control</i18n:msg>
|
||||
<i18n:msg xml:id="fw_mtufix">MSS-Correction</i18n:msg>
|
||||
<i18n:msg xml:id="fw_mtufix">MSS Clamping</i18n:msg>
|
||||
<i18n:msg xml:id="fw_dropinvalid">Drop invalid packets</i18n:msg>
|
||||
|
||||
<i18n:msg xml:id="fw_portfw1">Port forwarding allows to provide network services in the internal network to an external network.</i18n:msg>
|
||||
|
|
@ -41,7 +41,7 @@
|
|||
<i18n:msg xml:id="firewall_redirect_destport">Internal port (optional)</i18n:msg>
|
||||
<i18n:msg xml:id="firewall_redirect_destport_desc">port or range as first-last</i18n:msg>
|
||||
|
||||
<i18n:msg xml:id="fw_forwarding1">Here you can specify which network traffic is allowed to flow between network zones. Only new connections will be matched. Packets belonging to already open connections are automatically allowed to pass the firewall. If you experience occasional connection problems try enabling MSS-Correction otherwise disable it for performance reasons.</i18n:msg>
|
||||
<i18n:msg xml:id="fw_forwarding1">Here you can specify which network traffic is allowed to flow between network zones. Only new connections will be matched. Packets belonging to already open connections are automatically allowed to pass the firewall. If you experience occasional connection problems try enabling MSS Clamping otherwise disable it for performance reasons.</i18n:msg>
|
||||
<i18n:msg xml:id="firewall_forwarding_src">Input</i18n:msg>
|
||||
<i18n:msg xml:id="firewall_forwarding_dest">Output</i18n:msg>
|
||||
|
||||
|
|
|
|||
|
|
@ -329,3 +329,5 @@ hostnames_entries = 'Host entries'
|
|||
hostnames_hostname = 'Hostname'
|
||||
hostnames_address = 'IP address'
|
||||
luci_components = "LuCI Components"
|
||||
m_n_mssfix = "Clamp Segment Size"
|
||||
m_n_mssfix_desc = "Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs."
|
||||
|
|
|
|||
|
|
@ -329,5 +329,6 @@
|
|||
<i18n:msg xml:id="hostnames_entries">Host entries</i18n:msg>
|
||||
<i18n:msg xml:id="hostnames_hostname">Hostname</i18n:msg>
|
||||
<i18n:msg xml:id="hostnames_address">IP address</i18n:msg>
|
||||
|
||||
<i18n:msg xml:id="m_n_mssfix">Clamp Segment Size</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix_desc">Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs.</i18n:msg>
|
||||
</i18n:msgs>
|
||||
|
|
|
|||
|
|
@ -323,3 +323,5 @@ hostnames_entries = 'Entrées d'hôtes'
|
|||
hostnames_hostname = 'Nom d'hôte'
|
||||
hostnames_address = 'Adresse IP'
|
||||
network_interface_encaps = 'PPPoA Encapsulation'
|
||||
m_n_mssfix = "Clamp Segment Size"
|
||||
m_n_mssfix_desc = "Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs."
|
||||
|
|
|
|||
|
|
@ -327,5 +327,8 @@
|
|||
<i18n:msg xml:id="hostnames_hostname">Nom d'hôte</i18n:msg>
|
||||
<i18n:msg xml:id="hostnames_address">Adresse IP</i18n:msg>
|
||||
<i18n:msg xml:id="network_interface_encaps">PPPoA Encapsulation</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix">Clamp Segment Size</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix_desc">Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs.</i18n:msg>
|
||||
|
||||
|
||||
</i18n:msgs>
|
||||
|
|
|
|||
|
|
@ -341,3 +341,5 @@ hostnames_entries = 'Host-Einträge'
|
|||
hostnames_hostname = 'Rechnername'
|
||||
hostnames_address = 'IP-Adresse'
|
||||
luci_components = "LuCI Komponenten"
|
||||
m_n_mssfix = "Segmentgrößen Clamping"
|
||||
m_n_mssfix_desc = "Behebt Probleme bei nicht erreichbaren Webseiten, Absenden von Formularen oder anderes unerwartetes Verhalten für einige ISPs."
|
||||
|
|
|
|||
|
|
@ -364,4 +364,7 @@
|
|||
<i18n:msg xml:id="hostnames_hostname">Rechnername</i18n:msg>
|
||||
<i18n:msg xml:id="hostnames_address">IP-Adresse</i18n:msg>
|
||||
|
||||
<i18n:msg xml:id="m_n_mssfix">Segmentgrößen Clamping</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix_desc">Behebt Probleme bei nicht erreichbaren Webseiten, Absenden von Formularen oder anderes unerwartetes Verhalten für einige ISPs.</i18n:msg>
|
||||
|
||||
</i18n:msgs>
|
||||
|
|
|
|||
|
|
@ -323,3 +323,5 @@ hostnames_entries = 'Campi host'
|
|||
hostnames_hostname = 'Hostname'
|
||||
hostnames_address = 'Indirizzo IP'
|
||||
network_interface_encaps = 'PPPoA Encapsulation'
|
||||
m_n_mssfix = "Clamp Segment Size"
|
||||
m_n_mssfix_desc = "Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs."
|
||||
|
|
|
|||
|
|
@ -327,5 +327,7 @@
|
|||
<i18n:msg xml:id="hostnames_hostname">Hostname</i18n:msg>
|
||||
<i18n:msg xml:id="hostnames_address">Indirizzo IP</i18n:msg>
|
||||
<i18n:msg xml:id="network_interface_encaps">PPPoA Encapsulation</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix">Clamp Segment Size</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix_desc">Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs.</i18n:msg>
|
||||
|
||||
</i18n:msgs>
|
||||
|
|
|
|||
|
|
@ -323,3 +323,5 @@ hostnames_entries = 'Entrada do Host'
|
|||
hostnames_hostname = 'Hostname'
|
||||
hostnames_address = 'Endereço de IP'
|
||||
network_interface_encaps = 'PPPoA Encapsulation'
|
||||
m_n_mssfix = "Clamp Segment Size"
|
||||
m_n_mssfix_desc = "Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs."
|
||||
|
|
|
|||
|
|
@ -327,5 +327,7 @@
|
|||
<i18n:msg xml:id="hostnames_hostname">Hostname</i18n:msg>
|
||||
<i18n:msg xml:id="hostnames_address">Endereço de IP</i18n:msg>
|
||||
<i18n:msg xml:id="network_interface_encaps">PPPoA Encapsulation</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix">Clamp Segment Size</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix_desc">Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs.</i18n:msg>
|
||||
|
||||
</i18n:msgs>
|
||||
|
|
|
|||
|
|
@ -265,3 +265,5 @@ network_interface_err_desc = 'Перед. / Получ.'
|
|||
network_interface_fwzone = 'Создать / Добавить Файрвол-зону'
|
||||
network_interface_fwzone_desc = 'Этот интерфейс не принадлежит ни к одной Файрвол-зоне.'
|
||||
network_interface_encaps = 'PPPoA Encapsulation'
|
||||
m_n_mssfix = "Clamp Segment Size"
|
||||
m_n_mssfix_desc = "Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs."
|
||||
|
|
|
|||
|
|
@ -270,5 +270,7 @@
|
|||
<i18n:msg xml:id="network_interface_fwzone">Создать / Добавить Файрвол-зону</i18n:msg>
|
||||
<i18n:msg xml:id="network_interface_fwzone_desc">Этот интерфейс не принадлежит ни к одной Файрвол-зоне.</i18n:msg>
|
||||
<i18n:msg xml:id="network_interface_encaps">PPPoA Encapsulation</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix">Clamp Segment Size</i18n:msg>
|
||||
<i18n:msg xml:id="m_n_mssfix_desc">Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs.</i18n:msg>
|
||||
|
||||
</i18n:msgs>
|
||||
|
|
|
|||
|
|
@ -109,6 +109,16 @@ p:value("dhcp", translate("automatic", "automatic"))
|
|||
if has_pppoe then p:value("pppoe", "PPPoE") end
|
||||
if has_pptp then p:value("pptp", "PPTP") end
|
||||
|
||||
function p.write(self, section, value)
|
||||
-- Always set defaultroute to PPP and use remote dns
|
||||
-- Overwrite a bad variable behaviour in OpenWrt
|
||||
if value == "pptp" or value == "pppoe" then
|
||||
self.map:set(section, "peerdns", "1")
|
||||
self.map:set(section, "defaultroute", "1")
|
||||
end
|
||||
return ListValue.write(self, section, value)
|
||||
end
|
||||
|
||||
if not ( has_pppoe and has_pptp ) then
|
||||
p.description = translate("network_interface_prereq_mini")
|
||||
end
|
||||
|
|
@ -137,6 +147,34 @@ pwd.password = true
|
|||
pwd:depends("proto", "pppoe")
|
||||
pwd:depends("proto", "pptp")
|
||||
|
||||
|
||||
-- Allow user to set MSS correction here if the UCI firewall is installed
|
||||
-- This cures some cancer for providers with pre-war routers
|
||||
if luci.fs.access("/etc/config/firewall") then
|
||||
mssfix = s:option(Flag, "_mssfix",
|
||||
translate("m_n_mssfix"), translate("m_n_mssfix_desc"))
|
||||
mssfix.rmempty = false
|
||||
|
||||
function mssfix.cfgvalue(self)
|
||||
local value
|
||||
m.uci:foreach("firewall", "forwarding", function(s)
|
||||
if s.src == "lan" and s.dest == "wan" then
|
||||
value = s.mtu_fix
|
||||
end
|
||||
end)
|
||||
return value
|
||||
end
|
||||
|
||||
function mssfix.write(self, section, value)
|
||||
m.uci:foreach("firewall", "forwarding", function(s)
|
||||
if s.src == "lan" and s.dest == "wan" then
|
||||
m.uci:set("firewall", s[".name"], "mtu_fix", value)
|
||||
m:chain("firewall")
|
||||
end
|
||||
end)
|
||||
end
|
||||
end
|
||||
|
||||
kea = s:option(Flag, "keepalive", translate("m_n_keepalive"))
|
||||
kea:depends("proto", "pppoe")
|
||||
kea:depends("proto", "pptp")
|
||||
|
|
|
|||
Loading…
Reference in a new issue