Iptables option clamp-mss-to-pmtu


#1

Hi,
I have a Wp7601 I am trying to use the clamp-mss-to-pmtu option in iptables, but it doesn’t work and appears to not be in the build. But when I build the kernel, the code is there, but must be somehow removed in the “minimal” build that it does. Also, a discrepancy I noticed is the code refers to version 1.6.0, but when I do iptables --version, I get 1.4.0. Can anyone point me to where to put that back in and why the discrepancy?

Thanks!


#2

Hi, could you let us know the ATI3 and ATI8 response of your WP7601 so we know what FW and legato versions you are running?

thanks


#3

@bwteeter,

Thanks for responding.

ati3
Manufacturer: Sierra Wireless, Incorporated
Model: WP7601-1
Revision: SWI9X07Y_02.10.00.00 000000 jenkins 2017/11/02 23:09:00
IMEI: 351709090002768
IMEI SV: 1
FSN: WC729540221206
+GCAP: +CGSM

OK
ati8
Legato Ver: 17.11.0_31b9a1260bc1e45310ccf15491352a01_modified
Yocto Ver: SWI9X07Y_02.13.01.00 2018-01-28_15:54:56
OS Ver: Linux version 3.18.44 (mangoh@mangoh-virtualbox) (gcc version 6.2.0 (GCC) ) #8 PREEMPT Sun Jan 28 15:59:17 PST 2018
LK Ver: 1.3.0_a8ca923b49
RootFS Ver: SWI9X07Y_02.13.01.00 2018-01-28_15:54:56
UserFS Ver: unknown
MCU Ver: 002.006


#4

May need to add below in Yocto recipes:

IMAGE_INSTALL += “kernel-module-xt-tcpmss”


#5

Well, that yielded the following message:
ERROR: ParseError at /home/mangoh/Documents/Repository/yocto/meta-swi-extras/meta-swi-mdm9x28/recipes/images/mdm9x28-sierra-image.inc:16: unparsed line: ‘IMAGE_INSTALL += “kernel-module-xt-tcpmss”’

I noticed that the “mangle” package was also removed from this build, so I added it back in, but then I get:

  • opkg_prepare_url_for_install: Couldn’t find anything to satisfy ‘kernel-module-iptable-mangle’.

There’s obviously something more that needs to be done to connect the dots.


#6

The “unparsed line” error was because I copy and pasted the line above. The quotes were incorrect. But even with them corrected, I get the same kind of error as I did with the mangle library.

The interesting thing is that the modules are on the device. But not “installed”. And putting them in the installer.inc file, causes an error saying these aren’t compatible with the MACHINE.


#7

You can enable TCPMSS target in netfilter options in the kernel. Follow the “Building Drivers” instructions from https://github.com/mangOH/mangOH/wiki/Longer-Commands-and-Links-from-mangOH-Tutorials.
Instead of 9x15 it will be 9x28
Instead of inux-yocto it’ll be inux-quic


#8

This works.

yocto$make image
yocto$make dev
build_bin$bitbake -c cleanall linux-quic
build_bin$bitbake linux-quic -c menuconfig
build_bin$bitbake -f linux-quic
build_bin$ find . -name “*.ko” | grep -i tcpmss
./tmp/work/swi_mdm9x28-poky-linux-gnueabi/linux-quic/3.18.20+git4edc049105ec7bc5111353f09c6aec878125706f-r1/build/net/netfilter/xt_tcpmss.ko
./tmp/work/swi_mdm9x28-poky-linux-gnueabi/linux-quic/3.18.20+git4edc049105ec7bc5111353f09c6aec878125706f-r1/build/net/netfilter/xt_TCPMSS.ko


#9

HI @Alegato,
I believe that the .ko’s are there in the build. But you have to add them with the +=INSTALL_TCPMSS_LIBRARY (or something to that effect) in the build include. But when you do, the build errors out and says that those modules are incompatible. They are commented out for the 9x28 build. I need to know where the compatibility part is to change that.

Thanks,
Evets


#10

We can suggest you also try to enable “kernel-module-xt-tcpmss” in menuconfig and check. so that we can use “clamp-mss-to-pmtu” option in iptables