[MediaWiki-commits] [Gerrit] tlsproxy: enable client/server TFO support in the kernel - change (operations/puppet)

Tue, 21 Jun 2016 03:28:11 -0700 

Ema has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/295331

Change subject: tlsproxy: enable client/server TFO support in the kernel
......................................................................

tlsproxy: enable client/server TFO support in the kernel

Enable client/server support for TCP Fast Open (TFO).

The values (bitmap) are:

1: Enables sending data in the opening SYN on the client w/ SG_FASTOPEN
2: Enables TCP Fast Open on the server side, i.e., allowing data
   in a SYN packet to be accepted and passed to the application before the
   3-way hand shake finishes

This is the first step towards enabling TCP Fast Open on tlsproxy. An
nginx configuration change is also necessary (fastopen=N).

Bug: T108827
Ref: https://www.rfc-editor.org/rfc/rfc7413.txt
Change-Id: Id0b37f26225e26d94e31d6948f4679a9d80fdd41
---
M modules/tlsproxy/manifests/instance.pp
1 file changed, 13 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/31/295331/1

diff --git a/modules/tlsproxy/manifests/instance.pp 
b/modules/tlsproxy/manifests/instance.pp
index e62d222..a2b7b27 100644
--- a/modules/tlsproxy/manifests/instance.pp
+++ b/modules/tlsproxy/manifests/instance.pp
@@ -3,6 +3,19 @@
     # Tune kernel settings
     include base::mysterious_sysctl
 
+    # Enable client/server TCP Fast Open (TFO)
+    #
+    # The values (bitmap) are
+    # 1: Enables sending data in the opening SYN on the client w/ MSG_FASTOPEN
+    # 2: Enables TCP Fast Open on the server side, i.e., allowing data in
+    #    a SYN packet to be accepted and passed to the application before
+    #    3-way hand shake finishes
+    sysctl::parameters { 'TCP Fast Open':
+        values => {
+            'net.ipv4.tcp_fastopen' => 3,
+        },
+    }
+
     $varnish_version4 = hiera('varnish_version4', false)
     $keepalives_per_worker = 
hiera('tlsproxy::localssl::keepalives_per_worker', 0)
     $websocket_support = hiera('cache::websocket_support', false)

-- 
To view, visit https://gerrit.wikimedia.org/r/295331
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id0b37f26225e26d94e31d6948f4679a9d80fdd41
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ema <e...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to