system-ip: T5449: add TCP MSS probing options

interface-definitions/system-ip.xml.in

@@ -48,6 +48,64 @@
               </leafNode>
             </children>
           </node>
+          <node name="tcp">
+            <properties>
+              <help>IPv4 TCP parameters</help>
+            </properties>
+            <children>
+              <node name="mss">
+                <properties>
+                  <help>IPv4 TCP MSS probing options</help>
+                </properties>
+                <children>
+                  <leafNode name="probing">
+                    <properties>
+                      <help>Attempt to lower the MSS if TCP connections fail to establish</help>
+                      <completionHelp>
+                        <list>enable force</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>enable</format>
+                        <description>Attempt TCP MSS probing when an ICMP black hole is detected</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>force</format>
+                      <description>Attempt TCP MSS probing by default</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(enable|force)</regex>
+                      </constraint>
+                      <constraintErrorMessage>Must be enable or force</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="base">
+                    <properties>
+                      <help>Base MSS to start probing from (applicable to "probing force")</help>
+                      <valueHelp>
+                        <format>u32:48-1460</format>
+                        <description>Base MSS value for probing (default: 1024)</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 48-1460"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="floor">
+                    <properties>
+                      <help>Minimum MSS to stop probing at (default: 48)</help>
+                      <valueHelp>
+                        <format>u32:48-1460</format>
+                        <description>Minimum MSS value to probe</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 48-1460"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
           #include <include/system-ip-protocol.xml.i>
         </children>
       </node>

src/conf_mode/system-ip.py

@@ -98,6 +98,27 @@ def apply(opt):
     value = '1' if (tmp != None) else '0'
     sysctl_write('net.ipv4.fib_multipath_hash_policy', value)
 
+    # configure TCP options (defaults as of Linux 6.4)
+    tmp = dict_search('tcp.mss.probing', opt)
+    if tmp is None:
+        value = 0
+    elif tmp == 'enable':
+        value = 1
+    elif tmp == 'force':
+        value = 2
+    else:
+        # Shouldn't happen
+        raise ValueError("TCP MSS probing is neither 'enable' nor 'force'!")
+    sysctl_write('net.ipv4.tcp_mtu_probing', value)
+
+    tmp = dict_search('tcp.mss.base', opt)
+    value = '1024' if (tmp is None) else tmp
+    sysctl_write('net.ipv4.tcp_base_mss', value)
+
+    tmp = dict_search('tcp.mss.floor', opt)
+    value = '48' if (tmp is None) else tmp
+    sysctl_write('net.ipv4.tcp_mtu_probe_floor', value)
+
     if 'protocol' in opt:
         zebra_daemon = 'zebra'
         # Save original configuration prior to starting any commit actions