diff --git a/modules/tasks/network-interfaces.nix b/modules/tasks/network-interfaces.nix index 64cb4a6749e..740c3b83cda 100644 --- a/modules/tasks/network-interfaces.nix +++ b/modules/tasks/network-interfaces.nix @@ -5,6 +5,10 @@ with pkgs.lib; let cfg = config.networking; + + windowSize = if cfg.defaultGatewayWindowSize != "" then + "window ${cfg.defaultGatewayWindowSize}" else ""; + interfaces = attrValues cfg.interfaces; hasVirtuals = any (i: i.virtual) interfaces; @@ -135,6 +139,15 @@ in ''; }; + networking.defaultGatewayWindowSize = mkOption { + default = ""; + example = "524288"; + description = '' + The window size of the default gateway. It limits maximal data bursts that TCP peers + are allowed to send to us. + ''; + }; + networking.nameservers = mkOption { default = []; example = ["130.161.158.4" "130.161.33.17"]; @@ -282,7 +295,7 @@ in # Set the default gateway. ${optionalString (cfg.defaultGateway != "") '' # FIXME: get rid of "|| true" (necessary to make it idempotent). - ip route add default via "${cfg.defaultGateway}" || true + ip route add default via "${cfg.defaultGateway}" ${windowSize} || true ''} # Turn on forwarding if any interface has enabled proxy_arp.