From 24a1a70596fafdd35d88506159e6cb9cd94e7a66 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Tue, 5 Dec 2023 10:36:14 +0000 Subject: T5779: conntrack: Apply fixes to . Remove what was not working on 1.3, migrate what was working to new syntax and extend feature for ipv6. --- .../conntrack/timeout-custom-protocols.xml.i | 136 +++++++++++++++++++ interface-definitions/system-conntrack.xml.in | 144 +++++++++++++++------ 2 files changed, 240 insertions(+), 40 deletions(-) create mode 100644 interface-definitions/include/conntrack/timeout-custom-protocols.xml.i (limited to 'interface-definitions') diff --git a/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i new file mode 100644 index 000000000..e6bff7e4d --- /dev/null +++ b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i @@ -0,0 +1,136 @@ + + + + TCP connection timeout options + + + + + TCP CLOSE-WAIT timeout in seconds + + u32:1-21474836 + TCP CLOSE-WAIT timeout in seconds + + + + + + + + + TCP CLOSE timeout in seconds + + u32:1-21474836 + TCP CLOSE timeout in seconds + + + + + + + + + TCP ESTABLISHED timeout in seconds + + u32:1-21474836 + TCP ESTABLISHED timeout in seconds + + + + + + + + + TCP FIN-WAIT timeout in seconds + + u32:1-21474836 + TCP FIN-WAIT timeout in seconds + + + + + + + + + TCP LAST-ACK timeout in seconds + + u32:1-21474836 + TCP LAST-ACK timeout in seconds + + + + + + + + + TCP SYN-RECEIVED timeout in seconds + + u32:1-21474836 + TCP SYN-RECEIVED timeout in seconds + + + + + + + + + TCP SYN-SENT timeout in seconds + + u32:1-21474836 + TCP SYN-SENT timeout in seconds + + + + + + + + + TCP TIME-WAIT timeout in seconds + + u32:1-21474836 + TCP TIME-WAIT timeout in seconds + + + + + + + + + + + UDP timeout options + + + + + Timeout for UDP connection seen in both directions + + u32:1-21474836 + Timeout for UDP connection seen in both directions + + + + + + + + + Timeout for unreplied UDP + + u32:1-21474836 + Timeout for unreplied UDP + + + + + + + + + diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in index 4452f1a74..d9504544d 100644 --- a/interface-definitions/system-conntrack.xml.in +++ b/interface-definitions/system-conntrack.xml.in @@ -385,58 +385,122 @@ Define custom timeouts per connection - + - Rule number - - u32:1-999999 - Number of conntrack rule - - - - - Ignore rule number must be between 1 and 999999 + IPv4 rules - #include - - - Destination parameters - - - #include - #include - - - - - Interface to ignore connections tracking on - - any - - - - - #include - + - Customize protocol specific timers, one protocol configuration per rule + Rule number + + u32:1-999999 + Number of conntrack rule + + + + + Ignore rule number must be between 1 and 999999 - #include + #include + + + Destination parameters + + + #include + #include + + + + + Interface to ignore connections tracking on + + any + + + + + + + Customize protocol specific timers, one protocol configuration per rule + + + #include + + + + + Source parameters + + + #include + #include + + - - + + + + + + IPv6 rules + + + - Source parameters + Rule number + + u32:1-999999 + Number of conntrack rule + + + + + Ignore rule number must be between 1 and 999999 - #include - #include + #include + + + Destination parameters + + + #include + #include + + + + + Interface to ignore connections tracking on + + any + + + + + + + Customize protocol specific timers, one protocol configuration per rule + + + #include + + + + + Source parameters + + + #include + #include + + - + - + #include -- cgit v1.2.3