| Age | Commit message (Collapse) | Author |
|---|
|
There are some incompatibility with current version of
kernel/nftables and work of 'iptables-nft'
It cannot insert/delete new rules via 'iptables-nft'
For example:
table ip nat {
chain VYOS_PRE_SNAT_HOOK {
type nat hook postrouting priority srcnat - 1; policy accept;
counter jump WANLOADBALANCE
}
chain WANLOADBALANCE {
ct mark 0xc9 counter snat to 192.0.2.14
}
}
vyos@r14# sudo iptables-nft -t nat -I VYOS_PRE_SNAT_HOOK 1 -j WANLOADBALANCE
iptables: No chain/target/match by that name.
One mention that I know that it was working in 'VyOS 1.4-rolling-202302010317'
Replace some 'iptables-nft' rules with eq nftables rules to return the basic
ability to load-balance traffic.
|
|
Load-balancing WAN with conntrackd cannot flush connection
properly. It cause high CPU utilization and and hang after commit
Replace Flush to Delete
|
|
|
|
- Error on exit when clear routing tables
- Possible crash (buffer overflow) in function for receive icmp echo packet
- Error in parsing of config file for udp ttl "probe"
- Wrong error messge in analyzing config file
|
|
|
|
|
|
Replacing the missing hex prefix format specifier flag used for routing
table creation (tables missing from previous related commit)
Bug #61 http://bugzilla.vyos.net/show_bug.cgi?id=61
|
|
Update src/lbdecision.cc to maintain style consistency
|
|
Offset the fwmarks used in load-balancing to avoid conflicts with
routing tables created by policy based routing. Originally from
Benjamin Beret.
Bug #61 http://bugzilla.vyos.net/show_bug.cgi?id=61
|
|
This reverts commit e9001877d3bbdd5c4c48f0ccc088bd381d0b92dc.
Since the upstream change in the kernel from 3.6 onwards, where the
ipv4 routing cache has has been removed due to performance
bottlenecks and the fact that it was reasonable easy to launch denial
of service attackes (it was designed in friendlier times), the kernel
now reverts back to round-robin per packet routing rather than per flow
as it was previously, with the result that this commits breaks
load-balancing with two active routes.
http://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=89aef8921bfbac22f00e04f8450f6e447db13e42
Bug #344 http://bugzilla.vyos.net/show_bug.cgi?id=344
|
|
Offset fwmarks and ip route tables by 200 (#61)
|
|
Signed-off-by: Daniil Baturin <daniil@baturin.org>
|
|
Replacing with an updated patch.
This reverts commit 461db303287b4f838b68b120a9656c9fc31070b2.
|
|
Signed-off-by: Daniil Baturin <daniil@baturin.org>
|
|
|
|
|
|
remove policy route on shutdown.
|
|
|
|
table.
|
|
table with adsl dhcp configuration:
http://www.vyatta.org/forum/viewtopic.php?t=4254
|
|
When checking policy route compare nexthop and interface rather then just checking for an entry. This allows for incorrect entries to be replaced. This would be
a problem if different nexthop is readvertised via dhcp to the interface.
|
|
local) traffic when exclude rule is specified.
|
|
fix for bug 4675. Throttle back the initial setting of nat rules during startup of wlb.
Conflicts:
src/lbdecision.cc
|
|
"enable-local-traffic". This preserves previous behavior (i.e. no balancing of local traffic) by default, but can be enable
via the configuration node.
Conflicts:
scripts/vyatta-wanloadbalance.pl
src/lbdecision.cc
|
|
also supports additional command to disable balancing of locally sourced traffic
"disable-local-traffic"
Conflicts:
src/lbdecision.cc
|
|
inbound interface for wlb is the same as the packet outbound interface.
|
|
target iteration where some targets never completed test cycle
|
|
source-based-policy applied
|
|
|
|
user can now specify a sequence of targets to test (ordered by rule number). The first success satifies the success
criteria for the test and no further tests will be performed on the interface for this period.
Additional test types can be coded and added to the target framework.
configuration has changed as a result of the rework.
|
|
startup of wlb.
Conflicts:
src/lbdecision.cc
|
|
|
|
receiving new address. in this case the new address is not recorded and we'll try creating the rule on the next processing cycle until successful.
|
|
changes in the location of the dhcp client information. this was also
fixed.
|
|
and output table scope. now tables are not flushed on removal.
|
|
configurable via conf mode. environment variables identify interface and new state.
|
|
per comments in bug.
|
|
|
|
|
|
rule creation for output rule entry as these are locally sourced packets.
|
|
network reachability determination. All locally source routes need an entry in table
main that satisfies reachability requirements.
This is due to the output mangle table being processed after reachability determination for locally sourced routes.
Note that routes will still be subject to routing by WLB (provided they match the WLB rule set).
|
|
snat when wlb is configured and during runtime. also fix for wlb when running in
debug mode.
|
|
|
|
Default configuration is to disable this feature.
|
|
configured for dhcp. need to retrieve actual nexthop in this case.
|
|
updates new address for snat, and nexthop for lb routing
tables. hook needs to be added to dhclient daemon to send SIGUSR2 to wan_lb so notification is generated on address change event. Note
that for this behavior to be active in WLB nexthop needs to be populated with 'dhcp' configuration string.
still requires routing paths availble for target testing, which might require an update to the dhcp client script and possible
configuration knob.
|
|
after changing rule set. this simplifies the application of the rules to
the mangle table.
|
|
interface is selected. The interface with the highest weight will be preferred.
|
|
rule. This rule will only direct traffic to a single active interface, on failure of the ping target traffice will be directed out an alternate interface.
note: the one todo item for this feature is to add "stickiness" of an active interface. wlb re-evaluates all rules on an interface state change and this may cause the interface to change for failover mode. supporting this mode requires a less than trivial rewrite of the wlb decision code.:
|
|
|
