vyos-1x.git/data/templates/conntrack, branch current

vyos-1x.git/data/templates/conntrack, branch current VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=current 2025-06-07T08:55:24+00:00 conntrack: T7208: nf_conntrack_buckets defaults and behavior 2025-06-07T08:55:24+00:00 Christian Breunig christian@breunig.cc 2025-06-07T07:15:30+00:00 urn:sha1:08421b277b1f460ebc51673571bab975aece2215 Previously, we used a lower limit of 1 and a default value of 32768 for the nf_conntrack_buckets (conntrack hash-size) sysctl option. However, the Linux kernel enforces an internal minimum of 1024. A configuration migrator will now adjust the lower limit to 1024 if necessary. The former default value of 32768 was passed as a kernel module option, which only took effect after the second system reboot. This was due to the option being rendered but not applied during the first boot. This behavior has been changed so that the value is now configurable at runtime and takes effect immediately. Additionally, since VyOS 1.4 increased the hardware requirements to 4GB of RAM, we now align the default value of nf_conntrack_buckets with the kernel's default for systems with more than 1GB of RAM to 65536 entries. Previously, we only supported half that amount. T6362: Create conntrack logger daemon 2024-07-19T04:44:53+00:00 khramshinr khramshinr@gmail.com 2024-07-08T10:38:22+00:00 urn:sha1:c509d0e6caae55106a2fbde3059652a493ed3903 T3900: T6394: extend functionalities in firewall; move netfilter sysctl timeout parameters defined in conntrack to firewall global-opton section. 2024-06-04T13:22:24+00:00 Nicolas Fort nicolasfort1988@gmail.com 2024-05-24T16:44:41+00:00 urn:sha1:770edf016838523c248e3c8a36c5f327a0b98415 conntrack: T4022: add RTSP conntrack helper 2024-03-12T15:19:17+00:00 Indrek Ardel indrek@ardel.eu 2024-03-10T02:00:32+00:00 urn:sha1:3e1e2a3e7b6f5d969819bffda2858a91132d595e conntrack: T5376: Fix priority for CT helpers 2024-02-21T15:20:38+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2024-02-21T15:03:07+00:00 urn:sha1:538aeeccc46d31ab54647b67c8a2ba442d61cc46 Ref: https://www.spinics.net/lists/netfilter/msg59549.html T5474: establish common file name pattern for XML conf mode commands 2023-12-31T22:49:48+00:00 Christian Breunig christian@breunig.cc 2023-12-30T22:25:20+00:00 urn:sha1:4ef110fd2c501b718344c72d495ad7e16d2bd465 We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in T5779: conntrack: Apply fixes to <set system conntrack timeout custom>. Remove what was not working on 1.3, migrate what was working to new syntax and extend feature for ipv6. 2023-12-05T10:44:19+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-12-05T10:36:14+00:00 urn:sha1:24a1a70596fafdd35d88506159e6cb9cd94e7a66 conntrack: T5376: T5598: Fix for kernel conntrack helpers 2023-09-24T14:50:05+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2023-09-21T10:05:20+00:00 urn:sha1:fd0bcaf120bc4ad5f3e9add93f0fa2c2c60e984f `nf_conntrack_helper` that auto-assigned helpers is removed from the kernel conntrack: T5571: Refactor conntrack to be independent conf script from firewall, nat, nat66 2023-09-16T11:20:10+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2023-09-14T01:01:56+00:00 urn:sha1:734d84f696944419a2d6f11bc16dda03900add34 Merge pull request #2062 from vfreex/simple-fastpath-support 2023-09-14T14:18:33+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-09-14T14:18:33+00:00 urn:sha1:c355b07c21b6cac7405a6e575947a181fd2236f5 T4502: firewall: Add software flow offload using flowtable