diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-05-15 10:32:50 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-15 10:32:50 +0200 |
commit | e2978bb452c4ad3c3caf532c8f2204d7615c881e (patch) | |
tree | 06bbf47d590425224c27594cdc50b5af5628e428 /data/templates/conntrackd | |
parent | d96336a808e500934fc4fd9423345d0b965d35ac (diff) | |
parent | 3fc9b2fb79fd3e27a5034804e5243fe2e4ec40c3 (diff) | |
download | vyos-1x-e2978bb452c4ad3c3caf532c8f2204d7615c881e.tar.gz vyos-1x-e2978bb452c4ad3c3caf532c8f2204d7615c881e.zip |
Merge pull request #841 from c-po/conntrack-sync
conntrack-sync: T3535: migrate to XML and Python
Diffstat (limited to 'data/templates/conntrackd')
-rw-r--r-- | data/templates/conntrackd/conntrackd.conf.tmpl | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/data/templates/conntrackd/conntrackd.conf.tmpl b/data/templates/conntrackd/conntrackd.conf.tmpl new file mode 100644 index 000000000..6f9fa51b0 --- /dev/null +++ b/data/templates/conntrackd/conntrackd.conf.tmpl @@ -0,0 +1,105 @@ +# autogenerated by conntrack_sync.py + +# Synchronizer settings +Sync { + Mode FTFW { + DisableExternalCache {{ 'on' if disable_external_cache is defined else 'off' }} + } +{% for iface, iface_config in interface.items() %} +{% if loop.first %} +{% if iface_config.peer is defined and iface_config.peer is not none %} + UDP { +{% if listen_address is defined and listen_address is not none %} + IPv4_address {{ listen_address }} +{% endif %} + IPv4_Destination_Address {{ iface_config.peer }} + Port 3780 +{% else %} +{% set ip_address = iface | get_ipv4 %} + Multicast { + IPv4_address {{ mcast_group }} + Group 3780 + IPv4_interface {{ ip_address[0] | ip_from_cidr }} +{% endif %} + Interface {{ iface }} +{% endif %} +{% endfor %} + SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }} + RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }} + Checksum on + } +{% if expect_sync is defined and expect_sync is not none %} + Options { +{% if 'all' in expect_sync %} + ExpectationSync on +{% else %} + ExpectationSync { +{% for protocol in expect_sync %} + {{ protocol }} +{% endfor %} +{% endif %} + } + } +{% endif %} +} +Helper { + Type rpc inet tcp { + QueueNum 3 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } + Type rpc inet udp { + QueueNum 4 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } + Type tns inet tcp { + QueueNum 5 + Policy tns { + ExpectMax 1 + ExpectTimeout 300 + } + } +} + +# General settings +General { + HashSize {{ hash_size }} + HashLimit {{ table_size | int *2 }} + LogFile off + Syslog on + LockFile /var/lock/conntrack.lock + UNIX { + Path /run/conntrackd/conntrackd.ctl + } + NetlinkBufferSize {{ 2 *1024 *1024 }} + NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }} + NetlinkOverrunResync off + NetlinkEventsReliable on +{% if ignore_address is defined or accept_protocol is defined %} + Filter From Userspace { +{% if ignore_address is defined and ignore_address is not none %} + Address Ignore { +{% for address in ignore_address if address | is_ipv4 %} + IPv4_address {{ address }} +{% endfor %} +{% for address in ignore_address if address | is_ipv6 %} + IPv6_address {{ address }} +{% endfor %} + } +{% endif %} +{% if accept_protocol is defined and accept_protocol is not none %} + Protocol Accept { +{% for protocol in accept_protocol %} + {{ protocol | upper }} +{% endfor %} + } +{% endif %} + } +{% endif %} +} + |