diff options
| author | Daniil Baturin <daniil@vyos.io> | 2025-06-09 12:11:38 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-06-09 12:11:38 +0100 |
| commit | 34b07a49c052631e58401fd06c218701ad36d0ce (patch) | |
| tree | 01208307f9d9a90f6e476ced35a7315ec5841fb4 /src | |
| parent | 6c8054a9ad223de9aba3646ef8a041c1f8f16839 (diff) | |
| parent | 08421b277b1f460ebc51673571bab975aece2215 (diff) | |
| download | vyos-1x-34b07a49c052631e58401fd06c218701ad36d0ce.tar.gz vyos-1x-34b07a49c052631e58401fd06c218701ad36d0ce.zip | |
Merge pull request #4548 from c-po/T7202-conntrack
conntrack: T7208: nf_conntrack_buckets defaults and behavior
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/system_conntrack.py | 2 | ||||
| -rw-r--r-- | src/migration-scripts/conntrack/5-to-6 | 30 |
2 files changed, 30 insertions, 2 deletions
diff --git a/src/conf_mode/system_conntrack.py b/src/conf_mode/system_conntrack.py index f25ed8d10..8909d9cba 100755 --- a/src/conf_mode/system_conntrack.py +++ b/src/conf_mode/system_conntrack.py @@ -32,7 +32,6 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -conntrack_config = r'/etc/modprobe.d/vyatta_nf_conntrack.conf' sysctl_file = r'/run/sysctl/10-vyos-conntrack.conf' nftables_ct_file = r'/run/nftables-ct.conf' vyos_conntrack_logger_config = r'/run/vyos-conntrack-logger.conf' @@ -204,7 +203,6 @@ def generate(conntrack): elif path[0] == 'ipv6': conntrack['ipv6_firewall_action'] = 'accept' - render(conntrack_config, 'conntrack/vyos_nf_conntrack.conf.j2', conntrack) render(sysctl_file, 'conntrack/sysctl.conf.j2', conntrack) render(nftables_ct_file, 'conntrack/nftables-ct.j2', conntrack) diff --git a/src/migration-scripts/conntrack/5-to-6 b/src/migration-scripts/conntrack/5-to-6 new file mode 100644 index 000000000..1db2e78b4 --- /dev/null +++ b/src/migration-scripts/conntrack/5-to-6 @@ -0,0 +1,30 @@ +# Copyright 2025 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see <http://www.gnu.org/licenses/>. + +# T7202: fix lower limit of supported conntrack hash-size to match Kernel +# lower limit. + +from vyos.configtree import ConfigTree + +base = ['system', 'conntrack'] +def migrate(config: ConfigTree) -> None: + if not config.exists(base): + # Nothing to do + return + + if config.exists(base + ['hash-size']): + tmp = config.return_value(base + ['hash-size']) + if int(tmp) < 1024: + config.set(base + ['hash-size'], value=1024) |