From 5eadedcc1e5c40da81031b77b8965baa3087e2b3 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 25 May 2021 21:53:54 +0200 Subject: conntrack: T3579: initial implementation with XML and Python --- data/configd-include.json | 1 + data/templates/conntrack/sysctl.conf.tmpl | 26 ++++++++++++++++++++++ .../conntrack/vyos_nf_conntrack.conf.tmpl | 3 +++ 3 files changed, 30 insertions(+) create mode 100644 data/templates/conntrack/sysctl.conf.tmpl create mode 100644 data/templates/conntrack/vyos_nf_conntrack.conf.tmpl (limited to 'data') diff --git a/data/configd-include.json b/data/configd-include.json index f241d0cb6..712df3f19 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -1,5 +1,6 @@ [ "bcast_relay.py", +"conntrack.py", "dhcp_relay.py", "dhcpv6_relay.py", "dns_forwarding.py", diff --git a/data/templates/conntrack/sysctl.conf.tmpl b/data/templates/conntrack/sysctl.conf.tmpl new file mode 100644 index 000000000..9e97c3286 --- /dev/null +++ b/data/templates/conntrack/sysctl.conf.tmpl @@ -0,0 +1,26 @@ +# Autogenerated by conntrack.py +{# all values have defaults - thus no checking required #} + +net.netfilter.nf_conntrack_expect_max = {{ expect_table_size }} +net.netfilter.nf_conntrack_max = {{ table_size }} + +net.ipv4.tcp_max_syn_backlog = {{ tcp.half_open_connections }} + +net.netfilter.nf_conntrack_tcp_loose = {{ '1' if tcp.loose == 'enable' else '0' }} +net.netfilter.nf_conntrack_tcp_max_retrans = {{ tcp.max_retrans }} + +net.netfilter.nf_conntrack_icmp_timeout = {{ timeout.icmp }} +net.netfilter.nf_conntrack_generic_timeout = {{ timeout.other }} + +net.netfilter.nf_conntrack_tcp_timeout_close_wait = {{ timeout.tcp.close_wait }} +net.netfilter.nf_conntrack_tcp_timeout_close = {{ timeout.tcp.close }} +net.netfilter.nf_conntrack_tcp_timeout_established = {{ timeout.tcp.established }} +net.netfilter.nf_conntrack_tcp_timeout_fin_wait = {{ timeout.tcp.fin_wait }} +net.netfilter.nf_conntrack_tcp_timeout_last_ack = {{ timeout.tcp.last_ack }} +net.netfilter.nf_conntrack_tcp_timeout_syn_recv = {{ timeout.tcp.syn_recv }} +net.netfilter.nf_conntrack_tcp_timeout_syn_sent = {{ timeout.tcp.syn_sent }} +net.netfilter.nf_conntrack_tcp_timeout_time_wait = {{ timeout.tcp.time_wait }} + +net.netfilter.nf_conntrack_udp_timeout = {{ timeout.udp.other }} +net.netfilter.nf_conntrack_udp_timeout_stream = {{ timeout.udp.stream }} + diff --git a/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl b/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl new file mode 100644 index 000000000..111459485 --- /dev/null +++ b/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl @@ -0,0 +1,3 @@ +# Autogenerated by conntrack.py +options nf_conntrack hashsize={{ hash_size }} nf_conntrack_helper=1 + -- cgit v1.2.3 From c2ae261706efcade8ce94e1958a810ac11abe20c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 27 May 2021 08:31:01 +0200 Subject: conntrack: T3535: add conntrack-sync supported vyos-configd services --- data/configd-include.json | 1 + 1 file changed, 1 insertion(+) (limited to 'data') diff --git a/data/configd-include.json b/data/configd-include.json index 712df3f19..c3d59592a 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -1,6 +1,7 @@ [ "bcast_relay.py", "conntrack.py", +"conntrack_sync.py", "dhcp_relay.py", "dhcpv6_relay.py", "dns_forwarding.py", -- cgit v1.2.3