From 08421b277b1f460ebc51673571bab975aece2215 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 7 Jun 2025 09:15:30 +0200
Subject: conntrack: T7208: nf_conntrack_buckets defaults and behavior

Previously, we used a lower limit of 1 and a default value of 32768 for the
nf_conntrack_buckets (conntrack hash-size) sysctl option. However, the Linux
kernel enforces an internal minimum of 1024. A configuration migrator will now
adjust the lower limit to 1024 if necessary.

The former default value of 32768 was passed as a kernel module option, which
only took effect after the second system reboot. This was due to the option being
rendered but not applied during the first boot. This behavior has been changed so
that the value is now configurable at runtime and takes effect immediately.

Additionally, since VyOS 1.4 increased the hardware requirements to 4GB of RAM,
we now align the default value of nf_conntrack_buckets with the kernel's
default for systems with more than 1GB of RAM to 65536 entries. Previously, we
only supported half that amount.
---
 interface-definitions/include/version/conntrack-version.xml.i | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'interface-definitions/include')

diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i
index 6995ce119..517424034 100644
--- a/interface-definitions/include/version/conntrack-version.xml.i
+++ b/interface-definitions/include/version/conntrack-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/conntrack-version.xml.i -->
-<syntaxVersion component='conntrack' version='5'></syntaxVersion>
+<syntaxVersion component='conntrack' version='6'></syntaxVersion>
 <!-- include end -->
-- 
cgit v1.2.3