From 0c86955013f27759c84e3e7bca507e4c8dcc6f88 Mon Sep 17 00:00:00 2001 From: Nataliia Solomko Date: Fri, 5 Apr 2024 14:33:25 +0300 Subject: conntrack-sync: T1244: Support for StartupResync in conntrackd (cherry picked from commit f4e6d33a06e6125419900723ae7dc02fe264059d) # Conflicts: # docs/configuration/service/conntrack-sync.rst --- docs/configuration/service/conntrack-sync.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'docs') diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index c95cadc9..ccaaefff 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -98,6 +98,18 @@ Configuration This diable the external cache and directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall. +<<<<<<< HEAD +======= +.. cfgcmd:: set service conntrack-sync disable-syslog + + Disable connection logging via Syslog. + +.. cfgcmd:: set service conntrack-sync enable-startup-resync + + Order conntrackd to request a complete conntrack table resync against + the other node at startup. + +>>>>>>> f4e6d33a (conntrack-sync: T1244: Support for StartupResync in conntrackd) ********* Operation ********* -- cgit v1.2.3 From 318c7134b26531d0a8676029381ddf0ded0966ca Mon Sep 17 00:00:00 2001 From: Nataliia Solomko Date: Fri, 5 Apr 2024 22:15:20 +0300 Subject: conntrack-sync: T1244: Support for StartupResync in conntrackd (cherry picked from commit 2b32a2e134ec4dcb1a574fd405147aeb9644abdb) --- docs/configuration/service/conntrack-sync.rst | 45 +++++++++++---------------- 1 file changed, 19 insertions(+), 26 deletions(-) (limited to 'docs') diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index ccaaefff..cebaa07c 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -39,36 +39,36 @@ Configuration .. cfgcmd:: set service conntrack-sync accept-protocol - Accept only certain protocols: You may want to replicate the state of flows - depending on their layer 4 protocol. + Accept only certain protocols: You may want to replicate the state of flows + depending on their layer 4 protocol. - Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp. + Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp. .. cfgcmd:: set service conntrack-sync event-listen-queue-size - The daemon doubles the size of the netlink event socket buffer size if it - detects netlink event message dropping. This clause sets the maximum buffer - size growth that can be reached. + The daemon doubles the size of the netlink event socket buffer size if it + detects netlink event message dropping. This clause sets the maximum buffer + size growth that can be reached. - Queue size for listening to local conntrack events in MB. + Queue size for listening to local conntrack events in MB. .. cfgcmd:: set service conntrack-sync expect-sync - Protocol for which expect entries need to be synchronized. + Protocol for which expect entries need to be synchronized. .. cfgcmd:: set service conntrack-sync failover-mechanism vrrp sync-group - Failover mechanism to use for conntrack-sync. + Failover mechanism to use for conntrack-sync. - Only VRRP is supported. Required option. + Only VRRP is supported. Required option. .. cfgcmd:: set service conntrack-sync ignore-address - IP addresses or networks for which local conntrack entries will not be synced + IP addresses or networks for which local conntrack entries will not be synced .. cfgcmd:: set service conntrack-sync interface - Interface to use for syncing conntrack entries. + Interface to use for syncing conntrack entries. .. cfgcmd:: set service conntrack-sync interface port @@ -80,36 +80,29 @@ Configuration .. cfgcmd:: set service conntrack-sync mcast-group - Multicast group to use for syncing conntrack entries. + Multicast group to use for syncing conntrack entries. - Defaults to 225.0.0.50. + Defaults to 225.0.0.50. .. cfgcmd:: set service conntrack-sync interface peer
- Peer to send unicast UDP conntrack sync entires to, if not using Multicast - configuration from above above. + Peer to send unicast UDP conntrack sync entires to, if not using Multicast + configuration from above above. .. cfgcmd:: set service conntrack-sync sync-queue-size - Queue size for syncing conntrack entries in MB. + Queue size for syncing conntrack entries in MB. .. cfgcmd:: set service conntrack-sync disable-external-cache This diable the external cache and directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall. -<<<<<<< HEAD -======= -.. cfgcmd:: set service conntrack-sync disable-syslog - - Disable connection logging via Syslog. - -.. cfgcmd:: set service conntrack-sync enable-startup-resync +.. cfgcmd:: set service conntrack-sync startup-resync Order conntrackd to request a complete conntrack table resync against the other node at startup. ->>>>>>> f4e6d33a (conntrack-sync: T1244: Support for StartupResync in conntrackd) ********* Operation ********* @@ -134,7 +127,7 @@ Operation 1006239392 10.35.101.221 172.31.120.21 icmp [1] 29 .. note:: - + If the table is empty and you have a warning message, it means conntrack is not enabled. To enable conntrack, just create a NAT or a firewall rule. :cfgcmd:`set firewall state-policy established action accept` -- cgit v1.2.3