Skip to content
Snippets Groups Projects
Verified Commit 6c3aaa87 authored by Josef Schlehofer's avatar Josef Schlehofer
Browse files

Merge branch 'hotfix/conntrack-improve-defaults' into hbl

parents 2cb126ca 6e692c19
Branches
Tags
1 merge request!176configs/common: allow setting hostapd debug level to highest level
Hide whitespace changes
Inline Side-by-side
patches/openwrt/branding/0003-base-files-Improve-defaults-for-conntrack.patch deleted 100644 → 0
+ 0
26
View file @ 2cb126ca
From 9d8820d86e03b19f4ea7dbdf130e091045ccf86b Mon Sep 17 00:00:00 2001
From: Michal Hrusecky <michal.hrusecky@nic.cz>
Date: Tue, 17 Jul 2018 11:20:50 +0200
Subject: [PATCH] base-files: Improve defaults for conntrack
---
package/base-files/files/etc/sysctl.d/10-default.conf | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf
index 46d079b..484654d 100644
--- a/package/base-files/files/etc/sysctl.d/10-default.conf
+++ b/package/base-files/files/etc/sysctl.d/10-default.conf
@@ -23,3 +23,9 @@ net.ipv4.tcp_dsack=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
+
+net.nf_conntrack_max = 262144
+net.netfilter.nf_conntrack_tcp_timeout_established = 432000
+net.netfilter.nf_conntrack_udp_timeout=60
+net.netfilter.nf_conntrack_udp_timeout_stream=180
+net.netfilter.nf_conntrack_checksum=1
--
2.18.0
patches/openwrt/branding/0003-nf-conntrack-improve-default-values.patch 0 → 100644
+ 36
0
View file @ 6c3aaa87
From eadc88336160b1e0cce8388f64af13cfca837c83 Mon Sep 17 00:00:00 2001
From: Josef Schlehofer <pepe.schlehofer@gmail.com>
Date: Tue, 17 Mar 2020 00:02:14 +0100
Subject: [PATCH] nf-conntrack: improve default values
Conntrack values in OpenWrt are optimized for routers, which has 128 MB
RAM. Let's optimize it for Turris routers, which has at least 512 MB
RAM.
More details about variables and descriptions can be found here:
https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
---
package/kernel/linux/files/sysctl-nf-conntrack.conf | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/kernel/linux/files/sysctl-nf-conntrack.conf b/package/kernel/linux/files/sysctl-nf-conntrack.conf
index 37baf5fd6f..bcd730d470 100644
--- a/package/kernel/linux/files/sysctl-nf-conntrack.conf
+++ b/package/kernel/linux/files/sysctl-nf-conntrack.conf
@@ -2,8 +2,8 @@
# /etc/sysctl.conf can be used to customize sysctl settings
net.netfilter.nf_conntrack_acct=1
-net.netfilter.nf_conntrack_checksum=0
-net.netfilter.nf_conntrack_max=16384
-net.netfilter.nf_conntrack_tcp_timeout_established=7440
+net.netfilter.nf_conntrack_checksum=1
+net.netfilter.nf_conntrack_max=262144
+net.netfilter.nf_conntrack_tcp_timeout_established=432000
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180
--
2.25.1
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment