Page MenuHomeVyOS Platform
Create Task
Maniphest T3660

Conntrack-Sync configuration command to specify destination udp port for peer
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Speaking with a VyOS user, he wanted to change the default destination port of the peer when using unicast UDP (port 3780) at Conntrack Sync due to an integration he's working at with GCP Terraform.

For example, the command

set service conntrack-sync interface <name> peer <address>

currently changes the IPv4_Destination_Address value at /etc/conntrackd/conntrackd.conf that is the conntrack daemon file.

According to the file this configuration is being auto-generated by vyatta-conntrack-sync.pl at boot and everytime a conntrack-sync configuration command is executed so I think that's the script being triggered with conntrack-sync commands that creates a new conntrackd.conf

Even though changing directly the port at conntrackd.conf file and restarting the conntrack daemon should work, the value will be overlapped by 3780 next boot or if a configuration command for conntrack-sync is executed.

vyos@vyos# cat /etc/conntrackd/conntrackd.conf
#
# autogenerated by vyatta-conntrack-sync.pl on Thu 01 Jul 2021 01:43:46 PM UTC
#

#
# Synchronizer settings
#
Sync {
	Mode FTFW {
	}
	UDP {
		IPv4_Destination_Address 9.9.9.9
		Port 3780
		Interface eth0
		SndSocketBuffer 1048576
		RcvSocketBuffer 1048576
		Checksum on
	}

So the feature would be adding a command like

set service conntrack-sync interface <name> peer <address> port <port>.

and should change the "Port" value located at /etc/conntrackd/contrackd.conf just as set service conntrack-sync interface <name> peer <address> changes the IPv4_Address_Destination value

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Event Timeline

m1nus created this task.Jul 1 2021, 7:17 PM
c-po added a subscriber: c-po.EditedJul 1 2021, 7:46 PM

Hi @m1nus,

conntrack implementation changed form 1.3 -> 1.4 by a rewrite. Can you please tell us which version of VyOS you are using?

Both VyOS 1.4 and VyOS 1.3 have the port hardcoded:

But this fells like a legitimate feature request in making it possible for the user to adjust the port.

c-po changed the task status from Open to Confirmed.Jul 1 2021, 7:50 PM
c-po added a project: VyOS 1.4 Sagitta.
m1nus added a comment.Jul 2 2021, 12:04 PM

Hi @c-po I hope you're doing great!

The user is running VyOS 1.3 (Equuleus)

c-po changed the task status from Confirmed to Needs testing.Jul 2 2021, 8:23 PM
c-po claimed this task.
c-po added a comment.EditedJul 2 2021, 8:26 PM

Added command set service conntrack-sync interface <intrerface> port <port>

Will be available in tomorrows VyOS 1.3 beta build available from https://vyos.net/get/nightly-builds/

m1nus added a comment.Jul 2 2021, 8:31 PM

Thanks Chris I'll test it once available and let you know!!

pasik added a subscriber: pasik.Jul 3 2021, 5:04 PM
m1nus added a comment.Jul 5 2021, 2:23 PM

Hi @c-po i've been testing the added command.

All works great

vyos@vyos# set service conntrack-sync interface eth0 
Possible completions:
   peer         IP address of the peer to send the UDP conntrack info too. This disable multicast.
   port         Port number used by connection

      
[edit]
vyos@vyos# set service conntrack-sync interface eth0 port 
Possible completions:
   <1-65535>    Numeric IP port
vyos@vyos# set service conntrack-sync interface eth0 port 9999
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# cat /run/conntrackd/conntrackd.conf 
#autogenerated by conntrack_sync.py
#Synchronizer settings
Sync {
    Mode FTFW {
        DisableExternalCache off
    }
    UDP {
        IPv4_Destination_Address 10.10.10.5
        Port 9999
        Interface eth0
        SndSocketBuffer 1048576
        RcvSocketBuffer 1048576
        Checksum on
    }
vyos@vyos# run show conntrack table ipv4
TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED,
                 FW - FIN WAIT, CW - CLOSE WAIT, LA - LAST ACK,
                 TW - TIME WAIT, CL - CLOSE, LI - LISTEN

CONN ID    Source                 Destination            Protocol         TIMEOUT             
484835838  192.168.0.254:38762    10.10.10.5:9999        udp [17]         29

Deleting the port should set the default port (3780) at conntrackd.conf again, Tested it and also works fine.

vyos@vyos# delete service conntrack-sync interface eth0 port 9999
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# cat /run/conntrackd/conntrackd.conf 
# autogenerated by conntrack_sync.py

# Synchronizer settings
Sync {
    Mode FTFW {
        DisableExternalCache off
    }
    UDP {
        IPv4_Destination_Address 10.10.10.5
        Port 3780
        Interface eth0
        SndSocketBuffer 1048576
        RcvSocketBuffer 1048576
        Checksum on
    }
c-po added a comment.EditedJul 6 2021, 5:33 AM

Thanks for the confirmation

c-po closed this task as Resolved.Jul 6 2021, 5:33 AM
SrividyaA set Issue type to Improvement (missing useful functionality).Aug 31 2021, 6:34 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 11:42 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.