You do not use port 80/443, so it does not have HTTP-HEADER (in theory).

service LB_port_451 {
    listen-address 10.1.1.1
    mode tcp
    port 451

Try to change to port 80 and check if it works.
You need another solution/configuration

Some highly unscientific tests (only did 3 reboots of each to rule out that any uncached data at the host would affect the result since I run this in a VM through VirtualBox 7.0) shows a difference of up to 2.1% improvment when having a config with 200 static routes.

Parent task is completed - Bugs will get their own subtask and linked to this parent if possible.

This should fix the hostname issue reported to BGP neighbors: https://github.com/vyos/vyos-1x/pull/2289

In T4502#160404, @Apachez wrote:

Perhaps a possible way to detect if the nic supports hardware flowtables or not.

Try to set sudo ethtool -K eth0 hw-tc-offload on.

If the result becomes:

Actual changes:
hw-tc-offload: off [requested on]
Could not change any device features

Then it doesnt support hardware flowtables.

Could also verify by reading the capability like so:

$ ethtool -k eth0 | grep hw-tc-offload
hw-tc-offload: off [fixed]

Perhaps a possible way to detect if the nic supports hardware flowtables or not.

Some feedback from the #netfilter channel over at libera.chat:

I got some funny results which I hope somebody else (with a faster cpu) are able to verify?

First tests unsecseful

PR https://github.com/vyos/vyos-build/pull/416

Im guessing that what this task complains about has a huge part of the time it takes to complete smoketests.

Hello @sdev Sorry to bother you. The issue hasn't been fixed in the recent rolling release: VyOS 1.5-rolling-202309170024

In T5586#160073, @Apachez wrote:

How does FRR/vrrpd work regarding SNMP compatability?

Im thinking if the keepalived could be replaced in favour of FRR/vrrpd?

And for now keep keepalived around only for virtual-server (unless that too can be dealt with by FRR/vrrpd)?

I will put this as "wontfix" because a fix would need additional work of stopping/starting correct FRR-service (if this occurs in future then this task can be reopened).

I will close this task as a duplicate of https://vyos.dev/T4502 where work is in progress.

Added PR https://github.com/vyos/vyos-1x/pull/2278 for smoketest fix.

Ok, I was thinking if that then waited for some password or such.

I haven't tried anything else since I rebooted back into 1.4, but I did try sudo su - which gave the same error.

How does a simple "sudo bash" work?

Cannot pass the smoketest:

 DEBUG - ======================================================================
DEBUG - FAIL: test_01_dyndns_service_standard (__main__.TestServiceDDNS.test_01_dyndns_service_standard)
DEBUG - ----------------------------------------------------------------------
DEBUG - Traceback (most recent call last):
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 82, in test_01_dyndns_service_standard
DEBUG -     self.assertIn(f'use=if', ddclient_conf)
DEBUG - AssertionError: 'use=if' not found in '### Autogenerated by dns_dynamic.py ###\ndaemon=300\nsyslog=yes\nssl=yes\npid=/run/ddclient/ddclient.pid\ncache=/run/ddclient/ddclient.cache\nweb=googledomains use=no            \n # Web service dynamic DNS configuration for cloudflare: [cloudflare, test.ddns.vyos.io]\nusev4=ifv4, \\\nifv4=eth0, \\\nprotocol=cloudflare, \\\nzone=vyos.io, \\\npassword=paSS_@4ord \\\ntest.ddns.vyos.io'
DEBUG - 
DEBUG - ----------------------------------------------------------------------
DEBUG - Ran 4 tests in 11.489s
DEBUG - 
DEBUG - FAILED (failures=1)

I think this broke a whole lot of things for RADIUS users (these work fine in 1.4-rolling-202308040317, but are broken in 1.5-rolling-202309170024):

This is the one I was thinking of:

This seems to have been resolved since a few days (1.5-rolling nightly).

PR for sagitta https://github.com/vyos/vyos-build/pull/415

@Apachez The empty table inet vyos_offload is to ensure the table exists before deleting its content. Regarding hardware offload, I don't have a hardware supporting that. The implementation is totally based on documentation and I don't add any checks before applying the nftables config.

PR created: https://github.com/vyos/vyos-build/pull/414

PR created: https://github.com/vyos/vyos-build/pull/413

1. Using hardware flowtable (flags offload;) on an interface which doesnt support it returns an error:

Tried to enable both software and hardware flowtable with VyOS 1.5-rolling-202309151051:

How does FRR/vrrpd work regarding SNMP compatability?

PR https://github.com/vyos/vyos-1x/pull/2273

Some extra lines were mistakenly included during rebase:

Note that PR2062 is broken.

Regarding testing of arm-builds, hopefully this article might come handy (how to use qemu-system-aarch64 (on x86) part of the qemu-system-arm package):

In my case the upgrade from 1.4-rolling-202308060317 to vyos-1.4-rolling-202308060317 made the vrf unavailable so no access to management. Booting back to old version became working again.

The excludes-file in PR406 had incorrectly a '/' as first character (for the directory to be excluded from the squashfs-file).

Would also be nice to include the global known_hosts file in /etc/ssh/ssh_known_hosts.

I would also like to know if zone based firewall still work or support is removed?

PR created: https://github.com/vyos/vyos-1x/pull/2264

Should probably add "-M rpki" permanently to FRR/bgp.

Could the error from latest nightly be due to that rpki module isnt loaded for FRR/bgp?

@fernando This is really nice. Thank you for the testing!

Could https://vyos.dev/T2044 be related to the failed nightly build from last night?

Added PR here https://github.com/vyos/vyos-1x/pull/2263

This is still the case in VyOS 1.5-rolling-202309130022:

Suggestion of "hidden" ruleset (visible when doing show firewall and show firewall statistics):

PR created: https://github.com/vyos/vyos-build/pull/406

Found out that mksquashfs supports -ef EXCLUDE_FILE as a file that (line by line) defines which files and directories to be excluded during creation of filesystem.squashfs. Adding -wildcard will make it possible to use wildcards within the EXCLUDE_FILE.

PR for 1.5: https://github.com/vyos/vyos-1x/pull/2256

Something like this console command but more handy in op-mode?

PR https://github.com/vyos/vyos-1x/pull/2257