summaryrefslogtreecommitdiffstats
path: root/src/read_config_yy.y
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-04-29 14:18:17 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-04-29 14:18:17 +0000
commitace1f6a61b6842e2b49ec7a08f368a2d9f433be0 (patch)
tree92c62e1bf75ff98d949b8f71a0f79c948d1e544a /src/read_config_yy.y
parent96213d5f0821aee2fe52459ab2cd54569e50cf85 (diff)
Fix reorder possible reordering of destroy messages under message omission. This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table.
Diffstat (limited to 'src/read_config_yy.y')
-rw-r--r--src/read_config_yy.y12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 86fee9b..0bc5e3c 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -52,7 +52,7 @@ struct ct_conf conf;
%token T_REPLICATE T_FOR T_IFACE
%token T_ESTABLISHED T_SYN_SENT T_SYN_RECV T_FIN_WAIT
%token T_CLOSE_WAIT T_LAST_ACK T_TIME_WAIT T_CLOSE T_LISTEN
-%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE
+%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT
%token <string> T_IP T_PATH_VAL
@@ -429,6 +429,7 @@ sync_line: refreshtime
| listen_to
| state_replication
| cache_writethrough
+ | destroy_timeout
;
sync_mode_alarm: T_SYNC_MODE T_ALARM '{' sync_mode_alarm_list '}'
@@ -469,6 +470,11 @@ window_size: T_WINDOWSIZE T_NUMBER
conf.window_size = $2;
};
+destroy_timeout: T_DESTROY_TIMEOUT T_NUMBER
+{
+ conf.del_timeout = $2;
+};
+
relax_transitions: T_RELAX_TRANSITIONS
{
fprintf(stderr, "Notice: RelaxTransitions clause is obsolete. "
@@ -746,5 +752,9 @@ init_config(char *filename)
if (CONFIG(window_size) == 0)
CONFIG(window_size) = 20;
+ /* double of 120 seconds which is common timeout of a final state */
+ if (conf.flags & CTD_SYNC_FTFW && CONFIG(del_timeout) == 0)
+ CONFIG(del_timeout) = 240;
+
return 0;
}