| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the documentation about the CacheWriteTrhough clause.
This feature is scheduled for removal since the asynchronous nature of
conntrackd does not allow multi-path routing support. I'm lying,
actually there's a chance to support it, but we have to guarantee that
the RTT in the message synchronization between the firewall is smaller
than the RTT between the peer and the firewalls.
Moreover, this option has made more bad than good since people enable it
when things don't work. Making the whole troubleshooting more
complicated.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch rises the default value of the hashtables in terms
of buckets and entries to the default value in nf_conntrack.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch removes the use of /tmp to create the UNIX socket file to
communicate with conntrackd in the example configuration files. This was
OK in the early alpha days, but not anymore.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds the clause PurgeTimeout that sets the new timer
when conntrackd -t is called. This command is particularly useful
when the sysadmin triggers hand-overs between several nodes without
rebooting as it reduces the timers of the remaining entries in
the kernel. Thus, avoiding clashes between new and old entries that
may trigger INVALID packets.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
This patch removes the directories node1/ and node2/ since the
differences are few small and the user should be able to get it running
if he RTFM.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
