summaryrefslogtreecommitdiffstats
path: root/src/nfct-extensions/timeout.c
Commit message (Collapse)AuthorAgeFilesLines
* nfct: timeout: add support for default protocol timeout tuningPablo Neira Ayuso2014-05-131-2/+104
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new interface supersedes the /proc interface: /proc/sys/net/netfilter/nf_conntrack_PROTO_STATE_timeout to tune default conntrack timeout helpers. # nfct timeout default-get inet tcp .l3proto = 2, .l4proto = 6, .policy = { .SYN_SENT = 120, .SYN_RECV = 60, .ESTABLISHED = 432000, .FIN_WAIT = 120, .CLOSE_WAIT = 60, .LAST_ACK = 30, .TIME_WAIT = 120, .CLOSE = 10, .SYN_SENT2 = 120, .RETRANS = 300, .UNACKNOWLEDGED = 300, }, }; # nfct timeout default-set inet tcp ESTABLISHED 100 As replacement for the existing /proc interfaces for timeout tweaking. This feature requires a Linux kernel >= 3.13. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfct: src: consolidate netlink socket creationPablo Neira Ayuso2013-10-011-86/+17
| | | | | | | Open the socket from the main function, then pass it as parameter to the corresponding interpreter. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfct: src: add nfct_mnl_talk and use itPablo Neira Ayuso2013-10-011-72/+10
| | | | | | Add helper function nfct_mnl_talk and use it. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfct: timeout: split nfct_cmd_timeout_add in several functionsPablo Neira Ayuso2013-09-301-43/+80
| | | | | | This patch is a cleanup to split this function in smaller chunks. It is required to prepare default protocol timeout tuning via netlink.
* nfct: timeout: use getprotoentPablo Neira Ayuso2013-09-301-22/+18
| | | | | | | The kernel bails out for unsupported protocols. Moreover, we don't need to upgrade to support new protocols. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfct: modularize extensionsPablo Neira Ayuso2013-09-261-2/+18
| | | | | | Modularize timeout and helper extensions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfct: fix compilation of timeout extensionPablo Neira Ayuso2012-05-261-1/+1
| | | | | | | | nfct-extensions/timeout.c: In function ‘nfct_timeout_cb’: nfct-extensions/timeout.c:99:2: warning: passing argument 4 of ‘nfct_timeout_snprintf’ makes integer from pointer without a cast [enabled by default] /usr/include/libnetfilter_cttimeout/libnetfilter_cttimeout.h:114:5: note: expected ‘unsigned int’ but argument is of type ‘struct nfct_timeout *’ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfct: fix compilation warning in cttimeout supportPablo Neira Ayuso2012-05-261-2/+2
| | | | | | | | CC nfct-extensions/timeout.o ../../src/nfct-extensions/timeout.c: In function ‘nfct_cmd_timeout_parse_params’: ../../src/nfct-extensions/timeout.c:40:27: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: integrate nfct into the conntrack-tools treePablo Neira Ayuso2012-05-261-0/+486
I'll need for the upcoming cthelper infrastructure. Moreover, we avoid more fragmentation in the netfilter user-space utilities. And the plan is that `nfct' will replace `conntrack' at some point. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>