From 089aa91d6a4a382775d6077c842492ed3d54be60 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Gonzalez Date: Wed, 20 Jan 2021 14:04:14 +0100 Subject: conntrackd: introduce yes & no config values They are equivalent of 'on' and 'off' and makes the config easier to understand. Signed-off-by: Arturo Borrero Gonzalez --- conntrackd.conf.5 | 110 +++++++++++++++++++++++++------------------------- src/read_config_lex.l | 8 +++- 2 files changed, 61 insertions(+), 57 deletions(-) diff --git a/conntrackd.conf.5 b/conntrackd.conf.5 index 673f895..a73c3f7 100644 --- a/conntrackd.conf.5 +++ b/conntrackd.conf.5 @@ -22,7 +22,7 @@ .\" . .\" %%%LICENSE_END .\" -.TH CONNTRACKD.CONF 5 "Jan 27, 2019" +.TH CONNTRACKD.CONF 5 "Jan 20, 2021" .SH NAME conntrackd.conf \- configuration file for conntrackd daemon @@ -133,7 +133,7 @@ experiments measuring the cycles spent by the acknowledgment handling with oprofile). .TP -.BI "DisableExternalCache " +.BI "DisableExternalCache " This clause allows you to disable the external cache. Thus, the state entries are directly injected into the kernel conntrack table. As a result, you save memory in user-space but you consume slots in the kernel conntrack table for @@ -144,19 +144,19 @@ If you are installing \fBconntrackd(8)\fP for first time, please read the user manual and I encourage you to consider using the fail-over scripts instead of enabling this option! -By default, this clause is set off. +By default this is set to no, meaning the external cache is enabled. .TP -.BI "StartupResync " +.BI "StartupResync " Order conntrackd to request a complete conntrack table resync against the other node at startup. A single request will be made. This is useful to get in sync with another node which has been running while we were down. -Example: StartupResync on +Example: StartupResync yes -By default, this clause is set off. +By default, this clause is set to no. .SS Mode ALARM @@ -201,14 +201,14 @@ In this synchronization mode you may configure \fBDisableInternalCache\fP, \fBStartupResync\fP. .TP -.BI "DisableInternalCache " +.BI "DisableInternalCache " This clause allows you to disable the internal cache. Thus, the synchronization messages are directly sent through the dedicated link. -This option is set off by default. +This option is set to no by default. .TP -.BI "DisableExternalCache " +.BI "DisableExternalCache " Same as in \fBFTFW\fP mode. .TP @@ -220,7 +220,7 @@ Same as in \fBFTFW\fP mode. Same as in \fBFTFW\fP mode. .TP -.BI "StartupResync " +.BI "StartupResync " Same as in \fBFTFW\fP mode. .SS MULTICAST @@ -326,7 +326,7 @@ to increase the buffer size. Example: RcvSocketBuffer 1249280 .TP -.BI "Checksum " +.BI "Checksum " Enable/Disable message checksumming. This is a good property to achieve fault-tolerance. In case of doubt, use it. @@ -395,7 +395,7 @@ Same as in the \fBMulticast\fP transport protocol configuration. Same as in the \fBMulticast\fP transport protocol configuration. .TP -.BI "Checksum " +.BI "Checksum " Same as in the \fBMulticast\fP transport protocol configuration. @@ -419,7 +419,7 @@ Example: Interface eth2 SndSocketBuffer 1249280 RcvSocketBuffer 1249280 - Checksum on + Checksum yes } .fi @@ -429,7 +429,7 @@ Other unsorted options that are related to the synchronization protocol or transport mechanism. .TP -.BI "TCPWindowTracking " +.BI "TCPWindowTracking " TCP state-entries have window tracking disabled by default, you can enable it with this option. As said, default is off. This feature requires a \fBLinux kernel >= 2.6.36\fP. @@ -465,7 +465,7 @@ This top-level section contains generic configuration directives for the \fBconntrackd(8)\fP daemon. .TP -.BI "Systemd " +.BI "Systemd " Enable \fBsystemd(1)\fP runtime support if \fBconntrackd(8)\fP is compiled with the proper configuration. Then you can use a service unit of \fIType=notify\fP. @@ -474,7 +474,7 @@ Obviously, this requires the init of your system to be \fBsystemd(1)\fP. Note: \fBsystemd(1)\fP watchdog is supported as well. -Example: Systemd on +Example: Systemd yes By default runtime support is enabled if conntrackd was built with the systemd feature. Otherwise is off. @@ -503,15 +503,15 @@ dead entries cached for possible retransmission during state synchronization. Example: HashLimit 131072 .TP -.BI "LogFile " +.BI "LogFile " Enable \fBconntrackd(8)\fP to log to a file. -Example: LogFile on +Example: LogFile no -Default is off. The default logfile is \fB/var/log/conntrackd.log\fP. +Default is no. Default logfile is \fB/var/log/conntrackd.log\fP. .TP -.BI "Syslog " +.BI "Syslog " Enable connection logging via Syslog. If you set the facility, use the same as in the \fBStats\fP section, otherwise you'll get a warning message. @@ -545,7 +545,7 @@ size growth that can be reached. Example: NetlinkBufferSizeMaxGrowth 8388608 .TP -.BI "NetlinkOverrunResync " +.BI "NetlinkOverrunResync " If the daemon detects that Netlink is dropping state-change events, it automatically schedules a resynchronization against the Kernel after 30 seconds (default value). Resynchronizations are expensive in terms of CPU consumption @@ -554,20 +554,20 @@ that do not exist anymore. Note: Be careful of setting a very small value here. -Example: NetlinkOverrunResync on +Example: NetlinkOverrunResync yes The default value is \fB30\fP seconds. If not specified, the daemon assumes that this option is enabled and uses the default value. .TP -.BI "NetlinkEventsReliable " +.BI "NetlinkEventsReliable " If you want reliable event reporting over Netlink, set on this option. If you set on this clause, it is a good idea to set off \fBNetlinkOverrunResync\fP. You need \fBLinux Kernel >= 2.6.31\fP for this option to work. -Example: NetlinkEventsReliable on +Example: NetlinkEventsReliable yes This option is off by default. @@ -758,29 +758,29 @@ This top-level section indicates \fBconntrackd(8)\fP to work as a statistic collector for the nf_conntrack linux kernel subsystem. .TP -.BI "LogFile " +.BI "LogFile " If you enable this option, the daemon writes the information about destroyed connections to a logfile. -Default is off. Default filename is \fB/var/log/conntrackd-stats.log\fP. +Default is no. Default filename is \fB/var/log/conntrackd-stats.log\fP. .TP -.BI "NetlinkEventsReliable " +.BI "NetlinkEventsReliable " If you want reliable event reporting over Netlink, set on this option. If you set on this clause, it is a good idea to set off \fBNetlinkOverrunResync\fP. This requires \fBLinux kernel >= 2.6.31\fP. -Default is off. +Default is no. .TP -.BI "Syslog " +.BI "Syslog " Enable connection logging via Syslog. If you set the facility, use the same as in the \fBGeneral\fP section, otherwise you'll get a warning message. Example: Syslog local0 -Default is off. +Default is no. .SH HELPER Note: this configuration is very advanced and has nothing to do with @@ -899,15 +899,15 @@ collector. .nf Stats { - LogFile on - NetlinkEventsReliable Off - Syslog off + LogFile yes + NetlinkEventsReliable no + Syslog yes } General { - Systemd on + Systemd yes HashSize 8192 HashLimit 65535 - Syslog on + Syslog yes LockFile /var/lock/conntrack.lock UNIX { Path /var/run/conntrackd.ctl @@ -942,7 +942,7 @@ Sync { ResendQueueSize 131072 PurgeTimeout 60 ACKWindowSize 300 - DisableExternalCache Off + DisableExternalCache no } Multicast { IPv4_address 225.0.0.50 @@ -951,7 +951,7 @@ Sync { Interface eth2 SndSocketBuffer 1249280 RcvSocketBuffer 1249280 - Checksum on + Checksum yes } Multicast Default { IPv4_address 225.0.0.51 @@ -960,27 +960,27 @@ Sync { Interface eth3 SndSocketBuffer 1249280 RcvSocketBuffer 1249280 - Checksum on + Checksum yes } Options { - TCPWindowTracking Off - ExpectationSync On + TCPWindowTracking no + ExpectationSync yes } } General { - Systemd on + Systemd yes HashSize 32768 HashLimit 131072 - LogFile on - Syslog off + LogFile yes + Syslog no LockFile /var/lock/conntrack.lock UNIX { Path /var/run/conntrackd.ctl } NetlinkBufferSize 2097152 NetlinkBufferSizeMaxGrowth 8388608 - NetlinkOverrunResync On - NetlinkEventsReliable Off + NetlinkOverrunResync yes + NetlinkEventsReliable no EventIterationLimit 100 Filter From Userspace { Protocol Accept { @@ -1007,8 +1007,8 @@ It includes common general configuration as well. .nf Sync { Mode NOTRACK { - DisableInternalCache on - DisableExternalCache on + DisableInternalCache yes + DisableExternalCache yes } TCP { IPv4_address 192.168.2.100 @@ -1017,27 +1017,27 @@ Sync { Interface eth2 SndSocketBuffer 1249280 RcvSocketBuffer 1249280 - Checksum on + Checksum yes } Options { - TCPWindowTracking Off - ExpectationSync On + TCPWindowTracking no + ExpectationSync yes } } General { - Systemd on + Systemd yes HashSize 32768 HashLimit 131072 - LogFile on - Syslog off + LogFile yes + Syslog no LockFile /var/lock/conntrack.lock UNIX { Path /var/run/conntrackd.ctl } NetlinkBufferSize 2097152 NetlinkBufferSizeMaxGrowth 8388608 - NetlinkOverrunResync On - NetlinkEventsReliable Off + NetlinkOverrunResync yes + NetlinkEventsReliable no EventIterationLimit 100 Filter From Userspace { Protocol Accept { diff --git a/src/read_config_lex.l b/src/read_config_lex.l index b0d9e61..f1f4fe3 100644 --- a/src/read_config_lex.l +++ b/src/read_config_lex.l @@ -35,6 +35,10 @@ nl [\n\r] is_on [o|O][n|N] is_off [o|O][f|F][f|F] +is_yes [y|Y][e|E][s|S] +is_no [n|N][o|O] +is_true {is_on}|{is_yes} +is_false {is_off}|{is_no} integer [0-9]+ signed_integer [\-\+][0-9]+ path \/[^\"\n ]* @@ -138,8 +142,8 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k] "Systemd" { return T_SYSTEMD; } "StartupResync" { return T_STARTUP_RESYNC; } -{is_on} { return T_ON; } -{is_off} { return T_OFF; } +{is_true} { return T_ON; } +{is_false} { return T_OFF; } {integer} { yylval.val = atoi(yytext); return T_NUMBER; } {signed_integer} { yylval.val = atoi(yytext); return T_SIGNED_NUMBER; } {ip4} { yylval.string = strdup(yytext); return T_IP; } -- cgit v1.2.3