From f3464ea99081fbe4f429f030ea99c60e2338c047 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 8 Feb 2009 19:13:22 +0100 Subject: netlink: add new option NetlinkOverrunResync This patch adds NetlinkOverrunResync. This option can be used to set the amount of time after which the daemon resynchronizes itself with the kernel state-table if it detects a Netlink overrun. Signed-off-by: Pablo Neira Ayuso --- doc/sync/notrack/conntrackd.conf | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'doc/sync/notrack') diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index b77d589..c64291b 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -182,6 +182,19 @@ General { # SocketBufferSizeMaxGrowth 8388608 + # + # If the daemon detects that Netlink is dropping state-change events, + # it automatically schedules a resynchronization against the Kernel + # after 30 seconds (default value). Resynchronizations are expensive + # in terms of CPU consumption since the daemon has to get the full + # kernel state-table and purge state-entries that do not exist anymore. + # Be careful of setting a very small value here. You have the following + # choices: On (enabled, use default 30 seconds value), Off (disabled) + # or Value (in seconds, to set a specific amount of time). If not + # specified, the daemon assumes that this option is enabled. + # + # NetlinkOverrunResync On + # # By default, the daemon receives state updates following an # event-driven model. You can modify this behaviour by switching to -- cgit v1.2.3