From ace1f6a61b6842e2b49ec7a08f368a2d9f433be0 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Tue, 29 Apr 2008 14:18:17 +0000 Subject: Fix reorder possible reordering of destroy messages under message omission. This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table. --- src/read_config_yy.y | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'src/read_config_yy.y') diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 86fee9b..0bc5e3c 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -52,7 +52,7 @@ struct ct_conf conf; %token T_REPLICATE T_FOR T_IFACE %token T_ESTABLISHED T_SYN_SENT T_SYN_RECV T_FIN_WAIT %token T_CLOSE_WAIT T_LAST_ACK T_TIME_WAIT T_CLOSE T_LISTEN -%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE +%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT %token T_IP T_PATH_VAL @@ -429,6 +429,7 @@ sync_line: refreshtime | listen_to | state_replication | cache_writethrough + | destroy_timeout ; sync_mode_alarm: T_SYNC_MODE T_ALARM '{' sync_mode_alarm_list '}' @@ -469,6 +470,11 @@ window_size: T_WINDOWSIZE T_NUMBER conf.window_size = $2; }; +destroy_timeout: T_DESTROY_TIMEOUT T_NUMBER +{ + conf.del_timeout = $2; +}; + relax_transitions: T_RELAX_TRANSITIONS { fprintf(stderr, "Notice: RelaxTransitions clause is obsolete. " @@ -746,5 +752,9 @@ init_config(char *filename) if (CONFIG(window_size) == 0) CONFIG(window_size) = 20; + /* double of 120 seconds which is common timeout of a final state */ + if (conf.flags & CTD_SYNC_FTFW && CONFIG(del_timeout) == 0) + CONFIG(del_timeout) = 240; + return 0; } -- cgit v1.2.3