cache iterators: rework cache_reset_timers
This patch adds the clause PurgeTimeout that sets the new timer when conntrackd -t is called. This command is particularly useful when the sysadmin triggers hand-overs between several nodes without rebooting as it reduces the timers of the remaining entries in the kernel. Thus, avoiding clashes between new and old entries that may trigger INVALID packets. Signed-off-by: Pablo Neira Ayuso <>
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 60bb2de..23f5306 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -79,6 +79,7 @@ struct ct_conf {
int refresh;
int cache_timeout; /* cache entries timeout */
int commit_timeout; /* committed entries timeout */
+ unsigned int purge_timeout; /* purge kernel entries timeout */
int del_timeout;
unsigned int netlink_buffer_size;
unsigned int netlink_buffer_size_max_grown;