summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/sync/alarm/conntrackd.conf11
-rw-r--r--doc/sync/ftfw/conntrackd.conf11
-rw-r--r--doc/sync/notrack/conntrackd.conf11
-rw-r--r--src/read_config_yy.y4
4 files changed, 17 insertions, 20 deletions
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 3479a83..db7d99e 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -27,13 +27,12 @@ Sync {
#
# If the firewall replica goes from primary to backup,
# the conntrackd -t command is invoked in the script.
- # This command resets the timers of the conntracks that
- # live in the kernel to this new value. This is useful
- # to purge the connection tracking table of zombie entries
- # and avoid clashes with old entries if you trigger
- # several consecutive hand-overs.
+ # This command schedules a flush of the table in N seconds.
+ # This is useful to purge the connection tracking table of
+ # zombie entries and avoid clashes with old entries if you
+ # trigger several consecutive hand-overs. Default is 60 seconds
#
- PurgeTimeout 15
+ # PurgeTimeout 60
}
#
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 4fd86d7..69572cf 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -24,13 +24,12 @@ Sync {
#
# If the firewall replica goes from primary to backup,
# the conntrackd -t command is invoked in the script.
- # This command resets the timers of the conntracks that
- # live in the kernel to this new value. This is useful
- # to purge the connection tracking table of zombie entries
- # and avoid clashes with old entries if you trigger
- # several consecutive hand-overs.
+ # This command schedules a flush of the table in N seconds.
+ # This is useful to purge the connection tracking table of
+ # zombie entries and avoid clashes with old entries if you
+ # trigger several consecutive hand-overs. Default is 60 seconds.
#
- PurgeTimeout 15
+ # PurgeTimeout 60
# Set the acknowledgement window size. If you decrease this
# value, the number of acknowlegdments increases. More
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 5abf589..1df79a1 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -13,13 +13,12 @@ Sync {
#
# If the firewall replica goes from primary to backup,
# the conntrackd -t command is invoked in the script.
- # This command resets the timers of the conntracks that
- # live in the kernel to this new value. This is useful
- # to purge the connection tracking table of zombie entries
- # and avoid clashes with old entries if you trigger
- # several consecutive hand-overs.
+ # This command schedules a flush of the table in N seconds.
+ # This is useful to purge the connection tracking table of
+ # zombie entries and avoid clashes with old entries if you
+ # trigger several consecutive hand-overs. Default is 60 seconds.
#
- PurgeTimeout 15
+ # PurgeTimeout 60
}
#
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 766d543..049896e 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -1141,9 +1141,9 @@ init_config(char *filename)
if (CONFIG(cache_timeout) == 0)
CONFIG(cache_timeout) = 180;
- /* default to 15 seconds: purge kernel entries */
+ /* default to 60 seconds: purge kernel entries */
if (CONFIG(purge_timeout) == 0)
- CONFIG(purge_timeout) = 15;
+ CONFIG(purge_timeout) = 60;
/* default to 60 seconds of refresh time */
if (CONFIG(refresh) == 0)