From 1ecda7339e8678c0b4debe7003b4a42791ad478e Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 1 Oct 2013 13:28:11 +0200
Subject: nfct: timeout: add support for default protocol timeout tuning

This new interface supersedes the /proc interface:

/proc/sys/net/netfilter/nf_conntrack_PROTO_STATE_timeout

to tune default conntrack timeout helpers.

 # nfct timeout default-get inet tcp
         .l3proto = 2,
         .l4proto = 6,
         .policy = {
                 .SYN_SENT = 120,
                 .SYN_RECV = 60,
                 .ESTABLISHED = 432000,
                 .FIN_WAIT = 120,
                 .CLOSE_WAIT = 60,
                 .LAST_ACK = 30,
                 .TIME_WAIT = 120,
                 .CLOSE = 10,
                 .SYN_SENT2 = 120,
                 .RETRANS = 300,
                 .UNACKNOWLEDGED = 300,
         },
 };

 # nfct timeout default-set inet tcp ESTABLISHED 100

As replacement for the existing /proc interfaces for timeout tweaking.
This feature requires a Linux kernel >= 3.13.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/linux/netfilter/nfnetlink_cttimeout.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include/linux')

diff --git a/include/linux/netfilter/nfnetlink_cttimeout.h b/include/linux/netfilter/nfnetlink_cttimeout.h
index a2810a7..1ab0b97 100644
--- a/include/linux/netfilter/nfnetlink_cttimeout.h
+++ b/include/linux/netfilter/nfnetlink_cttimeout.h
@@ -6,6 +6,8 @@ enum ctnl_timeout_msg_types {
 	IPCTNL_MSG_TIMEOUT_NEW,
 	IPCTNL_MSG_TIMEOUT_GET,
 	IPCTNL_MSG_TIMEOUT_DELETE,
+	IPCTNL_MSG_TIMEOUT_DEFAULT_SET,
+	IPCTNL_MSG_TIMEOUT_DEFAULT_GET,
 
 	IPCTNL_MSG_TIMEOUT_MAX
 };
-- 
cgit v1.2.3