From 6cb33c62c8007593d8a85aa202fa173043877135 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 7 Aug 2008 14:53:12 +0200 Subject: cache iterators: rework cache_reset_timers This patch adds the clause PurgeTimeout that sets the new timer when conntrackd -t is called. This command is particularly useful when the sysadmin triggers hand-overs between several nodes without rebooting as it reduces the timers of the remaining entries in the kernel. Thus, avoiding clashes between new and old entries that may trigger INVALID packets. Signed-off-by: Pablo Neira Ayuso --- src/read_config_yy.y | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'src/read_config_yy.y') diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 33a435c..c7bce82 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -52,7 +52,7 @@ static void __kernel_filter_add_state(int value); %token T_GENERAL T_SYNC T_STATS T_RELAX_TRANSITIONS T_BUFFER_SIZE T_DELAY %token T_SYNC_MODE T_LISTEN_TO T_FAMILY T_RESEND_BUFFER_SIZE %token T_ALARM T_FTFW T_CHECKSUM T_WINDOWSIZE T_ON T_OFF -%token T_REPLICATE T_FOR T_IFACE +%token T_REPLICATE T_FOR T_IFACE T_PURGE %token T_ESTABLISHED T_SYN_SENT T_SYN_RECV T_FIN_WAIT %token T_CLOSE_WAIT T_LAST_ACK T_TIME_WAIT T_CLOSE T_LISTEN %token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT @@ -163,6 +163,11 @@ timeout: T_TIMEOUT T_NUMBER conf.commit_timeout = $2; }; +purge: T_PURGE T_NUMBER +{ + conf.purge_timeout = $2; +}; + checksum: T_CHECKSUM T_ON { conf.mcast.checksum = 0; @@ -427,6 +432,7 @@ sync_list: sync_line: refreshtime | expiretime | timeout + | purge | checksum | multicast_line | relax_transitions @@ -987,6 +993,10 @@ init_config(char *filename) if (CONFIG(commit_timeout) == 0) CONFIG(commit_timeout) = 180; + /* default to 15 seconds: purge kernel entries */ + if (CONFIG(purge_timeout) == 0) + CONFIG(purge_timeout) = 15; + /* default to 60 seconds of refresh time */ if (CONFIG(refresh) == 0) CONFIG(refresh) = 60; -- cgit v1.2.3