diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-01-25 17:53:14 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-01-25 17:53:14 +0100 |
commit | cced587d766b9194b698a156d241766d5bad8a9d (patch) | |
tree | c9084ff763d29dd238a45e10db886f966ec5d7e4 | |
parent | 50c09dec9ad0261d8fcc18d69b2c9ec74052955c (diff) | |
download | conntrack-tools-cced587d766b9194b698a156d241766d5bad8a9d.tar.gz conntrack-tools-cced587d766b9194b698a156d241766d5bad8a9d.zip |
src: increase default PurgeTimeout value
This patch increases the default PurgeTimeout value to 60 seconds.
The former 15 seconds provides good real-time reaction in terms of
user-side expected behaviour, but it is too small if you trigger
random failure in a firewall cluster.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | doc/sync/alarm/conntrackd.conf | 11 | ||||
-rw-r--r-- | doc/sync/ftfw/conntrackd.conf | 11 | ||||
-rw-r--r-- | doc/sync/notrack/conntrackd.conf | 11 | ||||
-rw-r--r-- | src/read_config_yy.y | 4 |
4 files changed, 17 insertions, 20 deletions
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf index 3479a83..db7d99e 100644 --- a/doc/sync/alarm/conntrackd.conf +++ b/doc/sync/alarm/conntrackd.conf @@ -27,13 +27,12 @@ Sync { # # If the firewall replica goes from primary to backup, # the conntrackd -t command is invoked in the script. - # This command resets the timers of the conntracks that - # live in the kernel to this new value. This is useful - # to purge the connection tracking table of zombie entries - # and avoid clashes with old entries if you trigger - # several consecutive hand-overs. + # This command schedules a flush of the table in N seconds. + # This is useful to purge the connection tracking table of + # zombie entries and avoid clashes with old entries if you + # trigger several consecutive hand-overs. Default is 60 seconds # - PurgeTimeout 15 + # PurgeTimeout 60 } # diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf index 4fd86d7..69572cf 100644 --- a/doc/sync/ftfw/conntrackd.conf +++ b/doc/sync/ftfw/conntrackd.conf @@ -24,13 +24,12 @@ Sync { # # If the firewall replica goes from primary to backup, # the conntrackd -t command is invoked in the script. - # This command resets the timers of the conntracks that - # live in the kernel to this new value. This is useful - # to purge the connection tracking table of zombie entries - # and avoid clashes with old entries if you trigger - # several consecutive hand-overs. + # This command schedules a flush of the table in N seconds. + # This is useful to purge the connection tracking table of + # zombie entries and avoid clashes with old entries if you + # trigger several consecutive hand-overs. Default is 60 seconds. # - PurgeTimeout 15 + # PurgeTimeout 60 # Set the acknowledgement window size. If you decrease this # value, the number of acknowlegdments increases. More diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index 5abf589..1df79a1 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -13,13 +13,12 @@ Sync { # # If the firewall replica goes from primary to backup, # the conntrackd -t command is invoked in the script. - # This command resets the timers of the conntracks that - # live in the kernel to this new value. This is useful - # to purge the connection tracking table of zombie entries - # and avoid clashes with old entries if you trigger - # several consecutive hand-overs. + # This command schedules a flush of the table in N seconds. + # This is useful to purge the connection tracking table of + # zombie entries and avoid clashes with old entries if you + # trigger several consecutive hand-overs. Default is 60 seconds. # - PurgeTimeout 15 + # PurgeTimeout 60 } # diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 766d543..049896e 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -1141,9 +1141,9 @@ init_config(char *filename) if (CONFIG(cache_timeout) == 0) CONFIG(cache_timeout) = 180; - /* default to 15 seconds: purge kernel entries */ + /* default to 60 seconds: purge kernel entries */ if (CONFIG(purge_timeout) == 0) - CONFIG(purge_timeout) = 15; + CONFIG(purge_timeout) = 60; /* default to 60 seconds of refresh time */ if (CONFIG(refresh) == 0) |