diff options
author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-01-12 14:45:24 -0800 |
---|---|---|
committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-01-12 14:45:24 -0800 |
commit | ca37a710d526d17490ebdc3af760bfddd316426d (patch) | |
tree | caeb883cf2302d30e010909bc543b09e191472cb /doc/stats | |
parent | c4414d9a8b31bedfb7471cd2365aaf5ea5cf55d5 (diff) | |
parent | 414fedd879fdc3cd0a910acd2fd9262251a6bfe7 (diff) | |
download | conntrack-tools-ca37a710d526d17490ebdc3af760bfddd316426d.tar.gz conntrack-tools-ca37a710d526d17490ebdc3af760bfddd316426d.zip |
Updating upstream with merged content from netfilter conntrack-tools version 1.0.1
Diffstat (limited to 'doc/stats')
-rw-r--r-- | doc/stats/conntrackd.conf | 25 | ||||
-rw-r--r-- | doc/stats/conntrackd.conf.orig | 121 |
2 files changed, 13 insertions, 133 deletions
diff --git a/doc/stats/conntrackd.conf b/doc/stats/conntrackd.conf index 0941f64..16d7a80 100644 --- a/doc/stats/conntrackd.conf +++ b/doc/stats/conntrackd.conf @@ -67,6 +67,18 @@ General { # NetlinkBufferSizeMaxGrowth 655355 + # + # By default, the daemon receives state updates following an + # event-driven model. You can modify this behaviour by switching to + # polling mode with the PollSecs clause. This clause tells conntrackd + # to dump the states in the kernel every N seconds. With regards to + # synchronization mode, the polling mode can only guarantee that + # long-lifetime states are recovered. The main advantage of this method + # is the reduction in the state replication at the cost of reducing the + # chances of recovering connections. + # + # PollSecs 15 + # # Event filtering: This clause allows you to filter certain traffic, # There are currently three filter-sets: Protocol, Address and @@ -81,6 +93,7 @@ General { # Protocol Accept { TCP + # UDP } # @@ -118,18 +131,6 @@ Stats { # # NetlinkEventsReliable Off - # - # By default, the daemon receives state updates following an - # event-driven model. You can modify this behaviour by switching to - # polling mode with the PollSecs clause. This clause tells conntrackd - # to dump the states in the kernel every N seconds. With regards to - # synchronization mode, the polling mode can only guarantee that - # long-lifetime states are recovered. The main advantage of this method - # is the reduction in the state replication at the cost of reducing the - # chances of recovering connections. - # - # PollSecs 15 - # # Enable connection logging via Syslog. Default is off. # Syslog: on, off or a facility name (daemon (default) or local0..7) diff --git a/doc/stats/conntrackd.conf.orig b/doc/stats/conntrackd.conf.orig deleted file mode 100644 index 1f1a697..0000000 --- a/doc/stats/conntrackd.conf.orig +++ /dev/null @@ -1,121 +0,0 @@ -# -# General settings -# -General { - # - # Set the nice value of the daemon. This value goes from -20 - # (most favorable scheduling) to 19 (least favorable). Using a - # negative value reduces the chances to lose state-change events. - # Default is 0. See man nice(1) for more information. - # - Nice -1 - - # - # Number of buckets in the caches: hash table - # - HashSize 8192 - - # - # Maximum number of conntracks: - # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max - # - HashLimit 65535 - - # - # Logfile: on (/var/log/conntrackd.log), off, or a filename - # Default: off - # - #LogFile on - - # - # Syslog: on, off or a facility name (daemon (default) or local0..7) - # Default: off - # - #Syslog on - - # - # Lockfile - # - LockFile /var/lock/conntrack.lock - - # - # Unix socket configuration - # - UNIX { - Path /var/run/conntrackd.ctl - Backlog 20 - } - - # - # Netlink socket buffer size - # - NetlinkBufferSize 262142 - - # - # Increase the socket buffer up to maximun if required - # - NetlinkBufferSizeMaxGrowth 655355 - - # - # Event filtering: This clause allows you to filter certain traffic, - # There are currently three filter-sets: Protocol, Address and - # State. The filter is attached to an action that can be: Accept or - # Ignore. Thus, you can define the event filtering policy of the - # filter-sets in positive or negative logic depending on your needs. - # - Filter { - # - # Accept only certain protocols: You may want to log the - # state of flows depending on their layer 4 protocol. - # - Protocol Accept { - TCP - } - - # - # Ignore traffic for a certain set of IP's. - # - Address Ignore { - IPv4_address 127.0.0.1 # loopback - } - - # - # Uncomment this line below if you want to filter by flow state. - # The existing TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED, - # FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSED, LISTEN. - # - # State Accept { - # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP - # } - } -} - -Stats { - # - # If you enable this option, the daemon writes the information about - # destroyed connections to a logfile. Default is off. - # Logfile: on, off, or a filename - # Default file: (/var/log/conntrackd-stats.log) - # - LogFile on - - # - # By default, the daemon receives state updates following an - # event-driven model. You can modify this behaviour by switching to - # polling mode with the PollSecs clause. This clause tells conntrackd - # to dump the states in the kernel every N seconds. With regards to - # synchronization mode, the polling mode can only guarantee that - # long-lifetime states are recovered. The main advantage of this method - # is the reduction in the state replication at the cost of reducing the - # chances of recovering connections. - # - # PollSecs 15 - - # - # Enable connection logging via Syslog. Default is off. - # Syslog: on, off or a facility name (daemon (default) or local0..7) - # If you set the facility, use the same as in the General clause, - # otherwise you'll get a warning message. - # - #Syslog on -} |