diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-02-08 19:13:22 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-02-08 19:13:22 +0100 |
commit | f3464ea99081fbe4f429f030ea99c60e2338c047 (patch) | |
tree | b33666b18749ca5c92333bc7caac38c2bba3f924 /doc/sync/notrack | |
parent | ba2f8458ecfa0827e09a1c40c9e29868239fafa1 (diff) | |
download | conntrack-tools-f3464ea99081fbe4f429f030ea99c60e2338c047.tar.gz conntrack-tools-f3464ea99081fbe4f429f030ea99c60e2338c047.zip |
netlink: add new option NetlinkOverrunResync
This patch adds NetlinkOverrunResync. This option can be used to
set the amount of time after which the daemon resynchronizes itself
with the kernel state-table if it detects a Netlink overrun.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/sync/notrack')
-rw-r--r-- | doc/sync/notrack/conntrackd.conf | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index b77d589..c64291b 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -182,6 +182,19 @@ General { # SocketBufferSizeMaxGrowth 8388608 + # + # If the daemon detects that Netlink is dropping state-change events, + # it automatically schedules a resynchronization against the Kernel + # after 30 seconds (default value). Resynchronizations are expensive + # in terms of CPU consumption since the daemon has to get the full + # kernel state-table and purge state-entries that do not exist anymore. + # Be careful of setting a very small value here. You have the following + # choices: On (enabled, use default 30 seconds value), Off (disabled) + # or Value (in seconds, to set a specific amount of time). If not + # specified, the daemon assumes that this option is enabled. + # + # NetlinkOverrunResync On + # # By default, the daemon receives state updates following an # event-driven model. You can modify this behaviour by switching to |