diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-01 13:28:11 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-05-13 15:53:28 +0200 |
| commit | 1ecda7339e8678c0b4debe7003b4a42791ad478e (patch) | |
| tree | e82b9ad7ea4e0dc05f37bb6c90fbf17c3d2ffefb /include/linux | |
| parent | 34a8e200eee54b4bbecadf52bba8901cae129795 (diff) | |
| download | conntrack-tools-1ecda7339e8678c0b4debe7003b4a42791ad478e.tar.gz conntrack-tools-1ecda7339e8678c0b4debe7003b4a42791ad478e.zip | |
nfct: timeout: add support for default protocol timeout tuning
This new interface supersedes the /proc interface:
/proc/sys/net/netfilter/nf_conntrack_PROTO_STATE_timeout
to tune default conntrack timeout helpers.
# nfct timeout default-get inet tcp
.l3proto = 2,
.l4proto = 6,
.policy = {
.SYN_SENT = 120,
.SYN_RECV = 60,
.ESTABLISHED = 432000,
.FIN_WAIT = 120,
.CLOSE_WAIT = 60,
.LAST_ACK = 30,
.TIME_WAIT = 120,
.CLOSE = 10,
.SYN_SENT2 = 120,
.RETRANS = 300,
.UNACKNOWLEDGED = 300,
},
};
# nfct timeout default-set inet tcp ESTABLISHED 100
As replacement for the existing /proc interfaces for timeout tweaking.
This feature requires a Linux kernel >= 3.13.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter/nfnetlink_cttimeout.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/netfilter/nfnetlink_cttimeout.h b/include/linux/netfilter/nfnetlink_cttimeout.h index a2810a7..1ab0b97 100644 --- a/include/linux/netfilter/nfnetlink_cttimeout.h +++ b/include/linux/netfilter/nfnetlink_cttimeout.h @@ -6,6 +6,8 @@ enum ctnl_timeout_msg_types { IPCTNL_MSG_TIMEOUT_NEW, IPCTNL_MSG_TIMEOUT_GET, IPCTNL_MSG_TIMEOUT_DELETE, + IPCTNL_MSG_TIMEOUT_DEFAULT_SET, + IPCTNL_MSG_TIMEOUT_DEFAULT_GET, IPCTNL_MSG_TIMEOUT_MAX }; |