diff options
author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-04-29 14:18:17 +0000 |
---|---|---|
committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-04-29 14:18:17 +0000 |
commit | ace1f6a61b6842e2b49ec7a08f368a2d9f433be0 (patch) | |
tree | 92c62e1bf75ff98d949b8f71a0f79c948d1e544a /src/read_config_yy.y | |
parent | 96213d5f0821aee2fe52459ab2cd54569e50cf85 (diff) | |
download | conntrack-tools-ace1f6a61b6842e2b49ec7a08f368a2d9f433be0.tar.gz conntrack-tools-ace1f6a61b6842e2b49ec7a08f368a2d9f433be0.zip |
Fix reorder possible reordering of destroy messages under message omission. This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table.
Diffstat (limited to 'src/read_config_yy.y')
-rw-r--r-- | src/read_config_yy.y | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 86fee9b..0bc5e3c 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -52,7 +52,7 @@ struct ct_conf conf; %token T_REPLICATE T_FOR T_IFACE %token T_ESTABLISHED T_SYN_SENT T_SYN_RECV T_FIN_WAIT %token T_CLOSE_WAIT T_LAST_ACK T_TIME_WAIT T_CLOSE T_LISTEN -%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE +%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT %token <string> T_IP T_PATH_VAL @@ -429,6 +429,7 @@ sync_line: refreshtime | listen_to | state_replication | cache_writethrough + | destroy_timeout ; sync_mode_alarm: T_SYNC_MODE T_ALARM '{' sync_mode_alarm_list '}' @@ -469,6 +470,11 @@ window_size: T_WINDOWSIZE T_NUMBER conf.window_size = $2; }; +destroy_timeout: T_DESTROY_TIMEOUT T_NUMBER +{ + conf.del_timeout = $2; +}; + relax_transitions: T_RELAX_TRANSITIONS { fprintf(stderr, "Notice: RelaxTransitions clause is obsolete. " @@ -746,5 +752,9 @@ init_config(char *filename) if (CONFIG(window_size) == 0) CONFIG(window_size) = 20; + /* double of 120 seconds which is common timeout of a final state */ + if (conf.flags & CTD_SYNC_FTFW && CONFIG(del_timeout) == 0) + CONFIG(del_timeout) = 240; + return 0; } |