[conntrack-tools] doc: unset CommitTimeout by default
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sun Jan 25 18:23:07 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=2aeebebf6d6a48d57023e3c7953ddd9088284f99
commit 2aeebebf6d6a48d57023e3c7953ddd9088284f99
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Jan 25 18:21:26 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Jan 25 18:21:26 2009 +0100
doc: unset CommitTimeout by default
This patch disables CommitTimeout by default. The daemon now uses
the approximate timeout calculation by default.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 2aeebebf6d6a48d57023e3c7953ddd9088284f99 (commit)
from 30ab4eae6a196102285fd649119fa2d9afe35a32 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2aeebebf6d6a48d57023e3c7953ddd9088284f99
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Jan 25 18:21:26 2009 +0100
doc: unset CommitTimeout by default
This patch disables CommitTimeout by default. The daemon now uses
the approximate timeout calculation by default.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
doc/sync/alarm/conntrackd.conf | 16 +++++++++++-----
doc/sync/ftfw/conntrackd.conf | 14 ++++++++++----
doc/sync/notrack/conntrackd.conf | 14 ++++++++++----
3 files changed, 31 insertions(+), 13 deletions(-)
This patch disables CommitTimeout by default. The daemon now uses
the approximate timeout calculation by default.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index db7d99e..39741b3 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -18,11 +18,17 @@ Sync {
CacheTimeout 180
#
- # Entries committed to the connection tracking table
- # starts with a limited timeout of N seconds until the
- # takeover process is completed.
+ # This parameter allows you to set an initial fixed timeout
+ # for the committed entries when this node goes from backup
+ # to primary. This mechanism provides a way to purge entries
+ # that were not recovered appropriately after the specified
+ # fixed timeout. If you set a low value, TCP entries in
+ # Established states with no traffic may hang. For example,
+ # an SSH connection without KeepAlive enabled. If not set,
+ # the daemon uses an approximate timeout value calculation
+ # mechanism. By default, this option is not set.
#
- CommitTimeout 180
+ # CommitTimeout 180
#
# If the firewall replica goes from primary to backup,
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 69572cf..93f7a44 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -15,11 +15,17 @@ Sync {
# ResendQueueSize 131072
#
- # Entries committed to the connection tracking table
- # starts with a limited timeout of N seconds until the
- # takeover process is completed.
+ # This parameter allows you to set an initial fixed timeout
+ # for the committed entries when this node goes from backup
+ # to primary. This mechanism provides a way to purge entries
+ # that were not recovered appropriately after the specified
+ # fixed timeout. If you set a low value, TCP entries in
+ # Established states with no traffic may hang. For example,
+ # an SSH connection without KeepAlive enabled. If not set,
+ # the daemon uses an approximate timeout value calculation
+ # mechanism. By default, this option is not set.
#
- CommitTimeout 180
+ # CommitTimeout 180
#
# If the firewall replica goes from primary to backup,
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 1df79a1..39a5faa 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -4,11 +4,17 @@
Sync {
Mode NOTRACK {
#
- # Entries committed to the connection tracking table
- # starts with a limited timeout of N seconds until the
- # takeover process is completed.
+ # This parameter allows you to set an initial fixed timeout
+ # for the committed entries when this node goes from backup
+ # to primary. This mechanism provides a way to purge entries
+ # that were not recovered appropriately after the specified
+ # fixed timeout. If you set a low value, TCP entries in
+ # Established states with no traffic may hang. For example,
+ # an SSH connection without KeepAlive enabled. If not set,
+ # the daemon uses an approximate timeout value calculation
+ # mechanism. By default, this option is not set.
#
- CommitTimeout 180
+ # CommitTimeout 180
#
# If the firewall replica goes from primary to backup,
More information about the netfilter-cvslog
mailing list