vyos-legacy / libnetfilter-cttimeout Goto Github PK
View Code? Open in Web Editor NEWConntrack timeout policy library
License: GNU General Public License v2.0
Conntrack timeout policy library
License: GNU General Public License v2.0
= cttimeout: timeout policy tuning for Netfilter/conntrack = This infrastructure allows you to define fine-grain timeout policies per flow. Basically, from user-space, you can create timeout policy objects via nfct_timeout_alloc(), set the policy attributes, via nfct_timeout_*_attr_set(), and then build the ctnetlink message to communicate this new timeout policy to the kernel. ctnetlink keeps a list of existing policies that are identified by one name. Timeout policies can be attached to flows via the iptables CT target. This is useful in case you want to reduce the timeout of TCP Established state to 3000 seconds instead of default 432000 seconds for certain flows. The infrastructure allows fine tuning of all existing protocol trackers and even modifying the timeout for several states for one given protocol. This new infrastructure uses libmnl, thus, libnetfilter_conntrack remains in intermediate state, meaning that it depends on libnfnetlink and libmnl. This should not be a problem since we'll require this dual support during the transition to the new libnetfilter_conntrack API. Under examples/ directory, you can find examples on how to create new timeout policies, delete them and to retrieve the existing list of policies. 1) You can create one dummy timeout policy: examples# ./nfct-timeout-add test 2 6 2) You can retrieve the policy that is known by `test': examples# ./nfct-timeout-get test .test = { .l3proto = 2, .l4proto = 6, .policy = { .SYN_SENT = 100, .SYN_RECV = 120, .ESTABLISHED = 60, .FIN_WAIT = 432000, .CLOSE_WAIT = 120, .LAST_ACK = 60, .TIME_WAIT = 30, .CLOSE = 120, .SYN_SENT2 = 10, }, }; 3) You may want to retrieve all timeout policies: examples# ./nfct-timeout-get The kernel-space part is planned to be available since Linux kernel >= 3.4.0.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.