conntrack -B undocumented

conntrack -B undocumented

[Tino Keitel]

Hi,

the example scripts for conntrackd (like primary-backup.sh) use a -B
option, which seems to be undocumented in the manual page and in the
command help.  What exactly is it intended for?

Regards,
Tino

Re: conntrack -B undocumented

[Pablo Neira Ayuso]

[-- Attachment #1: Type: text/plain, Size: 319 bytes --]

Tino Keitel wrote:
> Hi,
> 
> the example scripts for conntrackd (like primary-backup.sh) use a -B
> option, which seems to be undocumented in the manual page and in the
> command help.  What exactly is it intended for?

It forces a bulk send to other cluster nodes. I have applied the 
following patch to the manpage.

[-- Attachment #2: doc.patch --]
[-- Type: text/x-patch, Size: 897 bytes --]

conntrackd: document `-B' command

From: Pablo Neira Ayuso <pablo@netfilter.org>

This patch documents the `-B' command in conntrackd that allows you
to force a bulk send to other firewall nodes in the cluster.

Reported-by: Tino Keitel <tkeitel@innominate.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 conntrackd.8 |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/conntrackd.8 b/conntrackd.8
index f741bc9..0c9054e 100644
--- a/conntrackd.8
+++ b/conntrackd.8
@@ -41,6 +41,10 @@ Flush the internal and/or external cache
 Flush the kernel conntrack table (if you use a Linux kernel >= 2.6.29, this
 option will not flush your internal and external cache).
 .TP
+.BI "-B "
+Force a bulk send to other replica firewalls. With this command, you will
+ask conntrackd to send the state-entries that it owns to others.
+.TP
 .BI "-k "
 Kill the daemon
 .TP