summaryrefslogtreecommitdiffstats
path: root/Documentation/networking/ipvs-sysctl.txt
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-11-03 21:05:43 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2011-11-03 21:05:43 -0700
commit6dbbd92522a13bcd5003829cbed30bc38a3d0362 (patch)
treeb486642d7392b81d89f159d65fd556a432e78d16 /Documentation/networking/ipvs-sysctl.txt
parentd6748066ad0e8b2514545998f8367ebb3906f299 (diff)
parente1cfb67acd5e890bbad695000d2c997bfb7f1756 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits) be2net: Add detect UE feature for Lancer be2net: Prevent CQ full condition for Lancer be2net: Fix disabling multicast promiscous mode be2net: Fix endian issue in RX filter command af_packet: de-inline some helper functions MAINTAINERS: Add can-gw include to maintained files net: Add back alignment for size for __alloc_skb net: add missing bh_unlock_sock() calls l2tp: fix race in l2tp_recv_dequeue() ixgbevf: Update release version ixgbe: DCB, return max for IEEE traffic classes ixgbe: fix reading of the buffer returned by the firmware ixgbe: Fix compiler warnings ixgbe: fix smatch splat due to missing NULL check ixgbe: fix disabling of Tx laser at probe ixgbe: Fix link issues caused by a reset while interface is down igb: Fix for I347AT4 PHY cable length unit detection e100: make sure vlan support isn't advertised on old adapters e1000e: demote a debugging WARN to a debug log message net: fix typo in drivers/net/ethernet/xilinx/ll_temac_main.c ...
Diffstat (limited to 'Documentation/networking/ipvs-sysctl.txt')
-rw-r--r--Documentation/networking/ipvs-sysctl.txt62
1 files changed, 55 insertions, 7 deletions
diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt
index 4ccdbca0381..f2a2488f1bf 100644
--- a/Documentation/networking/ipvs-sysctl.txt
+++ b/Documentation/networking/ipvs-sysctl.txt
@@ -15,6 +15,23 @@ amemthresh - INTEGER
enabled and the variable is automatically set to 2, otherwise
the strategy is disabled and the variable is set to 1.
+conntrack - BOOLEAN
+ 0 - disabled (default)
+ not 0 - enabled
+
+ If set, maintain connection tracking entries for
+ connections handled by IPVS.
+
+ This should be enabled if connections handled by IPVS are to be
+ also handled by stateful firewall rules. That is, iptables rules
+ that make use of connection tracking. It is a performance
+ optimisation to disable this setting otherwise.
+
+ Connections handled by the IPVS FTP application module
+ will have connection tracking entries regardless of this setting.
+
+ Only available when IPVS is compiled with CONFIG_IP_VS_NFCT enabled.
+
cache_bypass - BOOLEAN
0 - disabled (default)
not 0 - enabled
@@ -39,7 +56,7 @@ debug_level - INTEGER
11 - IPVS packet handling (ip_vs_in/ip_vs_out)
12 or more - packet traversal
- Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG
+ Only available when IPVS is compiled with CONFIG_IP_VS_DEBUG enabled.
Higher debugging levels include the messages for lower debugging
levels, so setting debug level 2, includes level 0, 1 and 2
@@ -123,13 +140,11 @@ nat_icmp_send - BOOLEAN
secure_tcp - INTEGER
0 - disabled (default)
- The secure_tcp defense is to use a more complicated state
- transition table and some possible short timeouts of each
- state. In the VS/NAT, it delays the entering the ESTABLISHED
- until the real server starts to send data and ACK packet
- (after 3-way handshake).
+ The secure_tcp defense is to use a more complicated TCP state
+ transition table. For VS/NAT, it also delays entering the
+ TCP ESTABLISHED state until the three way handshake is completed.
- The value definition is the same as that of drop_entry or
+ The value definition is the same as that of drop_entry and
drop_packet.
sync_threshold - INTEGER
@@ -141,3 +156,36 @@ sync_threshold - INTEGER
synchronized, every time the number of its incoming packets
modulus 50 equals the threshold. The range of the threshold is
from 0 to 49.
+
+snat_reroute - BOOLEAN
+ 0 - disabled
+ not 0 - enabled (default)
+
+ If enabled, recalculate the route of SNATed packets from
+ realservers so that they are routed as if they originate from the
+ director. Otherwise they are routed as if they are forwarded by the
+ director.
+
+ If policy routing is in effect then it is possible that the route
+ of a packet originating from a director is routed differently to a
+ packet being forwarded by the director.
+
+ If policy routing is not in effect then the recalculated route will
+ always be the same as the original route so it is an optimisation
+ to disable snat_reroute and avoid the recalculation.
+
+sync_version - INTEGER
+ default 1
+
+ The version of the synchronisation protocol used when sending
+ synchronisation messages.
+
+ 0 selects the original synchronisation protocol (version 0). This
+ should be used when sending synchronisation messages to a legacy
+ system that only understands the original synchronisation protocol.
+
+ 1 selects the current synchronisation protocol (version 1). This
+ should be used where possible.
+
+ Kernels with this sync_version entry are able to receive messages
+ of both version 1 and version 2 of the synchronisation protocol.