diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2011-11-03 21:05:43 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-11-03 21:05:43 -0700 |
commit | 6dbbd92522a13bcd5003829cbed30bc38a3d0362 (patch) | |
tree | b486642d7392b81d89f159d65fd556a432e78d16 /Documentation/networking/ipvs-sysctl.txt | |
parent | d6748066ad0e8b2514545998f8367ebb3906f299 (diff) | |
parent | e1cfb67acd5e890bbad695000d2c997bfb7f1756 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits)
be2net: Add detect UE feature for Lancer
be2net: Prevent CQ full condition for Lancer
be2net: Fix disabling multicast promiscous mode
be2net: Fix endian issue in RX filter command
af_packet: de-inline some helper functions
MAINTAINERS: Add can-gw include to maintained files
net: Add back alignment for size for __alloc_skb
net: add missing bh_unlock_sock() calls
l2tp: fix race in l2tp_recv_dequeue()
ixgbevf: Update release version
ixgbe: DCB, return max for IEEE traffic classes
ixgbe: fix reading of the buffer returned by the firmware
ixgbe: Fix compiler warnings
ixgbe: fix smatch splat due to missing NULL check
ixgbe: fix disabling of Tx laser at probe
ixgbe: Fix link issues caused by a reset while interface is down
igb: Fix for I347AT4 PHY cable length unit detection
e100: make sure vlan support isn't advertised on old adapters
e1000e: demote a debugging WARN to a debug log message
net: fix typo in drivers/net/ethernet/xilinx/ll_temac_main.c
...
Diffstat (limited to 'Documentation/networking/ipvs-sysctl.txt')
-rw-r--r-- | Documentation/networking/ipvs-sysctl.txt | 62 |
1 files changed, 55 insertions, 7 deletions
diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt index 4ccdbca0381..f2a2488f1bf 100644 --- a/Documentation/networking/ipvs-sysctl.txt +++ b/Documentation/networking/ipvs-sysctl.txt @@ -15,6 +15,23 @@ amemthresh - INTEGER enabled and the variable is automatically set to 2, otherwise the strategy is disabled and the variable is set to 1. +conntrack - BOOLEAN + 0 - disabled (default) + not 0 - enabled + + If set, maintain connection tracking entries for + connections handled by IPVS. + + This should be enabled if connections handled by IPVS are to be + also handled by stateful firewall rules. That is, iptables rules + that make use of connection tracking. It is a performance + optimisation to disable this setting otherwise. + + Connections handled by the IPVS FTP application module + will have connection tracking entries regardless of this setting. + + Only available when IPVS is compiled with CONFIG_IP_VS_NFCT enabled. + cache_bypass - BOOLEAN 0 - disabled (default) not 0 - enabled @@ -39,7 +56,7 @@ debug_level - INTEGER 11 - IPVS packet handling (ip_vs_in/ip_vs_out) 12 or more - packet traversal - Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG + Only available when IPVS is compiled with CONFIG_IP_VS_DEBUG enabled. Higher debugging levels include the messages for lower debugging levels, so setting debug level 2, includes level 0, 1 and 2 @@ -123,13 +140,11 @@ nat_icmp_send - BOOLEAN secure_tcp - INTEGER 0 - disabled (default) - The secure_tcp defense is to use a more complicated state - transition table and some possible short timeouts of each - state. In the VS/NAT, it delays the entering the ESTABLISHED - until the real server starts to send data and ACK packet - (after 3-way handshake). + The secure_tcp defense is to use a more complicated TCP state + transition table. For VS/NAT, it also delays entering the + TCP ESTABLISHED state until the three way handshake is completed. - The value definition is the same as that of drop_entry or + The value definition is the same as that of drop_entry and drop_packet. sync_threshold - INTEGER @@ -141,3 +156,36 @@ sync_threshold - INTEGER synchronized, every time the number of its incoming packets modulus 50 equals the threshold. The range of the threshold is from 0 to 49. + +snat_reroute - BOOLEAN + 0 - disabled + not 0 - enabled (default) + + If enabled, recalculate the route of SNATed packets from + realservers so that they are routed as if they originate from the + director. Otherwise they are routed as if they are forwarded by the + director. + + If policy routing is in effect then it is possible that the route + of a packet originating from a director is routed differently to a + packet being forwarded by the director. + + If policy routing is not in effect then the recalculated route will + always be the same as the original route so it is an optimisation + to disable snat_reroute and avoid the recalculation. + +sync_version - INTEGER + default 1 + + The version of the synchronisation protocol used when sending + synchronisation messages. + + 0 selects the original synchronisation protocol (version 0). This + should be used when sending synchronisation messages to a legacy + system that only understands the original synchronisation protocol. + + 1 selects the current synchronisation protocol (version 1). This + should be used where possible. + + Kernels with this sync_version entry are able to receive messages + of both version 1 and version 2 of the synchronisation protocol. |