aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/networking/ipvs-sysctl.txt')
-rw-r--r--Documentation/networking/ipvs-sysctl.txt62
1 files changed, 55 insertions, 7 deletions
diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt
index 4ccdbca03811..f2a2488f1bf3 100644
--- a/Documentation/networking/ipvs-sysctl.txt
+++ b/Documentation/networking/ipvs-sysctl.txt
@@ -15,6 +15,23 @@ amemthresh - INTEGER
15 enabled and the variable is automatically set to 2, otherwise 15 enabled and the variable is automatically set to 2, otherwise
16 the strategy is disabled and the variable is set to 1. 16 the strategy is disabled and the variable is set to 1.
17 17
18conntrack - BOOLEAN
19 0 - disabled (default)
20 not 0 - enabled
21
22 If set, maintain connection tracking entries for
23 connections handled by IPVS.
24
25 This should be enabled if connections handled by IPVS are to be
26 also handled by stateful firewall rules. That is, iptables rules
27 that make use of connection tracking. It is a performance
28 optimisation to disable this setting otherwise.
29
30 Connections handled by the IPVS FTP application module
31 will have connection tracking entries regardless of this setting.
32
33 Only available when IPVS is compiled with CONFIG_IP_VS_NFCT enabled.
34
18cache_bypass - BOOLEAN 35cache_bypass - BOOLEAN
19 0 - disabled (default) 36 0 - disabled (default)
20 not 0 - enabled 37 not 0 - enabled
@@ -39,7 +56,7 @@ debug_level - INTEGER
39 11 - IPVS packet handling (ip_vs_in/ip_vs_out) 56 11 - IPVS packet handling (ip_vs_in/ip_vs_out)
40 12 or more - packet traversal 57 12 or more - packet traversal
41 58
42 Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG 59 Only available when IPVS is compiled with CONFIG_IP_VS_DEBUG enabled.
43 60
44 Higher debugging levels include the messages for lower debugging 61 Higher debugging levels include the messages for lower debugging
45 levels, so setting debug level 2, includes level 0, 1 and 2 62 levels, so setting debug level 2, includes level 0, 1 and 2
@@ -123,13 +140,11 @@ nat_icmp_send - BOOLEAN
123secure_tcp - INTEGER 140secure_tcp - INTEGER
124 0 - disabled (default) 141 0 - disabled (default)
125 142
126 The secure_tcp defense is to use a more complicated state 143 The secure_tcp defense is to use a more complicated TCP state
127 transition table and some possible short timeouts of each 144 transition table. For VS/NAT, it also delays entering the
128 state. In the VS/NAT, it delays the entering the ESTABLISHED 145 TCP ESTABLISHED state until the three way handshake is completed.
129 until the real server starts to send data and ACK packet
130 (after 3-way handshake).
131 146
132 The value definition is the same as that of drop_entry or 147 The value definition is the same as that of drop_entry and
133 drop_packet. 148 drop_packet.
134 149
135sync_threshold - INTEGER 150sync_threshold - INTEGER
@@ -141,3 +156,36 @@ sync_threshold - INTEGER
141 synchronized, every time the number of its incoming packets 156 synchronized, every time the number of its incoming packets
142 modulus 50 equals the threshold. The range of the threshold is 157 modulus 50 equals the threshold. The range of the threshold is
143 from 0 to 49. 158 from 0 to 49.
159
160snat_reroute - BOOLEAN
161 0 - disabled
162 not 0 - enabled (default)
163
164 If enabled, recalculate the route of SNATed packets from
165 realservers so that they are routed as if they originate from the
166 director. Otherwise they are routed as if they are forwarded by the
167 director.
168
169 If policy routing is in effect then it is possible that the route
170 of a packet originating from a director is routed differently to a
171 packet being forwarded by the director.
172
173 If policy routing is not in effect then the recalculated route will
174 always be the same as the original route so it is an optimisation
175 to disable snat_reroute and avoid the recalculation.
176
177sync_version - INTEGER
178 default 1
179
180 The version of the synchronisation protocol used when sending
181 synchronisation messages.
182
183 0 selects the original synchronisation protocol (version 0). This
184 should be used when sending synchronisation messages to a legacy
185 system that only understands the original synchronisation protocol.
186
187 1 selects the current synchronisation protocol (version 1). This
188 should be used where possible.
189
190 Kernels with this sync_version entry are able to receive messages
191 of both version 1 and version 2 of the synchronisation protocol.