diff options
Diffstat (limited to 'Documentation/networking/ipvs-sysctl.txt')
-rw-r--r-- | Documentation/networking/ipvs-sysctl.txt | 62 |
1 files changed, 55 insertions, 7 deletions
diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt index 4ccdbca03811..f2a2488f1bf3 100644 --- a/Documentation/networking/ipvs-sysctl.txt +++ b/Documentation/networking/ipvs-sysctl.txt | |||
@@ -15,6 +15,23 @@ amemthresh - INTEGER | |||
15 | enabled and the variable is automatically set to 2, otherwise | 15 | enabled and the variable is automatically set to 2, otherwise |
16 | the strategy is disabled and the variable is set to 1. | 16 | the strategy is disabled and the variable is set to 1. |
17 | 17 | ||
18 | conntrack - BOOLEAN | ||
19 | 0 - disabled (default) | ||
20 | not 0 - enabled | ||
21 | |||
22 | If set, maintain connection tracking entries for | ||
23 | connections handled by IPVS. | ||
24 | |||
25 | This should be enabled if connections handled by IPVS are to be | ||
26 | also handled by stateful firewall rules. That is, iptables rules | ||
27 | that make use of connection tracking. It is a performance | ||
28 | optimisation to disable this setting otherwise. | ||
29 | |||
30 | Connections handled by the IPVS FTP application module | ||
31 | will have connection tracking entries regardless of this setting. | ||
32 | |||
33 | Only available when IPVS is compiled with CONFIG_IP_VS_NFCT enabled. | ||
34 | |||
18 | cache_bypass - BOOLEAN | 35 | cache_bypass - BOOLEAN |
19 | 0 - disabled (default) | 36 | 0 - disabled (default) |
20 | not 0 - enabled | 37 | not 0 - enabled |
@@ -39,7 +56,7 @@ debug_level - INTEGER | |||
39 | 11 - IPVS packet handling (ip_vs_in/ip_vs_out) | 56 | 11 - IPVS packet handling (ip_vs_in/ip_vs_out) |
40 | 12 or more - packet traversal | 57 | 12 or more - packet traversal |
41 | 58 | ||
42 | Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG | 59 | Only available when IPVS is compiled with CONFIG_IP_VS_DEBUG enabled. |
43 | 60 | ||
44 | Higher debugging levels include the messages for lower debugging | 61 | Higher debugging levels include the messages for lower debugging |
45 | levels, so setting debug level 2, includes level 0, 1 and 2 | 62 | levels, so setting debug level 2, includes level 0, 1 and 2 |
@@ -123,13 +140,11 @@ nat_icmp_send - BOOLEAN | |||
123 | secure_tcp - INTEGER | 140 | secure_tcp - INTEGER |
124 | 0 - disabled (default) | 141 | 0 - disabled (default) |
125 | 142 | ||
126 | The secure_tcp defense is to use a more complicated state | 143 | The secure_tcp defense is to use a more complicated TCP state |
127 | transition table and some possible short timeouts of each | 144 | transition table. For VS/NAT, it also delays entering the |
128 | state. In the VS/NAT, it delays the entering the ESTABLISHED | 145 | TCP ESTABLISHED state until the three way handshake is completed. |
129 | until the real server starts to send data and ACK packet | ||
130 | (after 3-way handshake). | ||
131 | 146 | ||
132 | The value definition is the same as that of drop_entry or | 147 | The value definition is the same as that of drop_entry and |
133 | drop_packet. | 148 | drop_packet. |
134 | 149 | ||
135 | sync_threshold - INTEGER | 150 | sync_threshold - INTEGER |
@@ -141,3 +156,36 @@ sync_threshold - INTEGER | |||
141 | synchronized, every time the number of its incoming packets | 156 | synchronized, every time the number of its incoming packets |
142 | modulus 50 equals the threshold. The range of the threshold is | 157 | modulus 50 equals the threshold. The range of the threshold is |
143 | from 0 to 49. | 158 | from 0 to 49. |
159 | |||
160 | snat_reroute - BOOLEAN | ||
161 | 0 - disabled | ||
162 | not 0 - enabled (default) | ||
163 | |||
164 | If enabled, recalculate the route of SNATed packets from | ||
165 | realservers so that they are routed as if they originate from the | ||
166 | director. Otherwise they are routed as if they are forwarded by the | ||
167 | director. | ||
168 | |||
169 | If policy routing is in effect then it is possible that the route | ||
170 | of a packet originating from a director is routed differently to a | ||
171 | packet being forwarded by the director. | ||
172 | |||
173 | If policy routing is not in effect then the recalculated route will | ||
174 | always be the same as the original route so it is an optimisation | ||
175 | to disable snat_reroute and avoid the recalculation. | ||
176 | |||
177 | sync_version - INTEGER | ||
178 | default 1 | ||
179 | |||
180 | The version of the synchronisation protocol used when sending | ||
181 | synchronisation messages. | ||
182 | |||
183 | 0 selects the original synchronisation protocol (version 0). This | ||
184 | should be used when sending synchronisation messages to a legacy | ||
185 | system that only understands the original synchronisation protocol. | ||
186 | |||
187 | 1 selects the current synchronisation protocol (version 1). This | ||
188 | should be used where possible. | ||
189 | |||
190 | Kernels with this sync_version entry are able to receive messages | ||
191 | of both version 1 and version 2 of the synchronisation protocol. | ||