Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux

[pandora-kernel.git] / Documentation / networking / ipvs-sysctl.txt

diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt
index 4ccdbca..f2a2488 100644 (file)
--- a/Documentation/networking/ipvs-sysctl.txt
+++ b/Documentation/networking/ipvs-sysctl.txt
@@ -15,6 +15,23 @@ amemthresh - INTEGER
         enabled and the variable is automatically set to 2, otherwise
         the strategy is disabled and the variable is  set  to 1.
 
         enabled and the variable is automatically set to 2, otherwise
         the strategy is disabled and the variable is  set  to 1.
 

+conntrack - BOOLEAN
+       0 - disabled (default)
+       not 0 - enabled
+
+       If set, maintain connection tracking entries for
+       connections handled by IPVS.
+
+       This should be enabled if connections handled by IPVS are to be
+       also handled by stateful firewall rules. That is, iptables rules
+       that make use of connection tracking.  It is a performance
+       optimisation to disable this setting otherwise.
+
+       Connections handled by the IPVS FTP application module
+       will have connection tracking entries regardless of this setting.
+
+       Only available when IPVS is compiled with CONFIG_IP_VS_NFCT enabled.
+

 cache_bypass - BOOLEAN
         0 - disabled (default)
         not 0 - enabled
 cache_bypass - BOOLEAN
         0 - disabled (default)
         not 0 - enabled


@@ -39,7 +56,7 @@ debug_level - INTEGER
        11         - IPVS packet handling (ip_vs_in/ip_vs_out)
        12 or more - packet traversal
 
        11         - IPVS packet handling (ip_vs_in/ip_vs_out)
        12 or more - packet traversal
 

-       Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG
+       Only available when IPVS is compiled with CONFIG_IP_VS_DEBUG enabled.

 
        Higher debugging levels include the messages for lower debugging
        levels, so setting debug level 2, includes level 0, 1 and 2
 
        Higher debugging levels include the messages for lower debugging
        levels, so setting debug level 2, includes level 0, 1 and 2


@@ -123,13 +140,11 @@ nat_icmp_send - BOOLEAN
 secure_tcp - INTEGER
         0  - disabled (default)
 
 secure_tcp - INTEGER
         0  - disabled (default)
 

-        The secure_tcp defense is to use a more complicated state
-        transition table and some possible short timeouts of each
-        state. In the VS/NAT, it delays the entering the ESTABLISHED
-        until the real server starts to send data and ACK packet
-        (after 3-way handshake).
+       The secure_tcp defense is to use a more complicated TCP state
+       transition table. For VS/NAT, it also delays entering the
+       TCP ESTABLISHED state until the three way handshake is completed.

 
 

-        The value definition is the same as that of drop_entry or
+        The value definition is the same as that of drop_entry and

         drop_packet.
 
 sync_threshold - INTEGER
         drop_packet.
 
 sync_threshold - INTEGER


@@ -141,3 +156,36 @@ sync_threshold - INTEGER
         synchronized, every time the number of its incoming packets
         modulus 50 equals the threshold. The range of the threshold is
         from 0 to 49.
         synchronized, every time the number of its incoming packets
         modulus 50 equals the threshold. The range of the threshold is
         from 0 to 49.

+
+snat_reroute - BOOLEAN
+       0 - disabled
+       not 0 - enabled (default)
+
+       If enabled, recalculate the route of SNATed packets from
+       realservers so that they are routed as if they originate from the
+       director. Otherwise they are routed as if they are forwarded by the
+       director.
+
+       If policy routing is in effect then it is possible that the route
+       of a packet originating from a director is routed differently to a
+       packet being forwarded by the director.
+
+       If policy routing is not in effect then the recalculated route will
+       always be the same as the original route so it is an optimisation
+       to disable snat_reroute and avoid the recalculation.
+
+sync_version - INTEGER
+       default 1
+
+       The version of the synchronisation protocol used when sending
+       synchronisation messages.
+
+       0 selects the original synchronisation protocol (version 0). This
+       should be used when sending synchronisation messages to a legacy
+       system that only understands the original synchronisation protocol.
+
+       1 selects the current synchronisation protocol (version 1). This
+       should be used where possible.
+
+       Kernels with this sync_version entry are able to receive messages
+       of both version 1 and version 2 of the synchronisation protocol.