diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-10-21 19:53:23 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-10-21 19:53:23 +0200 |
| commit | 05c78bc9b5c198a3bd9211aabe467acbbb672b8b (patch) | |
| tree | d8fdeef01a33a1347f3a0a06e26cdfa2277476ac | |
| parent | 50162d3c19e38a491d95ec26767438ec25bab0dc (diff) | |
| download | conntrack-tools-05c78bc9b5c198a3bd9211aabe467acbbb672b8b.tar.gz conntrack-tools-05c78bc9b5c198a3bd9211aabe467acbbb672b8b.zip | |
doc: remove example about CacheWriteTrough
This patch removes the documentation about the CacheWriteTrhough clause.
This feature is scheduled for removal since the asynchronous nature of
conntrackd does not allow multi-path routing support. I'm lying,
actually there's a chance to support it, but we have to guarantee that
the RTT in the message synchronization between the firewall is smaller
than the RTT between the peer and the firewalls.
Moreover, this option has made more bad than good since people enable it
when things don't work. Making the whole troubleshooting more
complicated.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | doc/sync/alarm/conntrackd.conf | 9 | ||||
| -rw-r--r-- | doc/sync/ftfw/conntrackd.conf | 9 | ||||
| -rw-r--r-- | doc/sync/notrack/conntrackd.conf | 9 |
3 files changed, 0 insertions, 27 deletions
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf index e48ca2d..8d34697 100644 --- a/doc/sync/alarm/conntrackd.conf +++ b/doc/sync/alarm/conntrackd.conf @@ -101,15 +101,6 @@ Sync { # achieve fault-tolerance. In case of doubt, do not modify this value. # Checksum on - - # If you have a multiprimary setup (active-active) without connection - # persistency, ie. you can't know which firewall handles a packet - # that is part of a connection, then you need direct commit of - # conntrack entries to the kernel conntrack table. OSPF setups must - # set on this option. If you have a simple primary-backup scenario. - # Do not set it on. Default is off. - # - # CacheWriteThrough On } # diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf index 40f8457..3aa8216 100644 --- a/doc/sync/ftfw/conntrackd.conf +++ b/doc/sync/ftfw/conntrackd.conf @@ -96,15 +96,6 @@ Sync { # achieve fault-tolerance. In case of doubt, do not modify this value. # Checksum on - - # If you have a multiprimary setup (active-active) without connection - # persistency, ie. you can't know which firewall handles a packet - # that is part of a connection, then you need direct commit of - # conntrack entries to the kernel conntrack table. OSPF setups must - # set on this option. If you have a simple primary-backup scenario. - # Do not set it on. Default is off. - # - # CacheWriteThrough On } # diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index b135814..446e981 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -89,15 +89,6 @@ Sync { # achieve fault-tolerance. In case of doubt, do not modify this value. # Checksum on - - # If you have a multiprimary setup (active-active) without connection - # persistency, ie. you can't know which firewall handles a packet - # that is part of a connection, then you need direct commit of - # conntrack entries to the kernel conntrack table. OSPF setups must - # set on this option. If you have a simple primary-backup scenario. - # Do not set it on. Default is off. - # - # CacheWriteThrough On } # |