diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-08-19 16:59:38 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-08-19 16:59:38 +0200 |
| commit | 3e6852f806c4368eda451b39f12b2ac2f2b5d33b (patch) | |
| tree | c4783baf3dec6aa3460e33426414e1da28a62b69 /doc | |
| parent | 32ca6a144903b2e6318ee61d1dda3f670d3c09da (diff) | |
| download | conntrack-tools-3e6852f806c4368eda451b39f12b2ac2f2b5d33b.tar.gz conntrack-tools-3e6852f806c4368eda451b39f12b2ac2f2b5d33b.zip | |
conntrackd: add `DisableExternalCache' clause
This patch adds the clause `DisableExternalCache' that allows you
to disable the external cache and to directly inject the entries
into the kernel conntrack table. As a result, the CPU consumption
of conntrackd increases. This clause can only be used with the
FT-FW and the notrack synchronization modes, but not with the
alarm mode.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/sync/ftfw/conntrackd.conf | 13 | ||||
| -rw-r--r-- | doc/sync/notrack/conntrackd.conf | 13 |
2 files changed, 26 insertions, 0 deletions
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf index 602c3d1..76c3aef 100644 --- a/doc/sync/ftfw/conntrackd.conf +++ b/doc/sync/ftfw/conntrackd.conf @@ -189,6 +189,19 @@ Sync { # # Checksum on # } + + # + # This clause allows you to disable the external cache. Thus, the + # state entries are directly injected into the kernel conntrack + # table. As a result, you save memory in user-space but you consume + # slots in the kernel conntrack table for backup state entries. + # Moreover, disabling the external cache means more CPU consumption. + # You need a Linux kernel >= 2.6.29 to use this feature. By default, + # this clause is set off. If you are installing conntrackd for first + # time, please read the user manual and I encourage you to consider + # using the fail-over scripts instead of enabling this option! + # + # DisableExternalCache Off } # diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index 6968025..9cdb2c7 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -170,6 +170,19 @@ Sync { # # Checksum on # } + + # + # This clause allows you to disable the external cache. Thus, the + # state entries are directly injected into the kernel conntrack + # table. As a result, you save memory in user-space but you consume + # slots in the kernel conntrack table for backup state entries. + # Moreover, disabling the external cache means more CPU consumption. + # You need a Linux kernel >= 2.6.29 to use this feature. By default, + # this clause is set off. If you are installing conntrackd for first + # time, please read the user manual and I encourage you to consider + # using the fail-over scripts instead of enabling this option! + # + # DisableExternalCache Off } # |