From 05c78bc9b5c198a3bd9211aabe467acbbb672b8b Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 21 Oct 2008 19:53:23 +0200 Subject: doc: remove example about CacheWriteTrough This patch removes the documentation about the CacheWriteTrhough clause. This feature is scheduled for removal since the asynchronous nature of conntrackd does not allow multi-path routing support. I'm lying, actually there's a chance to support it, but we have to guarantee that the RTT in the message synchronization between the firewall is smaller than the RTT between the peer and the firewalls. Moreover, this option has made more bad than good since people enable it when things don't work. Making the whole troubleshooting more complicated. Signed-off-by: Pablo Neira Ayuso --- doc/sync/alarm/conntrackd.conf | 9 --------- doc/sync/ftfw/conntrackd.conf | 9 --------- doc/sync/notrack/conntrackd.conf | 9 --------- 3 files changed, 27 deletions(-) diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf index e48ca2d..8d34697 100644 --- a/doc/sync/alarm/conntrackd.conf +++ b/doc/sync/alarm/conntrackd.conf @@ -101,15 +101,6 @@ Sync { # achieve fault-tolerance. In case of doubt, do not modify this value. # Checksum on - - # If you have a multiprimary setup (active-active) without connection - # persistency, ie. you can't know which firewall handles a packet - # that is part of a connection, then you need direct commit of - # conntrack entries to the kernel conntrack table. OSPF setups must - # set on this option. If you have a simple primary-backup scenario. - # Do not set it on. Default is off. - # - # CacheWriteThrough On } # diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf index 40f8457..3aa8216 100644 --- a/doc/sync/ftfw/conntrackd.conf +++ b/doc/sync/ftfw/conntrackd.conf @@ -96,15 +96,6 @@ Sync { # achieve fault-tolerance. In case of doubt, do not modify this value. # Checksum on - - # If you have a multiprimary setup (active-active) without connection - # persistency, ie. you can't know which firewall handles a packet - # that is part of a connection, then you need direct commit of - # conntrack entries to the kernel conntrack table. OSPF setups must - # set on this option. If you have a simple primary-backup scenario. - # Do not set it on. Default is off. - # - # CacheWriteThrough On } # diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index b135814..446e981 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -89,15 +89,6 @@ Sync { # achieve fault-tolerance. In case of doubt, do not modify this value. # Checksum on - - # If you have a multiprimary setup (active-active) without connection - # persistency, ie. you can't know which firewall handles a packet - # that is part of a connection, then you need direct commit of - # conntrack entries to the kernel conntrack table. OSPF setups must - # set on this option. If you have a simple primary-backup scenario. - # Do not set it on. Default is off. - # - # CacheWriteThrough On } # -- cgit v1.2.3