From 3e6852f806c4368eda451b39f12b2ac2f2b5d33b Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 19 Aug 2009 16:59:38 +0200
Subject: conntrackd: add `DisableExternalCache' clause

This patch adds the clause `DisableExternalCache' that allows you
to disable the external cache and to directly inject the entries
into the kernel conntrack table. As a result, the CPU consumption
of conntrackd increases. This clause can only be used with the
FT-FW and the notrack synchronization modes, but not with the
alarm mode.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/sync/ftfw/conntrackd.conf | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'doc/sync/ftfw/conntrackd.conf')

diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 602c3d1..76c3aef 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -189,6 +189,19 @@ Sync {
 		#
 		# Checksum on
 	# }
+
+	#
+	# This clause allows you to disable the external cache. Thus, the
+	# state entries are directly injected into the kernel conntrack
+	# table. As a result, you save memory in user-space but you consume
+	# slots in the kernel conntrack table for backup state entries.
+	# Moreover, disabling the external cache means more CPU consumption.
+	# You need a Linux kernel >= 2.6.29 to use this feature. By default,
+	# this clause is set off. If you are installing conntrackd for first
+	# time, please read the user manual and I encourage you to consider
+	# using the fail-over scripts instead of enabling this option!
+	#
+	# DisableExternalCache Off
 }
 
 #
-- 
cgit v1.2.3