From 49540362b2a25aadbaf25fd087414776aa5a67a8 Mon Sep 17 00:00:00 2001 From: Samuel Gauthier Date: Thu, 3 Sep 2009 15:06:23 +0200 Subject: conntrackd: fix bad configuration file for DisableExternalCache statement DisableExternalCache is supposed to be put in mode NOTRACK{} or Mode FTFW{} statement. Signed-off-by: Samuel Gauthier Signed-off-by: Pablo Neira Ayuso --- doc/sync/notrack/conntrackd.conf | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) (limited to 'doc/sync/notrack') diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index 25c4e7f..152880b 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -25,6 +25,19 @@ Sync { # trigger several consecutive hand-overs. Default is 60 seconds. # # PurgeTimeout 60 + + # + # This clause allows you to disable the external cache. Thus, the + # state entries are directly injected into the kernel conntrack + # table. As a result, you save memory in user-space but you consume + # slots in the kernel conntrack table for backup state entries. + # Moreover, disabling the external cache means more CPU consumption. + # You need a Linux kernel >= 2.6.29 to use this feature. By default, + # this clause is set off. If you are installing conntrackd for first + # time, please read the user manual and I encourage you to consider + # using the fail-over scripts instead of enabling this option! + # + # DisableExternalCache Off } # @@ -172,18 +185,6 @@ Sync { # Checksum on # } - # - # This clause allows you to disable the external cache. Thus, the - # state entries are directly injected into the kernel conntrack - # table. As a result, you save memory in user-space but you consume - # slots in the kernel conntrack table for backup state entries. - # Moreover, disabling the external cache means more CPU consumption. - # You need a Linux kernel >= 2.6.29 to use this feature. By default, - # this clause is set off. If you are installing conntrackd for first - # time, please read the user manual and I encourage you to consider - # using the fail-over scripts instead of enabling this option! - # - # DisableExternalCache Off } # -- cgit v1.2.3