diff options
author | Arturo Borrero Gonzalez <arturo@netfilter.org> | 2021-01-20 14:04:14 +0100 |
---|---|---|
committer | Arturo Borrero Gonzalez <arturo@netfilter.org> | 2021-02-01 11:29:25 +0100 |
commit | 089aa91d6a4a382775d6077c842492ed3d54be60 (patch) | |
tree | 6f17597503e73830eab768e08547a39ed4697f47 /conntrackd.conf.5 | |
parent | 3132697b9a0f6ce9574f52e56b0f2a13624e5aa7 (diff) |
conntrackd: introduce yes & no config values
They are equivalent of 'on' and 'off' and makes the config easier to understand.
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Diffstat (limited to 'conntrackd.conf.5')
-rw-r--r-- | conntrackd.conf.5 | 110 |
1 files changed, 55 insertions, 55 deletions
diff --git a/conntrackd.conf.5 b/conntrackd.conf.5 index 673f895..a73c3f7 100644 --- a/conntrackd.conf.5 +++ b/conntrackd.conf.5 @@ -22,7 +22,7 @@ .\" <http://www.gnu.org/licenses/>. .\" %%%LICENSE_END .\" -.TH CONNTRACKD.CONF 5 "Jan 27, 2019" +.TH CONNTRACKD.CONF 5 "Jan 20, 2021" .SH NAME conntrackd.conf \- configuration file for conntrackd daemon @@ -133,7 +133,7 @@ experiments measuring the cycles spent by the acknowledgment handling with oprofile). .TP -.BI "DisableExternalCache <on|off>" +.BI "DisableExternalCache <yes|no>" This clause allows you to disable the external cache. Thus, the state entries are directly injected into the kernel conntrack table. As a result, you save memory in user-space but you consume slots in the kernel conntrack table for @@ -144,19 +144,19 @@ If you are installing \fBconntrackd(8)\fP for first time, please read the user manual and I encourage you to consider using the fail-over scripts instead of enabling this option! -By default, this clause is set off. +By default this is set to no, meaning the external cache is enabled. .TP -.BI "StartupResync <on|off>" +.BI "StartupResync <yes|no>" Order conntrackd to request a complete conntrack table resync against the other node at startup. A single request will be made. This is useful to get in sync with another node which has been running while we were down. -Example: StartupResync on +Example: StartupResync yes -By default, this clause is set off. +By default, this clause is set to no. .SS Mode ALARM @@ -201,14 +201,14 @@ In this synchronization mode you may configure \fBDisableInternalCache\fP, \fBStartupResync\fP. .TP -.BI "DisableInternalCache <on|off>" +.BI "DisableInternalCache <yes|no>" This clause allows you to disable the internal cache. Thus, the synchronization messages are directly sent through the dedicated link. -This option is set off by default. +This option is set to no by default. .TP -.BI "DisableExternalCache <on|off>" +.BI "DisableExternalCache <yes|no>" Same as in \fBFTFW\fP mode. .TP @@ -220,7 +220,7 @@ Same as in \fBFTFW\fP mode. Same as in \fBFTFW\fP mode. .TP -.BI "StartupResync <on|off>" +.BI "StartupResync <yes|no>" Same as in \fBFTFW\fP mode. .SS MULTICAST @@ -326,7 +326,7 @@ to increase the buffer size. Example: RcvSocketBuffer 1249280 .TP -.BI "Checksum <on|off>" +.BI "Checksum <yes|no>" Enable/Disable message checksumming. This is a good property to achieve fault-tolerance. In case of doubt, use it. @@ -395,7 +395,7 @@ Same as in the \fBMulticast\fP transport protocol configuration. Same as in the \fBMulticast\fP transport protocol configuration. .TP -.BI "Checksum <on|off>" +.BI "Checksum <yes|no>" Same as in the \fBMulticast\fP transport protocol configuration. @@ -419,7 +419,7 @@ Example: Interface eth2 SndSocketBuffer 1249280 RcvSocketBuffer 1249280 - Checksum on + Checksum yes } .fi @@ -429,7 +429,7 @@ Other unsorted options that are related to the synchronization protocol or transport mechanism. .TP -.BI "TCPWindowTracking <on|off>" +.BI "TCPWindowTracking <yes|no>" TCP state-entries have window tracking disabled by default, you can enable it with this option. As said, default is off. This feature requires a \fBLinux kernel >= 2.6.36\fP. @@ -465,7 +465,7 @@ This top-level section contains generic configuration directives for the \fBconntrackd(8)\fP daemon. .TP -.BI "Systemd <on|off>" +.BI "Systemd <yes|no>" Enable \fBsystemd(1)\fP runtime support if \fBconntrackd(8)\fP is compiled with the proper configuration. Then you can use a service unit of \fIType=notify\fP. @@ -474,7 +474,7 @@ Obviously, this requires the init of your system to be \fBsystemd(1)\fP. Note: \fBsystemd(1)\fP watchdog is supported as well. -Example: Systemd on +Example: Systemd yes By default runtime support is enabled if conntrackd was built with the systemd feature. Otherwise is off. @@ -503,15 +503,15 @@ dead entries cached for possible retransmission during state synchronization. Example: HashLimit 131072 .TP -.BI "LogFile <on|off|filename>" +.BI "LogFile <yes|no|filename>" Enable \fBconntrackd(8)\fP to log to a file. -Example: LogFile on +Example: LogFile no -Default is off. The default logfile is \fB/var/log/conntrackd.log\fP. +Default is no. Default logfile is \fB/var/log/conntrackd.log\fP. .TP -.BI "Syslog <on|off|facility>" +.BI "Syslog <yes|no|facility>" Enable connection logging via Syslog. If you set the facility, use the same as in the \fBStats\fP section, otherwise you'll get a warning message. @@ -545,7 +545,7 @@ size growth that can be reached. Example: NetlinkBufferSizeMaxGrowth 8388608 .TP -.BI "NetlinkOverrunResync <on|off|value>" +.BI "NetlinkOverrunResync <yes|no|value>" If the daemon detects that Netlink is dropping state-change events, it automatically schedules a resynchronization against the Kernel after 30 seconds (default value). Resynchronizations are expensive in terms of CPU consumption @@ -554,20 +554,20 @@ that do not exist anymore. Note: Be careful of setting a very small value here. -Example: NetlinkOverrunResync on +Example: NetlinkOverrunResync yes The default value is \fB30\fP seconds. If not specified, the daemon assumes that this option is enabled and uses the default value. .TP -.BI "NetlinkEventsReliable <on|off>" +.BI "NetlinkEventsReliable <yes|no>" If you want reliable event reporting over Netlink, set on this option. If you set on this clause, it is a good idea to set off \fBNetlinkOverrunResync\fP. You need \fBLinux Kernel >= 2.6.31\fP for this option to work. -Example: NetlinkEventsReliable on +Example: NetlinkEventsReliable yes This option is off by default. @@ -758,29 +758,29 @@ This top-level section indicates \fBconntrackd(8)\fP to work as a statistic collector for the nf_conntrack linux kernel subsystem. .TP -.BI "LogFile <on|off|filename>" +.BI "LogFile <yes|no|filename>" If you enable this option, the daemon writes the information about destroyed connections to a logfile. -Default is off. Default filename is \fB/var/log/conntrackd-stats.log\fP. +Default is no. Default filename is \fB/var/log/conntrackd-stats.log\fP. .TP -.BI "NetlinkEventsReliable <on|off>" +.BI "NetlinkEventsReliable <yes|no>" If you want reliable event reporting over Netlink, set on this option. If you set on this clause, it is a good idea to set off \fBNetlinkOverrunResync\fP. This requires \fBLinux kernel >= 2.6.31\fP. -Default is off. +Default is no. .TP -.BI "Syslog <on|off|facility>" +.BI "Syslog <yes|no|facility>" Enable connection logging via Syslog. If you set the facility, use the same as in the \fBGeneral\fP section, otherwise you'll get a warning message. Example: Syslog local0 -Default is off. +Default is no. .SH HELPER Note: this configuration is very advanced and has nothing to do with @@ -899,15 +899,15 @@ collector. .nf Stats { - LogFile on - NetlinkEventsReliable Off - Syslog off + LogFile yes + NetlinkEventsReliable no + Syslog yes } General { - Systemd on + Systemd yes HashSize 8192 HashLimit 65535 - Syslog on + Syslog yes LockFile /var/lock/conntrack.lock UNIX { Path /var/run/conntrackd.ctl @@ -942,7 +942,7 @@ Sync { ResendQueueSize 131072 PurgeTimeout 60 ACKWindowSize 300 - DisableExternalCache Off + DisableExternalCache no } Multicast { IPv4_address 225.0.0.50 @@ -951,7 +951,7 @@ Sync { Interface eth2 SndSocketBuffer 1249280 RcvSocketBuffer 1249280 - Checksum on + Checksum yes } Multicast Default { IPv4_address 225.0.0.51 @@ -960,27 +960,27 @@ Sync { Interface eth3 SndSocketBuffer 1249280 RcvSocketBuffer 1249280 - Checksum on + Checksum yes } Options { - TCPWindowTracking Off - ExpectationSync On + TCPWindowTracking no + ExpectationSync yes } } General { - Systemd on + Systemd yes HashSize 32768 HashLimit 131072 - LogFile on - Syslog off + LogFile yes + Syslog no LockFile /var/lock/conntrack.lock UNIX { Path /var/run/conntrackd.ctl } NetlinkBufferSize 2097152 NetlinkBufferSizeMaxGrowth 8388608 - NetlinkOverrunResync On - NetlinkEventsReliable Off + NetlinkOverrunResync yes + NetlinkEventsReliable no EventIterationLimit 100 Filter From Userspace { Protocol Accept { @@ -1007,8 +1007,8 @@ It includes common general configuration as well. .nf Sync { Mode NOTRACK { - DisableInternalCache on - DisableExternalCache on + DisableInternalCache yes + DisableExternalCache yes } TCP { IPv4_address 192.168.2.100 @@ -1017,27 +1017,27 @@ Sync { Interface eth2 SndSocketBuffer 1249280 RcvSocketBuffer 1249280 - Checksum on + Checksum yes } Options { - TCPWindowTracking Off - ExpectationSync On + TCPWindowTracking no + ExpectationSync yes } } General { - Systemd on + Systemd yes HashSize 32768 HashLimit 131072 - LogFile on - Syslog off + LogFile yes + Syslog no LockFile /var/lock/conntrack.lock UNIX { Path /var/run/conntrackd.ctl } NetlinkBufferSize 2097152 NetlinkBufferSizeMaxGrowth 8388608 - NetlinkOverrunResync On - NetlinkEventsReliable Off + NetlinkOverrunResync yes + NetlinkEventsReliable no EventIterationLimit 100 Filter From Userspace { Protocol Accept { |