[conntrack-tools] conntrackd: add missing information on -t to the help

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Tue Oct 21 20:17:16 CEST 2008 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=bcb482d23f95c130faa54f7831ea661ad120a89c
commit bcb482d23f95c130faa54f7831ea661ad120a89c
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Oct 21 20:14:10 2008 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Oct 21 20:14:10 2008 +0200

    conntrackd: add missing information on -t to the help
    
    This patch adds missing information on -t when conntrackd is invoked
    with -h.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0b5f55747b9009e6d1877a1d1a00081d8c468e6b
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Oct 21 20:13:07 2008 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Oct 21 20:13:07 2008 +0200

    doc: update conntrackd manpage
    
    This patch updates the conntrackd manpage some re-writes, missing
    options and new dependencies.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 05c78bc9b5c198a3bd9211aabe467acbbb672b8b
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Oct 21 19:53:23 2008 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Oct 21 19:53:23 2008 +0200

    doc: remove example about CacheWriteTrough
    
    This patch removes the documentation about the CacheWriteTrhough clause.
    This feature is scheduled for removal since the asynchronous nature of
    conntrackd does not allow multi-path routing support. I'm lying,
    actually there's a chance to support it, but we have to guarantee that
    the RTT in the message synchronization between the firewall is smaller
    than the RTT between the peer and the firewalls.
    
    Moreover, this option has made more bad than good since people enable it
    when things don't work. Making the whole troubleshooting more
    complicated.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  bcb482d23f95c130faa54f7831ea661ad120a89c (commit)
       via  0b5f55747b9009e6d1877a1d1a00081d8c468e6b (commit)
       via  05c78bc9b5c198a3bd9211aabe467acbbb672b8b (commit)
      from  50162d3c19e38a491d95ec26767438ec25bab0dc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bcb482d23f95c130faa54f7831ea661ad120a89c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue Oct 21 20:14:10 2008 +0200

    conntrackd: add missing information on -t to the help
    
    This patch adds missing information on -t when conntrackd is invoked
    with -h.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 0b5f55747b9009e6d1877a1d1a00081d8c468e6b
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue Oct 21 20:13:07 2008 +0200

    doc: update conntrackd manpage
    
    This patch updates the conntrackd manpage some re-writes, missing
    options and new dependencies.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 05c78bc9b5c198a3bd9211aabe467acbbb672b8b
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue Oct 21 19:53:23 2008 +0200

    doc: remove example about CacheWriteTrough
    
    This patch removes the documentation about the CacheWriteTrhough clause.
    This feature is scheduled for removal since the asynchronous nature of
    conntrackd does not allow multi-path routing support. I'm lying,
    actually there's a chance to support it, but we have to guarantee that
    the RTT in the message synchronization between the firewall is smaller
    than the RTT between the peer and the firewalls.
    
    Moreover, this option has made more bad than good since people enable it
    when things don't work. Making the whole troubleshooting more
    complicated.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 conntrackd.8                     |   17 ++++++++++++-----
 doc/sync/alarm/conntrackd.conf   |    9 ---------
 doc/sync/ftfw/conntrackd.conf    |    9 ---------
 doc/sync/notrack/conntrackd.conf |    9 ---------
 src/main.c                       |    5 +++--
 5 files changed, 15 insertions(+), 34 deletions(-)
This patch removes the documentation about the CacheWriteTrhough clause.
This feature is scheduled for removal since the asynchronous nature of
conntrackd does not allow multi-path routing support. I'm lying,
actually there's a chance to support it, but we have to guarantee that
the RTT in the message synchronization between the firewall is smaller
than the RTT between the peer and the firewalls.

Moreover, this option has made more bad than good since people enable it
when things don't work. Making the whole troubleshooting more
complicated.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index e48ca2d..8d34697 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -101,15 +101,6 @@ Sync {
 	# achieve fault-tolerance. In case of doubt, do not modify this value.
 	#
 	Checksum on
-
-	# If you have a multiprimary setup (active-active) without connection
-	# persistency, ie. you can't know which firewall handles a packet
-	# that is part of a connection, then you need direct commit of
-	# conntrack entries to the kernel conntrack table. OSPF setups must
-	# set on this option. If you have a simple primary-backup scenario. 
-	# Do not set it on. Default is off.
-	#
-	# CacheWriteThrough On
 }
 
 #
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 40f8457..3aa8216 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -96,15 +96,6 @@ Sync {
 	# achieve fault-tolerance. In case of doubt, do not modify this value.
 	#
 	Checksum on
-
-	# If you have a multiprimary setup (active-active) without connection
-	# persistency, ie. you can't know which firewall handles a packet
-	# that is part of a connection, then you need direct commit of
-	# conntrack entries to the kernel conntrack table. OSPF setups must
-	# set on this option. If you have a simple primary-backup scenario. 
-	# Do not set it on. Default is off.
-	#
-	# CacheWriteThrough On
 }
 
 #
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index b135814..446e981 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -89,15 +89,6 @@ Sync {
 	# achieve fault-tolerance. In case of doubt, do not modify this value.
 	#
 	Checksum on
-
-	# If you have a multiprimary setup (active-active) without connection
-	# persistency, ie. you can't know which firewall handles a packet
-	# that is part of a connection, then you need direct commit of
-	# conntrack entries to the kernel conntrack table. OSPF setups must
-	# set on this option. If you have a simple primary-backup scenario. 
-	# Do not set it on. Default is off.
-	#
-	# CacheWriteThrough On
 }
 
 #

More information about the netfilter-cvslog mailing list