Hi,
The documentation about DisableExternalCache reads:
<<<
[...]
You can also use this option with the NOTRACK and ALARM modes.
This increases CPU consumption in the backup firewall but now you do not
need to commit the flow-states during the master failures since they are
already in the in-kernel Connection Tracking table. Moreover, you save
memory in the backup firewall since you do not need to store the
foreign flow-states anymore.
>>>
However, the config parser doesn't allows it. Patch seems rather trivial:
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 73fabbf..d53aa70 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -908,6 +908,7 @@ sync_mode_alarm_line: refreshtime
| purge
| relax_transitions
| delay_destroy_msgs
+ | disable_external_cache
;
sync_mode_ftfw_list:
However, there seems to be some missing bits somewhere, the backup
node prints this in the logs:
[...]
[Thu Aug 27 12:49:46 2015] (pid=15176) [ERROR] inject-add2: No such
file or directory
Thu Aug 27 12:49:46 2015 tcp 6 17949 ESTABLISHED
src=192.162.26.14 dst=192.168.5.134 sport=39089 dport=2015 [ASSURED]
mark=0
[Thu Aug 27 12:49:56 2015] (pid=15176) [ERROR] inject-add2: No such
file or directory
Thu Aug 27 12:49:56 2015 tcp 6 17949 ESTABLISHED
src=192.162.26.14 dst=192.168.5.134 sport=39089 dport=2015 [ASSURED]
mark=0
[...]
Note, always the same connection. In my busy test environment, this
ENOENT happens every few seconds Perhaps a race condition somewhere?
I would appreciate any hint/advice/pointer.
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
