1 files changed, 7 insertions, 55 deletions

diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt
index f2a2488f1bf..4ccdbca0381 100644
--- a/Documentation/networking/ipvs-sysctl.txt
+++ b/Documentation/networking/ipvs-sysctl.txt
@@ -15,23 +15,6 @@ amemthresh - INTEGER
         enabled and the variable is automatically set to 2, otherwise
         the strategy is disabled and the variable is  set  to 1.
 
-conntrack - BOOLEAN
-        0 - disabled (default)
-        not 0 - enabled
-
-        If set, maintain connection tracking entries for
-        connections handled by IPVS.
-
-        This should be enabled if connections handled by IPVS are to be
-        also handled by stateful firewall rules. That is, iptables rules
-        that make use of connection tracking.  It is a performance
-        optimisation to disable this setting otherwise.
-
-        Connections handled by the IPVS FTP application module
-        will have connection tracking entries regardless of this setting.
-
-        Only available when IPVS is compiled with CONFIG_IP_VS_NFCT enabled.
-
 cache_bypass - BOOLEAN
         0 - disabled (default)
         not 0 - enabled
@@ -56,7 +39,7 @@ debug_level - INTEGER
         11         - IPVS packet handling (ip_vs_in/ip_vs_out)
         12 or more - packet traversal
 
-        Only available when IPVS is compiled with CONFIG_IP_VS_DEBUG enabled.
+        Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG
 
         Higher debugging levels include the messages for lower debugging
         levels, so setting debug level 2, includes level 0, 1 and 2
@@ -140,11 +123,13 @@ nat_icmp_send - BOOLEAN
 secure_tcp - INTEGER
         0  - disabled (default)
 
-        The secure_tcp defense is to use a more complicated TCP state
-        transition table. For VS/NAT, it also delays entering the
-        TCP ESTABLISHED state until the three way handshake is completed.
+        The secure_tcp defense is to use a more complicated state
+        transition table and some possible short timeouts of each
+        state. In the VS/NAT, it delays the entering the ESTABLISHED
+        until the real server starts to send data and ACK packet
+        (after 3-way handshake).
 
-        The value definition is the same as that of drop_entry and
+        The value definition is the same as that of drop_entry or
         drop_packet.
 
 sync_threshold - INTEGER
@@ -156,36 +141,3 @@ sync_threshold - INTEGER
         synchronized, every time the number of its incoming packets
         modulus 50 equals the threshold. The range of the threshold is
         from 0 to 49.
-
-snat_reroute - BOOLEAN
-        0 - disabled
-        not 0 - enabled (default)
-
-        If enabled, recalculate the route of SNATed packets from
-        realservers so that they are routed as if they originate from the
-        director. Otherwise they are routed as if they are forwarded by the
-        director.
-
-        If policy routing is in effect then it is possible that the route
-        of a packet originating from a director is routed differently to a
-        packet being forwarded by the director.
-
-        If policy routing is not in effect then the recalculated route will
-        always be the same as the original route so it is an optimisation
-        to disable snat_reroute and avoid the recalculation.
-
-sync_version - INTEGER
-        default 1
-
-        The version of the synchronisation protocol used when sending
-        synchronisation messages.
-
-        0 selects the original synchronisation protocol (version 0). This
-        should be used when sending synchronisation messages to a legacy
-        system that only understands the original synchronisation protocol.
-
-        1 selects the current synchronisation protocol (version 1). This
-        should be used where possible.
-
-        Kernels with this sync_version entry are able to receive messages
-        of both version 1 and version 2 of the synchronisation protocol.