About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Documentation / networking / ip-sysctl.txt




Custom Search

Based on kernel version 3.9. Page generated on 2013-05-02 23:11 EST.

1	/proc/sys/net/ipv4/* Variables:
2	
3	ip_forward - BOOLEAN
4		0 - disabled (default)
5		not 0 - enabled
6	
7		Forward Packets between interfaces.
8	
9		This variable is special, its change resets all configuration
10		parameters to their default state (RFC1122 for hosts, RFC1812
11		for routers)
12	
13	ip_default_ttl - INTEGER
14		Default value of TTL field (Time To Live) for outgoing (but not
15		forwarded) IP packets. Should be between 1 and 255 inclusive.
16		Default: 64 (as recommended by RFC1700)
17	
18	ip_no_pmtu_disc - BOOLEAN
19		Disable Path MTU Discovery.
20		default FALSE
21	
22	min_pmtu - INTEGER
23		default 552 - minimum discovered Path MTU
24	
25	route/max_size - INTEGER
26		Maximum number of routes allowed in the kernel.  Increase
27		this when using large numbers of interfaces and/or routes.
28	
29	neigh/default/gc_thresh1 - INTEGER
30		Minimum number of entries to keep.  Garbage collector will not
31		purge entries if there are fewer than this number.
32		Default: 256
33	
34	neigh/default/gc_thresh3 - INTEGER
35		Maximum number of neighbor entries allowed.  Increase this
36		when using large numbers of interfaces and when communicating
37		with large numbers of directly-connected peers.
38		Default: 1024
39	
40	neigh/default/unres_qlen_bytes - INTEGER
41		The maximum number of bytes which may be used by packets
42		queued for each	unresolved address by other network layers.
43		(added in linux 3.3)
44		Setting negative value is meaningless and will return error.
45		Default: 65536 Bytes(64KB)
46	
47	neigh/default/unres_qlen - INTEGER
48		The maximum number of packets which may be queued for each
49		unresolved address by other network layers.
50		(deprecated in linux 3.3) : use unres_qlen_bytes instead.
51		Prior to linux 3.3, the default value is 3 which may cause
52		unexpected packet loss. The current default value is calculated
53		according to default value of unres_qlen_bytes and true size of
54		packet.
55		Default: 31
56	
57	mtu_expires - INTEGER
58		Time, in seconds, that cached PMTU information is kept.
59	
60	min_adv_mss - INTEGER
61		The advertised MSS depends on the first hop route MTU, but will
62		never be lower than this setting.
63	
64	IP Fragmentation:
65	
66	ipfrag_high_thresh - INTEGER
67		Maximum memory used to reassemble IP fragments. When
68		ipfrag_high_thresh bytes of memory is allocated for this purpose,
69		the fragment handler will toss packets until ipfrag_low_thresh
70		is reached.
71	
72	ipfrag_low_thresh - INTEGER
73		See ipfrag_high_thresh
74	
75	ipfrag_time - INTEGER
76		Time in seconds to keep an IP fragment in memory.
77	
78	ipfrag_secret_interval - INTEGER
79		Regeneration interval (in seconds) of the hash secret (or lifetime
80		for the hash secret) for IP fragments.
81		Default: 600
82	
83	ipfrag_max_dist - INTEGER
84		ipfrag_max_dist is a non-negative integer value which defines the
85		maximum "disorder" which is allowed among fragments which share a
86		common IP source address. Note that reordering of packets is
87		not unusual, but if a large number of fragments arrive from a source
88		IP address while a particular fragment queue remains incomplete, it
89		probably indicates that one or more fragments belonging to that queue
90		have been lost. When ipfrag_max_dist is positive, an additional check
91		is done on fragments before they are added to a reassembly queue - if
92		ipfrag_max_dist (or more) fragments have arrived from a particular IP
93		address between additions to any IP fragment queue using that source
94		address, it's presumed that one or more fragments in the queue are
95		lost. The existing fragment queue will be dropped, and a new one
96		started. An ipfrag_max_dist value of zero disables this check.
97	
98		Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can
99		result in unnecessarily dropping fragment queues when normal
100		reordering of packets occurs, which could lead to poor application
101		performance. Using a very large value, e.g. 50000, increases the
102		likelihood of incorrectly reassembling IP fragments that originate
103		from different IP datagrams, which could result in data corruption.
104		Default: 64
105	
106	INET peer storage:
107	
108	inet_peer_threshold - INTEGER
109		The approximate size of the storage.  Starting from this threshold
110		entries will be thrown aggressively.  This threshold also determines
111		entries' time-to-live and time intervals between garbage collection
112		passes.  More entries, less time-to-live, less GC interval.
113	
114	inet_peer_minttl - INTEGER
115		Minimum time-to-live of entries.  Should be enough to cover fragment
116		time-to-live on the reassembling side.  This minimum time-to-live  is
117		guaranteed if the pool size is less than inet_peer_threshold.
118		Measured in seconds.
119	
120	inet_peer_maxttl - INTEGER
121		Maximum time-to-live of entries.  Unused entries will expire after
122		this period of time if there is no memory pressure on the pool (i.e.
123		when the number of entries in the pool is very small).
124		Measured in seconds.
125	
126	TCP variables:
127	
128	somaxconn - INTEGER
129		Limit of socket listen() backlog, known in userspace as SOMAXCONN.
130		Defaults to 128.  See also tcp_max_syn_backlog for additional tuning
131		for TCP sockets.
132	
133	tcp_abort_on_overflow - BOOLEAN
134		If listening service is too slow to accept new connections,
135		reset them. Default state is FALSE. It means that if overflow
136		occurred due to a burst, connection will recover. Enable this
137		option _only_ if you are really sure that listening daemon
138		cannot be tuned to accept connections faster. Enabling this
139		option can harm clients of your server.
140	
141	tcp_adv_win_scale - INTEGER
142		Count buffering overhead as bytes/2^tcp_adv_win_scale
143		(if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
144		if it is <= 0.
145		Possible values are [-31, 31], inclusive.
146		Default: 1
147	
148	tcp_allowed_congestion_control - STRING
149		Show/set the congestion control choices available to non-privileged
150		processes. The list is a subset of those listed in
151		tcp_available_congestion_control.
152		Default is "reno" and the default setting (tcp_congestion_control).
153	
154	tcp_app_win - INTEGER
155		Reserve max(window/2^tcp_app_win, mss) of window for application
156		buffer. Value 0 is special, it means that nothing is reserved.
157		Default: 31
158	
159	tcp_available_congestion_control - STRING
160		Shows the available congestion control choices that are registered.
161		More congestion control algorithms may be available as modules,
162		but not loaded.
163	
164	tcp_base_mss - INTEGER
165		The initial value of search_low to be used by the packetization layer
166		Path MTU discovery (MTU probing).  If MTU probing is enabled,
167		this is the initial MSS used by the connection.
168	
169	tcp_congestion_control - STRING
170		Set the congestion control algorithm to be used for new
171		connections. The algorithm "reno" is always available, but
172		additional choices may be available based on kernel configuration.
173		Default is set as part of kernel configuration.
174		For passive connections, the listener congestion control choice
175		is inherited.
176		[see setsockopt(listenfd, SOL_TCP, TCP_CONGESTION, "name" ...) ]
177	
178	tcp_cookie_size - INTEGER
179		Default size of TCP Cookie Transactions (TCPCT) option, that may be
180		overridden on a per socket basis by the TCPCT socket option.
181		Values greater than the maximum (16) are interpreted as the maximum.
182		Values greater than zero and less than the minimum (8) are interpreted
183		as the minimum.  Odd values are interpreted as the next even value.
184		Default: 0 (off).
185	
186	tcp_dsack - BOOLEAN
187		Allows TCP to send "duplicate" SACKs.
188	
189	tcp_early_retrans - INTEGER
190		Enable Early Retransmit (ER), per RFC 5827. ER lowers the threshold
191		for triggering fast retransmit when the amount of outstanding data is
192		small and when no previously unsent data can be transmitted (such
193		that limited transmit could be used).
194		Possible values:
195			0 disables ER
196			1 enables ER
197			2 enables ER but delays fast recovery and fast retransmit
198			  by a fourth of RTT. This mitigates connection falsely
199			  recovers when network has a small degree of reordering
200			  (less than 3 packets).
201		Default: 2
202	
203	tcp_ecn - INTEGER
204		Control use of Explicit Congestion Notification (ECN) by TCP.
205		ECN is used only when both ends of the TCP connection indicate
206		support for it.  This feature is useful in avoiding losses due
207		to congestion by allowing supporting routers to signal
208		congestion before having to drop packets.
209		Possible values are:
210			0 Disable ECN.  Neither initiate nor accept ECN.
211			1 Enable ECN when requested by incoming connections and
212			  also request ECN on outgoing connection attempts.
213			2 Enable ECN when requested by incoming connections
214			  but do not request ECN on outgoing connections.
215		Default: 2
216	
217	tcp_fack - BOOLEAN
218		Enable FACK congestion avoidance and fast retransmission.
219		The value is not used, if tcp_sack is not enabled.
220	
221	tcp_fin_timeout - INTEGER
222		The length of time an orphaned (no longer referenced by any
223		application) connection will remain in the FIN_WAIT_2 state
224		before it is aborted at the local end.  While a perfectly
225		valid "receive only" state for an un-orphaned connection, an
226		orphaned connection in FIN_WAIT_2 state could otherwise wait
227		forever for the remote to close its end of the connection.
228		Cf. tcp_max_orphans
229		Default: 60 seconds
230	
231	tcp_frto - INTEGER
232		Enables Forward RTO-Recovery (F-RTO) defined in RFC4138.
233		F-RTO is an enhanced recovery algorithm for TCP retransmission
234		timeouts.  It is particularly beneficial in wireless environments
235		where packet loss is typically due to random radio interference
236		rather than intermediate router congestion.  F-RTO is sender-side
237		only modification. Therefore it does not require any support from
238		the peer.
239	
240		If set to 1, basic version is enabled.  2 enables SACK enhanced
241		F-RTO if flow uses SACK.  The basic version can be used also when
242		SACK is in use though scenario(s) with it exists where F-RTO
243		interacts badly with the packet counting of the SACK enabled TCP
244		flow.
245	
246	tcp_frto_response - INTEGER
247		When F-RTO has detected that a TCP retransmission timeout was
248		spurious (i.e, the timeout would have been avoided had TCP set a
249		longer retransmission timeout), TCP has several options what to do
250		next. Possible values are:
251			0 Rate halving based; a smooth and conservative response,
252			  results in halved cwnd and ssthresh after one RTT
253			1 Very conservative response; not recommended because even
254			  though being valid, it interacts poorly with the rest of
255			  Linux TCP, halves cwnd and ssthresh immediately
256			2 Aggressive response; undoes congestion control measures
257			  that are now known to be unnecessary (ignoring the
258			  possibility of a lost retransmission that would require
259			  TCP to be more cautious), cwnd and ssthresh are restored
260			  to the values prior timeout
261		Default: 0 (rate halving based)
262	
263	tcp_keepalive_time - INTEGER
264		How often TCP sends out keepalive messages when keepalive is enabled.
265		Default: 2hours.
266	
267	tcp_keepalive_probes - INTEGER
268		How many keepalive probes TCP sends out, until it decides that the
269		connection is broken. Default value: 9.
270	
271	tcp_keepalive_intvl - INTEGER
272		How frequently the probes are send out. Multiplied by
273		tcp_keepalive_probes it is time to kill not responding connection,
274		after probes started. Default value: 75sec i.e. connection
275		will be aborted after ~11 minutes of retries.
276	
277	tcp_low_latency - BOOLEAN
278		If set, the TCP stack makes decisions that prefer lower
279		latency as opposed to higher throughput.  By default, this
280		option is not set meaning that higher throughput is preferred.
281		An example of an application where this default should be
282		changed would be a Beowulf compute cluster.
283		Default: 0
284	
285	tcp_max_orphans - INTEGER
286		Maximal number of TCP sockets not attached to any user file handle,
287		held by system.	If this number is exceeded orphaned connections are
288		reset immediately and warning is printed. This limit exists
289		only to prevent simple DoS attacks, you _must_ not rely on this
290		or lower the limit artificially, but rather increase it
291		(probably, after increasing installed memory),
292		if network conditions require more than default value,
293		and tune network services to linger and kill such states
294		more aggressively. Let me to remind again: each orphan eats
295		up to ~64K of unswappable memory.
296	
297	tcp_max_ssthresh - INTEGER
298		Limited Slow-Start for TCP with large congestion windows (cwnd) defined in
299		RFC3742. Limited slow-start is a mechanism to limit growth of the cwnd
300		on the region where cwnd is larger than tcp_max_ssthresh. TCP increases cwnd
301		by at most tcp_max_ssthresh segments, and by at least tcp_max_ssthresh/2
302		segments per RTT when the cwnd is above tcp_max_ssthresh.
303		If TCP connection increased cwnd to thousands (or tens of thousands) segments,
304		and thousands of packets were being dropped during slow-start, you can set
305		tcp_max_ssthresh to improve performance for new TCP connection.
306		Default: 0 (off)
307	
308	tcp_max_syn_backlog - INTEGER
309		Maximal number of remembered connection requests, which have not
310		received an acknowledgment from connecting client.
311		The minimal value is 128 for low memory machines, and it will
312		increase in proportion to the memory of machine.
313		If server suffers from overload, try increasing this number.
314	
315	tcp_max_tw_buckets - INTEGER
316		Maximal number of timewait sockets held by system simultaneously.
317		If this number is exceeded time-wait socket is immediately destroyed
318		and warning is printed. This limit exists only to prevent
319		simple DoS attacks, you _must_ not lower the limit artificially,
320		but rather increase it (probably, after increasing installed memory),
321		if network conditions require more than default value.
322	
323	tcp_mem - vector of 3 INTEGERs: min, pressure, max
324		min: below this number of pages TCP is not bothered about its
325		memory appetite.
326	
327		pressure: when amount of memory allocated by TCP exceeds this number
328		of pages, TCP moderates its memory consumption and enters memory
329		pressure mode, which is exited when memory consumption falls
330		under "min".
331	
332		max: number of pages allowed for queueing by all TCP sockets.
333	
334		Defaults are calculated at boot time from amount of available
335		memory.
336	
337	tcp_moderate_rcvbuf - BOOLEAN
338		If set, TCP performs receive buffer auto-tuning, attempting to
339		automatically size the buffer (no greater than tcp_rmem[2]) to
340		match the size required by the path for full throughput.  Enabled by
341		default.
342	
343	tcp_mtu_probing - INTEGER
344		Controls TCP Packetization-Layer Path MTU Discovery.  Takes three
345		values:
346		  0 - Disabled
347		  1 - Disabled by default, enabled when an ICMP black hole detected
348		  2 - Always enabled, use initial MSS of tcp_base_mss.
349	
350	tcp_no_metrics_save - BOOLEAN
351		By default, TCP saves various connection metrics in the route cache
352		when the connection closes, so that connections established in the
353		near future can use these to set initial conditions.  Usually, this
354		increases overall performance, but may sometimes cause performance
355		degradation.  If set, TCP will not cache metrics on closing
356		connections.
357	
358	tcp_orphan_retries - INTEGER
359		This value influences the timeout of a locally closed TCP connection,
360		when RTO retransmissions remain unacknowledged.
361		See tcp_retries2 for more details.
362	
363		The default value is 8.
364		If your machine is a loaded WEB server,
365		you should think about lowering this value, such sockets
366		may consume significant resources. Cf. tcp_max_orphans.
367	
368	tcp_reordering - INTEGER
369		Maximal reordering of packets in a TCP stream.
370		Default: 3
371	
372	tcp_retrans_collapse - BOOLEAN
373		Bug-to-bug compatibility with some broken printers.
374		On retransmit try to send bigger packets to work around bugs in
375		certain TCP stacks.
376	
377	tcp_retries1 - INTEGER
378		This value influences the time, after which TCP decides, that
379		something is wrong due to unacknowledged RTO retransmissions,
380		and reports this suspicion to the network layer.
381		See tcp_retries2 for more details.
382	
383		RFC 1122 recommends at least 3 retransmissions, which is the
384		default.
385	
386	tcp_retries2 - INTEGER
387		This value influences the timeout of an alive TCP connection,
388		when RTO retransmissions remain unacknowledged.
389		Given a value of N, a hypothetical TCP connection following
390		exponential backoff with an initial RTO of TCP_RTO_MIN would
391		retransmit N times before killing the connection at the (N+1)th RTO.
392	
393		The default value of 15 yields a hypothetical timeout of 924.6
394		seconds and is a lower bound for the effective timeout.
395		TCP will effectively time out at the first RTO which exceeds the
396		hypothetical timeout.
397	
398		RFC 1122 recommends at least 100 seconds for the timeout,
399		which corresponds to a value of at least 8.
400	
401	tcp_rfc1337 - BOOLEAN
402		If set, the TCP stack behaves conforming to RFC1337. If unset,
403		we are not conforming to RFC, but prevent TCP TIME_WAIT
404		assassination.
405		Default: 0
406	
407	tcp_rmem - vector of 3 INTEGERs: min, default, max
408		min: Minimal size of receive buffer used by TCP sockets.
409		It is guaranteed to each TCP socket, even under moderate memory
410		pressure.
411		Default: 1 page
412	
413		default: initial size of receive buffer used by TCP sockets.
414		This value overrides net.core.rmem_default used by other protocols.
415		Default: 87380 bytes. This value results in window of 65535 with
416		default setting of tcp_adv_win_scale and tcp_app_win:0 and a bit
417		less for default tcp_app_win. See below about these variables.
418	
419		max: maximal size of receive buffer allowed for automatically
420		selected receiver buffers for TCP socket. This value does not override
421		net.core.rmem_max.  Calling setsockopt() with SO_RCVBUF disables
422		automatic tuning of that socket's receive buffer size, in which
423		case this value is ignored.
424		Default: between 87380B and 6MB, depending on RAM size.
425	
426	tcp_sack - BOOLEAN
427		Enable select acknowledgments (SACKS).
428	
429	tcp_slow_start_after_idle - BOOLEAN
430		If set, provide RFC2861 behavior and time out the congestion
431		window after an idle period.  An idle period is defined at
432		the current RTO.  If unset, the congestion window will not
433		be timed out after an idle period.
434		Default: 1
435	
436	tcp_stdurg - BOOLEAN
437		Use the Host requirements interpretation of the TCP urgent pointer field.
438		Most hosts use the older BSD interpretation, so if you turn this on
439		Linux might not communicate correctly with them.
440		Default: FALSE
441	
442	tcp_synack_retries - INTEGER
443		Number of times SYNACKs for a passive TCP connection attempt will
444		be retransmitted. Should not be higher than 255. Default value
445		is 5, which corresponds to 31seconds till the last retransmission
446		with the current initial RTO of 1second. With this the final timeout
447		for a passive TCP connection will happen after 63seconds.
448	
449	tcp_syncookies - BOOLEAN
450		Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
451		Send out syncookies when the syn backlog queue of a socket
452		overflows. This is to prevent against the common 'SYN flood attack'
453		Default: FALSE
454	
455		Note, that syncookies is fallback facility.
456		It MUST NOT be used to help highly loaded servers to stand
457		against legal connection rate. If you see SYN flood warnings
458		in your logs, but investigation	shows that they occur
459		because of overload with legal connections, you should tune
460		another parameters until this warning disappear.
461		See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.
462	
463		syncookies seriously violate TCP protocol, do not allow
464		to use TCP extensions, can result in serious degradation
465		of some services (f.e. SMTP relaying), visible not by you,
466		but your clients and relays, contacting you. While you see
467		SYN flood warnings in logs not being really flooded, your server
468		is seriously misconfigured.
469	
470	tcp_fastopen - INTEGER
471		Enable TCP Fast Open feature (draft-ietf-tcpm-fastopen) to send data
472		in the opening SYN packet. To use this feature, the client application
473		must use sendmsg() or sendto() with MSG_FASTOPEN flag rather than
474		connect() to perform a TCP handshake automatically.
475	
476		The values (bitmap) are
477		1: Enables sending data in the opening SYN on the client.
478		2: Enables TCP Fast Open on the server side, i.e., allowing data in
479		   a SYN packet to be accepted and passed to the application before
480		   3-way hand shake finishes.
481		4: Send data in the opening SYN regardless of cookie availability and
482		   without a cookie option.
483		0x100: Accept SYN data w/o validating the cookie.
484		0x200: Accept data-in-SYN w/o any cookie option present.
485		0x400/0x800: Enable Fast Open on all listeners regardless of the
486		   TCP_FASTOPEN socket option. The two different flags designate two
487		   different ways of setting max_qlen without the TCP_FASTOPEN socket
488		   option.
489	
490		Default: 0
491	
492		Note that the client & server side Fast Open flags (1 and 2
493		respectively) must be also enabled before the rest of flags can take
494		effect.
495	
496		See include/net/tcp.h and the code for more details.
497	
498	tcp_syn_retries - INTEGER
499		Number of times initial SYNs for an active TCP connection attempt
500		will be retransmitted. Should not be higher than 255. Default value
501		is 6, which corresponds to 63seconds till the last retransmission
502		with the current initial RTO of 1second. With this the final timeout
503		for an active TCP connection attempt will happen after 127seconds.
504	
505	tcp_timestamps - BOOLEAN
506		Enable timestamps as defined in RFC1323.
507	
508	tcp_tso_win_divisor - INTEGER
509		This allows control over what percentage of the congestion window
510		can be consumed by a single TSO frame.
511		The setting of this parameter is a choice between burstiness and
512		building larger TSO frames.
513		Default: 3
514	
515	tcp_tw_recycle - BOOLEAN
516		Enable fast recycling TIME-WAIT sockets. Default value is 0.
517		It should not be changed without advice/request of technical
518		experts.
519	
520	tcp_tw_reuse - BOOLEAN
521		Allow to reuse TIME-WAIT sockets for new connections when it is
522		safe from protocol viewpoint. Default value is 0.
523		It should not be changed without advice/request of technical
524		experts.
525	
526	tcp_window_scaling - BOOLEAN
527		Enable window scaling as defined in RFC1323.
528	
529	tcp_wmem - vector of 3 INTEGERs: min, default, max
530		min: Amount of memory reserved for send buffers for TCP sockets.
531		Each TCP socket has rights to use it due to fact of its birth.
532		Default: 1 page
533	
534		default: initial size of send buffer used by TCP sockets.  This
535		value overrides net.core.wmem_default used by other protocols.
536		It is usually lower than net.core.wmem_default.
537		Default: 16K
538	
539		max: Maximal amount of memory allowed for automatically tuned
540		send buffers for TCP sockets. This value does not override
541		net.core.wmem_max.  Calling setsockopt() with SO_SNDBUF disables
542		automatic tuning of that socket's send buffer size, in which case
543		this value is ignored.
544		Default: between 64K and 4MB, depending on RAM size.
545	
546	tcp_workaround_signed_windows - BOOLEAN
547		If set, assume no receipt of a window scaling option means the
548		remote TCP is broken and treats the window as a signed quantity.
549		If unset, assume the remote TCP is not broken even if we do
550		not receive a window scaling option from them.
551		Default: 0
552	
553	tcp_dma_copybreak - INTEGER
554		Lower limit, in bytes, of the size of socket reads that will be
555		offloaded to a DMA copy engine, if one is present in the system
556		and CONFIG_NET_DMA is enabled.
557		Default: 4096
558	
559	tcp_thin_linear_timeouts - BOOLEAN
560		Enable dynamic triggering of linear timeouts for thin streams.
561		If set, a check is performed upon retransmission by timeout to
562		determine if the stream is thin (less than 4 packets in flight).
563		As long as the stream is found to be thin, up to 6 linear
564		timeouts may be performed before exponential backoff mode is
565		initiated. This improves retransmission latency for
566		non-aggressive thin streams, often found to be time-dependent.
567		For more information on thin streams, see
568		Documentation/networking/tcp-thin.txt
569		Default: 0
570	
571	tcp_thin_dupack - BOOLEAN
572		Enable dynamic triggering of retransmissions after one dupACK
573		for thin streams. If set, a check is performed upon reception
574		of a dupACK to determine if the stream is thin (less than 4
575		packets in flight). As long as the stream is found to be thin,
576		data is retransmitted on the first received dupACK. This
577		improves retransmission latency for non-aggressive thin
578		streams, often found to be time-dependent.
579		For more information on thin streams, see
580		Documentation/networking/tcp-thin.txt
581		Default: 0
582	
583	tcp_limit_output_bytes - INTEGER
584		Controls TCP Small Queue limit per tcp socket.
585		TCP bulk sender tends to increase packets in flight until it
586		gets losses notifications. With SNDBUF autotuning, this can
587		result in a large amount of packets queued in qdisc/device
588		on the local machine, hurting latency of other flows, for
589		typical pfifo_fast qdiscs.
590		tcp_limit_output_bytes limits the number of bytes on qdisc
591		or device to reduce artificial RTT/cwnd and reduce bufferbloat.
592		Note: For GSO/TSO enabled flows, we try to have at least two
593		packets in flight. Reducing tcp_limit_output_bytes might also
594		reduce the size of individual GSO packet (64KB being the max)
595		Default: 131072
596	
597	tcp_challenge_ack_limit - INTEGER
598		Limits number of Challenge ACK sent per second, as recommended
599		in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
600		Default: 100
601	
602	UDP variables:
603	
604	udp_mem - vector of 3 INTEGERs: min, pressure, max
605		Number of pages allowed for queueing by all UDP sockets.
606	
607		min: Below this number of pages UDP is not bothered about its
608		memory appetite. When amount of memory allocated by UDP exceeds
609		this number, UDP starts to moderate memory usage.
610	
611		pressure: This value was introduced to follow format of tcp_mem.
612	
613		max: Number of pages allowed for queueing by all UDP sockets.
614	
615		Default is calculated at boot time from amount of available memory.
616	
617	udp_rmem_min - INTEGER
618		Minimal size of receive buffer used by UDP sockets in moderation.
619		Each UDP socket is able to use the size for receiving data, even if
620		total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
621		Default: 1 page
622	
623	udp_wmem_min - INTEGER
624		Minimal size of send buffer used by UDP sockets in moderation.
625		Each UDP socket is able to use the size for sending data, even if
626		total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
627		Default: 1 page
628	
629	CIPSOv4 Variables:
630	
631	cipso_cache_enable - BOOLEAN
632		If set, enable additions to and lookups from the CIPSO label mapping
633		cache.  If unset, additions are ignored and lookups always result in a
634		miss.  However, regardless of the setting the cache is still
635		invalidated when required when means you can safely toggle this on and
636		off and the cache will always be "safe".
637		Default: 1
638	
639	cipso_cache_bucket_size - INTEGER
640		The CIPSO label cache consists of a fixed size hash table with each
641		hash bucket containing a number of cache entries.  This variable limits
642		the number of entries in each hash bucket; the larger the value the
643		more CIPSO label mappings that can be cached.  When the number of
644		entries in a given hash bucket reaches this limit adding new entries
645		causes the oldest entry in the bucket to be removed to make room.
646		Default: 10
647	
648	cipso_rbm_optfmt - BOOLEAN
649		Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of
650		the CIPSO draft specification (see Documentation/netlabel for details).
651		This means that when set the CIPSO tag will be padded with empty
652		categories in order to make the packet data 32-bit aligned.
653		Default: 0
654	
655	cipso_rbm_structvalid - BOOLEAN
656		If set, do a very strict check of the CIPSO option when
657		ip_options_compile() is called.  If unset, relax the checks done during
658		ip_options_compile().  Either way is "safe" as errors are caught else
659		where in the CIPSO processing code but setting this to 0 (False) should
660		result in less work (i.e. it should be faster) but could cause problems
661		with other implementations that require strict checking.
662		Default: 0
663	
664	IP Variables:
665	
666	ip_local_port_range - 2 INTEGERS
667		Defines the local port range that is used by TCP and UDP to
668		choose the local port. The first number is the first, the
669		second the last local port number. The default values are
670		32768 and 61000 respectively.
671	
672	ip_local_reserved_ports - list of comma separated ranges
673		Specify the ports which are reserved for known third-party
674		applications. These ports will not be used by automatic port
675		assignments (e.g. when calling connect() or bind() with port
676		number 0). Explicit port allocation behavior is unchanged.
677	
678		The format used for both input and output is a comma separated
679		list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
680		10). Writing to the file will clear all previously reserved
681		ports and update the current list with the one given in the
682		input.
683	
684		Note that ip_local_port_range and ip_local_reserved_ports
685		settings are independent and both are considered by the kernel
686		when determining which ports are available for automatic port
687		assignments.
688	
689		You can reserve ports which are not in the current
690		ip_local_port_range, e.g.:
691	
692		$ cat /proc/sys/net/ipv4/ip_local_port_range
693		32000	61000
694		$ cat /proc/sys/net/ipv4/ip_local_reserved_ports
695		8080,9148
696	
697		although this is redundant. However such a setting is useful
698		if later the port range is changed to a value that will
699		include the reserved ports.
700	
701		Default: Empty
702	
703	ip_nonlocal_bind - BOOLEAN
704		If set, allows processes to bind() to non-local IP addresses,
705		which can be quite useful - but may break some applications.
706		Default: 0
707	
708	ip_dynaddr - BOOLEAN
709		If set non-zero, enables support for dynamic addresses.
710		If set to a non-zero value larger than 1, a kernel log
711		message will be printed when dynamic address rewriting
712		occurs.
713		Default: 0
714	
715	icmp_echo_ignore_all - BOOLEAN
716		If set non-zero, then the kernel will ignore all ICMP ECHO
717		requests sent to it.
718		Default: 0
719	
720	icmp_echo_ignore_broadcasts - BOOLEAN
721		If set non-zero, then the kernel will ignore all ICMP ECHO and
722		TIMESTAMP requests sent to it via broadcast/multicast.
723		Default: 1
724	
725	icmp_ratelimit - INTEGER
726		Limit the maximal rates for sending ICMP packets whose type matches
727		icmp_ratemask (see below) to specific targets.
728		0 to disable any limiting,
729		otherwise the minimal space between responses in milliseconds.
730		Default: 1000
731	
732	icmp_ratemask - INTEGER
733		Mask made of ICMP types for which rates are being limited.
734		Significant bits: IHGFEDCBA9876543210
735		Default mask:     0000001100000011000 (6168)
736	
737		Bit definitions (see include/linux/icmp.h):
738			0 Echo Reply
739			3 Destination Unreachable *
740			4 Source Quench *
741			5 Redirect
742			8 Echo Request
743			B Time Exceeded *
744			C Parameter Problem *
745			D Timestamp Request
746			E Timestamp Reply
747			F Info Request
748			G Info Reply
749			H Address Mask Request
750			I Address Mask Reply
751	
752		* These are rate limited by default (see default mask above)
753	
754	icmp_ignore_bogus_error_responses - BOOLEAN
755		Some routers violate RFC1122 by sending bogus responses to broadcast
756		frames.  Such violations are normally logged via a kernel warning.
757		If this is set to TRUE, the kernel will not give such warnings, which
758		will avoid log file clutter.
759		Default: FALSE
760	
761	icmp_errors_use_inbound_ifaddr - BOOLEAN
762	
763		If zero, icmp error messages are sent with the primary address of
764		the exiting interface.
765	
766		If non-zero, the message will be sent with the primary address of
767		the interface that received the packet that caused the icmp error.
768		This is the behaviour network many administrators will expect from
769		a router. And it can make debugging complicated network layouts
770		much easier.
771	
772		Note that if no primary address exists for the interface selected,
773		then the primary address of the first non-loopback interface that
774		has one will be used regardless of this setting.
775	
776		Default: 0
777	
778	igmp_max_memberships - INTEGER
779		Change the maximum number of multicast groups we can subscribe to.
780		Default: 20
781	
782		Theoretical maximum value is bounded by having to send a membership
783		report in a single datagram (i.e. the report can't span multiple
784		datagrams, or risk confusing the switch and leaving groups you don't
785		intend to).
786	
787		The number of supported groups 'M' is bounded by the number of group
788		report entries you can fit into a single datagram of 65535 bytes.
789	
790		M = 65536-sizeof (ip header)/(sizeof(Group record))
791	
792		Group records are variable length, with a minimum of 12 bytes.
793		So net.ipv4.igmp_max_memberships should not be set higher than:
794	
795		(65536-24) / 12 = 5459
796	
797		The value 5459 assumes no IP header options, so in practice
798		this number may be lower.
799	
800		conf/interface/*  changes special settings per interface (where
801		"interface" is the name of your network interface)
802	
803		conf/all/*	  is special, changes the settings for all interfaces
804	
805	log_martians - BOOLEAN
806		Log packets with impossible addresses to kernel log.
807		log_martians for the interface will be enabled if at least one of
808		conf/{all,interface}/log_martians is set to TRUE,
809		it will be disabled otherwise
810	
811	accept_redirects - BOOLEAN
812		Accept ICMP redirect messages.
813		accept_redirects for the interface will be enabled if:
814		- both conf/{all,interface}/accept_redirects are TRUE in the case
815		  forwarding for the interface is enabled
816		or
817		- at least one of conf/{all,interface}/accept_redirects is TRUE in the
818		  case forwarding for the interface is disabled
819		accept_redirects for the interface will be disabled otherwise
820		default TRUE (host)
821			FALSE (router)
822	
823	forwarding - BOOLEAN
824		Enable IP forwarding on this interface.
825	
826	mc_forwarding - BOOLEAN
827		Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
828		and a multicast routing daemon is required.
829		conf/all/mc_forwarding must also be set to TRUE to enable multicast
830		routing	for the interface
831	
832	medium_id - INTEGER
833		Integer value used to differentiate the devices by the medium they
834		are attached to. Two devices can have different id values when
835		the broadcast packets are received only on one of them.
836		The default value 0 means that the device is the only interface
837		to its medium, value of -1 means that medium is not known.
838	
839		Currently, it is used to change the proxy_arp behavior:
840		the proxy_arp feature is enabled for packets forwarded between
841		two devices attached to different media.
842	
843	proxy_arp - BOOLEAN
844		Do proxy arp.
845		proxy_arp for the interface will be enabled if at least one of
846		conf/{all,interface}/proxy_arp is set to TRUE,
847		it will be disabled otherwise
848	
849	proxy_arp_pvlan - BOOLEAN
850		Private VLAN proxy arp.
851		Basically allow proxy arp replies back to the same interface
852		(from which the ARP request/solicitation was received).
853	
854		This is done to support (ethernet) switch features, like RFC
855		3069, where the individual ports are NOT allowed to
856		communicate with each other, but they are allowed to talk to
857		the upstream router.  As described in RFC 3069, it is possible
858		to allow these hosts to communicate through the upstream
859		router by proxy_arp'ing. Don't need to be used together with
860		proxy_arp.
861	
862		This technology is known by different names:
863		  In RFC 3069 it is called VLAN Aggregation.
864		  Cisco and Allied Telesyn call it Private VLAN.
865		  Hewlett-Packard call it Source-Port filtering or port-isolation.
866		  Ericsson call it MAC-Forced Forwarding (RFC Draft).
867	
868	shared_media - BOOLEAN
869		Send(router) or accept(host) RFC1620 shared media redirects.
870		Overrides ip_secure_redirects.
871		shared_media for the interface will be enabled if at least one of
872		conf/{all,interface}/shared_media is set to TRUE,
873		it will be disabled otherwise
874		default TRUE
875	
876	secure_redirects - BOOLEAN
877		Accept ICMP redirect messages only for gateways,
878		listed in default gateway list.
879		secure_redirects for the interface will be enabled if at least one of
880		conf/{all,interface}/secure_redirects is set to TRUE,
881		it will be disabled otherwise
882		default TRUE
883	
884	send_redirects - BOOLEAN
885		Send redirects, if router.
886		send_redirects for the interface will be enabled if at least one of
887		conf/{all,interface}/send_redirects is set to TRUE,
888		it will be disabled otherwise
889		Default: TRUE
890	
891	bootp_relay - BOOLEAN
892		Accept packets with source address 0.b.c.d destined
893		not to this host as local ones. It is supposed, that
894		BOOTP relay daemon will catch and forward such packets.
895		conf/all/bootp_relay must also be set to TRUE to enable BOOTP relay
896		for the interface
897		default FALSE
898		Not Implemented Yet.
899	
900	accept_source_route - BOOLEAN
901		Accept packets with SRR option.
902		conf/all/accept_source_route must also be set to TRUE to accept packets
903		with SRR option on the interface
904		default TRUE (router)
905			FALSE (host)
906	
907	accept_local - BOOLEAN
908		Accept packets with local source addresses. In combination
909		with suitable routing, this can be used to direct packets
910		between two local interfaces over the wire and have them
911		accepted properly.
912	
913		rp_filter must be set to a non-zero value in order for
914		accept_local to have an effect.
915	
916		default FALSE
917	
918	route_localnet - BOOLEAN
919		Do not consider loopback addresses as martian source or destination
920		while routing. This enables the use of 127/8 for local routing purposes.
921		default FALSE
922	
923	rp_filter - INTEGER
924		0 - No source validation.
925		1 - Strict mode as defined in RFC3704 Strict Reverse Path
926		    Each incoming packet is tested against the FIB and if the interface
927		    is not the best reverse path the packet check will fail.
928		    By default failed packets are discarded.
929		2 - Loose mode as defined in RFC3704 Loose Reverse Path
930		    Each incoming packet's source address is also tested against the FIB
931		    and if the source address is not reachable via any interface
932		    the packet check will fail.
933	
934		Current recommended practice in RFC3704 is to enable strict mode
935		to prevent IP spoofing from DDos attacks. If using asymmetric routing
936		or other complicated routing, then loose mode is recommended.
937	
938		The max value from conf/{all,interface}/rp_filter is used
939		when doing source validation on the {interface}.
940	
941		Default value is 0. Note that some distributions enable it
942		in startup scripts.
943	
944	arp_filter - BOOLEAN
945		1 - Allows you to have multiple network interfaces on the same
946		subnet, and have the ARPs for each interface be answered
947		based on whether or not the kernel would route a packet from
948		the ARP'd IP out that interface (therefore you must use source
949		based routing for this to work). In other words it allows control
950		of which cards (usually 1) will respond to an arp request.
951	
952		0 - (default) The kernel can respond to arp requests with addresses
953		from other interfaces. This may seem wrong but it usually makes
954		sense, because it increases the chance of successful communication.
955		IP addresses are owned by the complete host on Linux, not by
956		particular interfaces. Only for more complex setups like load-
957		balancing, does this behaviour cause problems.
958	
959		arp_filter for the interface will be enabled if at least one of
960		conf/{all,interface}/arp_filter is set to TRUE,
961		it will be disabled otherwise
962	
963	arp_announce - INTEGER
964		Define different restriction levels for announcing the local
965		source IP address from IP packets in ARP requests sent on
966		interface:
967		0 - (default) Use any local address, configured on any interface
968		1 - Try to avoid local addresses that are not in the target's
969		subnet for this interface. This mode is useful when target
970		hosts reachable via this interface require the source IP
971		address in ARP requests to be part of their logical network
972		configured on the receiving interface. When we generate the
973		request we will check all our subnets that include the
974		target IP and will preserve the source address if it is from
975		such subnet. If there is no such subnet we select source
976		address according to the rules for level 2.
977		2 - Always use the best local address for this target.
978		In this mode we ignore the source address in the IP packet
979		and try to select local address that we prefer for talks with
980		the target host. Such local address is selected by looking
981		for primary IP addresses on all our subnets on the outgoing
982		interface that include the target IP address. If no suitable
983		local address is found we select the first local address
984		we have on the outgoing interface or on all other interfaces,
985		with the hope we will receive reply for our request and
986		even sometimes no matter the source IP address we announce.
987	
988		The max value from conf/{all,interface}/arp_announce is used.
989	
990		Increasing the restriction level gives more chance for
991		receiving answer from the resolved target while decreasing
992		the level announces more valid sender's information.
993	
994	arp_ignore - INTEGER
995		Define different modes for sending replies in response to
996		received ARP requests that resolve local target IP addresses:
997		0 - (default): reply for any local target IP address, configured
998		on any interface
999		1 - reply only if the target IP address is local address
1000		configured on the incoming interface
1001		2 - reply only if the target IP address is local address
1002		configured on the incoming interface and both with the
1003		sender's IP address are part from same subnet on this interface
1004		3 - do not reply for local addresses configured with scope host,
1005		only resolutions for global and link addresses are replied
1006		4-7 - reserved
1007		8 - do not reply for all local addresses
1008	
1009		The max value from conf/{all,interface}/arp_ignore is used
1010		when ARP request is received on the {interface}
1011	
1012	arp_notify - BOOLEAN
1013		Define mode for notification of address and device changes.
1014		0 - (default): do nothing
1015		1 - Generate gratuitous arp requests when device is brought up
1016		    or hardware address changes.
1017	
1018	arp_accept - BOOLEAN
1019		Define behavior for gratuitous ARP frames who's IP is not
1020		already present in the ARP table:
1021		0 - don't create new entries in the ARP table
1022		1 - create new entries in the ARP table
1023	
1024		Both replies and requests type gratuitous arp will trigger the
1025		ARP table to be updated, if this setting is on.
1026	
1027		If the ARP table already contains the IP address of the
1028		gratuitous arp frame, the arp table will be updated regardless
1029		if this setting is on or off.
1030	
1031	
1032	app_solicit - INTEGER
1033		The maximum number of probes to send to the user space ARP daemon
1034		via netlink before dropping back to multicast probes (see
1035		mcast_solicit).  Defaults to 0.
1036	
1037	disable_policy - BOOLEAN
1038		Disable IPSEC policy (SPD) for this interface
1039	
1040	disable_xfrm - BOOLEAN
1041		Disable IPSEC encryption on this interface, whatever the policy
1042	
1043	
1044	
1045	tag - INTEGER
1046		Allows you to write a number, which can be used as required.
1047		Default value is 0.
1048	
1049	Alexey Kuznetsov.
1050	kuznet@ms2.inr.ac.ru
1051	
1052	Updated by:
1053	Andi Kleen
1054	ak@muc.de
1055	Nicolas Delon
1056	delon.nicolas@wanadoo.fr
1057	
1058	
1059	
1060	
1061	/proc/sys/net/ipv6/* Variables:
1062	
1063	IPv6 has no global variables such as tcp_*.  tcp_* settings under ipv4/ also
1064	apply to IPv6 [XXX?].
1065	
1066	bindv6only - BOOLEAN
1067		Default value for IPV6_V6ONLY socket option,
1068		which restricts use of the IPv6 socket to IPv6 communication
1069		only.
1070			TRUE: disable IPv4-mapped address feature
1071			FALSE: enable IPv4-mapped address feature
1072	
1073		Default: FALSE (as specified in RFC3493)
1074	
1075	IPv6 Fragmentation:
1076	
1077	ip6frag_high_thresh - INTEGER
1078		Maximum memory used to reassemble IPv6 fragments. When
1079		ip6frag_high_thresh bytes of memory is allocated for this purpose,
1080		the fragment handler will toss packets until ip6frag_low_thresh
1081		is reached.
1082	
1083	ip6frag_low_thresh - INTEGER
1084		See ip6frag_high_thresh
1085	
1086	ip6frag_time - INTEGER
1087		Time in seconds to keep an IPv6 fragment in memory.
1088	
1089	ip6frag_secret_interval - INTEGER
1090		Regeneration interval (in seconds) of the hash secret (or lifetime
1091		for the hash secret) for IPv6 fragments.
1092		Default: 600
1093	
1094	conf/default/*:
1095		Change the interface-specific default settings.
1096	
1097	
1098	conf/all/*:
1099		Change all the interface-specific settings.
1100	
1101		[XXX:  Other special features than forwarding?]
1102	
1103	conf/all/forwarding - BOOLEAN
1104		Enable global IPv6 forwarding between all interfaces.
1105	
1106		IPv4 and IPv6 work differently here; e.g. netfilter must be used
1107		to control which interfaces may forward packets and which not.
1108	
1109		This also sets all interfaces' Host/Router setting
1110		'forwarding' to the specified value.  See below for details.
1111	
1112		This referred to as global forwarding.
1113	
1114	proxy_ndp - BOOLEAN
1115		Do proxy ndp.
1116	
1117	conf/interface/*:
1118		Change special settings per interface.
1119	
1120		The functional behaviour for certain settings is different
1121		depending on whether local forwarding is enabled or not.
1122	
1123	accept_ra - INTEGER
1124		Accept Router Advertisements; autoconfigure using them.
1125	
1126		It also determines whether or not to transmit Router
1127		Solicitations. If and only if the functional setting is to
1128		accept Router Advertisements, Router Solicitations will be
1129		transmitted.
1130	
1131		Possible values are:
1132			0 Do not accept Router Advertisements.
1133			1 Accept Router Advertisements if forwarding is disabled.
1134			2 Overrule forwarding behaviour. Accept Router Advertisements
1135			  even if forwarding is enabled.
1136	
1137		Functional default: enabled if local forwarding is disabled.
1138				    disabled if local forwarding is enabled.
1139	
1140	accept_ra_defrtr - BOOLEAN
1141		Learn default router in Router Advertisement.
1142	
1143		Functional default: enabled if accept_ra is enabled.
1144				    disabled if accept_ra is disabled.
1145	
1146	accept_ra_pinfo - BOOLEAN
1147		Learn Prefix Information in Router Advertisement.
1148	
1149		Functional default: enabled if accept_ra is enabled.
1150				    disabled if accept_ra is disabled.
1151	
1152	accept_ra_rt_info_max_plen - INTEGER
1153		Maximum prefix length of Route Information in RA.
1154	
1155		Route Information w/ prefix larger than or equal to this
1156		variable shall be ignored.
1157	
1158		Functional default: 0 if accept_ra_rtr_pref is enabled.
1159				    -1 if accept_ra_rtr_pref is disabled.
1160	
1161	accept_ra_rtr_pref - BOOLEAN
1162		Accept Router Preference in RA.
1163	
1164		Functional default: enabled if accept_ra is enabled.
1165				    disabled if accept_ra is disabled.
1166	
1167	accept_redirects - BOOLEAN
1168		Accept Redirects.
1169	
1170		Functional default: enabled if local forwarding is disabled.
1171				    disabled if local forwarding is enabled.
1172	
1173	accept_source_route - INTEGER
1174		Accept source routing (routing extension header).
1175	
1176		>= 0: Accept only routing header type 2.
1177		< 0: Do not accept routing header.
1178	
1179		Default: 0
1180	
1181	autoconf - BOOLEAN
1182		Autoconfigure addresses using Prefix Information in Router
1183		Advertisements.
1184	
1185		Functional default: enabled if accept_ra_pinfo is enabled.
1186				    disabled if accept_ra_pinfo is disabled.
1187	
1188	dad_transmits - INTEGER
1189		The amount of Duplicate Address Detection probes to send.
1190		Default: 1
1191	
1192	forwarding - INTEGER
1193		Configure interface-specific Host/Router behaviour.
1194	
1195		Note: It is recommended to have the same setting on all
1196		interfaces; mixed router/host scenarios are rather uncommon.
1197	
1198		Possible values are:
1199			0 Forwarding disabled
1200			1 Forwarding enabled
1201	
1202		FALSE (0):
1203	
1204		By default, Host behaviour is assumed.  This means:
1205	
1206		1. IsRouter flag is not set in Neighbour Advertisements.
1207		2. If accept_ra is TRUE (default), transmit Router
1208		   Solicitations.
1209		3. If accept_ra is TRUE (default), accept Router
1210		   Advertisements (and do autoconfiguration).
1211		4. If accept_redirects is TRUE (default), accept Redirects.
1212	
1213		TRUE (1):
1214	
1215		If local forwarding is enabled, Router behaviour is assumed.
1216		This means exactly the reverse from the above:
1217	
1218		1. IsRouter flag is set in Neighbour Advertisements.
1219		2. Router Solicitations are not sent unless accept_ra is 2.
1220		3. Router Advertisements are ignored unless accept_ra is 2.
1221		4. Redirects are ignored.
1222	
1223		Default: 0 (disabled) if global forwarding is disabled (default),
1224			 otherwise 1 (enabled).
1225	
1226	hop_limit - INTEGER
1227		Default Hop Limit to set.
1228		Default: 64
1229	
1230	mtu - INTEGER
1231		Default Maximum Transfer Unit
1232		Default: 1280 (IPv6 required minimum)
1233	
1234	router_probe_interval - INTEGER
1235		Minimum interval (in seconds) between Router Probing described
1236		in RFC4191.
1237	
1238		Default: 60
1239	
1240	router_solicitation_delay - INTEGER
1241		Number of seconds to wait after interface is brought up
1242		before sending Router Solicitations.
1243		Default: 1
1244	
1245	router_solicitation_interval - INTEGER
1246		Number of seconds to wait between Router Solicitations.
1247		Default: 4
1248	
1249	router_solicitations - INTEGER
1250		Number of Router Solicitations to send until assuming no
1251		routers are present.
1252		Default: 3
1253	
1254	use_tempaddr - INTEGER
1255		Preference for Privacy Extensions (RFC3041).
1256		  <= 0 : disable Privacy Extensions
1257		  == 1 : enable Privacy Extensions, but prefer public
1258		         addresses over temporary addresses.
1259		  >  1 : enable Privacy Extensions and prefer temporary
1260		         addresses over public addresses.
1261		Default:  0 (for most devices)
1262			 -1 (for point-to-point devices and loopback devices)
1263	
1264	temp_valid_lft - INTEGER
1265		valid lifetime (in seconds) for temporary addresses.
1266		Default: 604800 (7 days)
1267	
1268	temp_prefered_lft - INTEGER
1269		Preferred lifetime (in seconds) for temporary addresses.
1270		Default: 86400 (1 day)
1271	
1272	max_desync_factor - INTEGER
1273		Maximum value for DESYNC_FACTOR, which is a random value
1274		that ensures that clients don't synchronize with each
1275		other and generate new addresses at exactly the same time.
1276		value is in seconds.
1277		Default: 600
1278	
1279	regen_max_retry - INTEGER
1280		Number of attempts before give up attempting to generate
1281		valid temporary addresses.
1282		Default: 5
1283	
1284	max_addresses - INTEGER
1285		Maximum number of autoconfigured addresses per interface.  Setting
1286		to zero disables the limitation.  It is not recommended to set this
1287		value too large (or to zero) because it would be an easy way to
1288		crash the kernel by allowing too many addresses to be created.
1289		Default: 16
1290	
1291	disable_ipv6 - BOOLEAN
1292		Disable IPv6 operation.  If accept_dad is set to 2, this value
1293		will be dynamically set to TRUE if DAD fails for the link-local
1294		address.
1295		Default: FALSE (enable IPv6 operation)
1296	
1297		When this value is changed from 1 to 0 (IPv6 is being enabled),
1298		it will dynamically create a link-local address on the given
1299		interface and start Duplicate Address Detection, if necessary.
1300	
1301		When this value is changed from 0 to 1 (IPv6 is being disabled),
1302		it will dynamically delete all address on the given interface.
1303	
1304	accept_dad - INTEGER
1305		Whether to accept DAD (Duplicate Address Detection).
1306		0: Disable DAD
1307		1: Enable DAD (default)
1308		2: Enable DAD, and disable IPv6 operation if MAC-based duplicate
1309		   link-local address has been found.
1310	
1311	force_tllao - BOOLEAN
1312		Enable sending the target link-layer address option even when
1313		responding to a unicast neighbor solicitation.
1314		Default: FALSE
1315	
1316		Quoting from RFC 2461, section 4.4, Target link-layer address:
1317	
1318		"The option MUST be included for multicast solicitations in order to
1319		avoid infinite Neighbor Solicitation "recursion" when the peer node
1320		does not have a cache entry to return a Neighbor Advertisements
1321		message.  When responding to unicast solicitations, the option can be
1322		omitted since the sender of the solicitation has the correct link-
1323		layer address; otherwise it would not have be able to send the unicast
1324		solicitation in the first place. However, including the link-layer
1325		address in this case adds little overhead and eliminates a potential
1326		race condition where the sender deletes the cached link-layer address
1327		prior to receiving a response to a previous solicitation."
1328	
1329	ndisc_notify - BOOLEAN
1330		Define mode for notification of address and device changes.
1331		0 - (default): do nothing
1332		1 - Generate unsolicited neighbour advertisements when device is brought
1333		    up or hardware address changes.
1334	
1335	icmp/*:
1336	ratelimit - INTEGER
1337		Limit the maximal rates for sending ICMPv6 packets.
1338		0 to disable any limiting,
1339		otherwise the minimal space between responses in milliseconds.
1340		Default: 1000
1341	
1342	
1343	IPv6 Update by:
1344	Pekka Savola <pekkas@netcore.fi>
1345	YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
1346	
1347	
1348	/proc/sys/net/bridge/* Variables:
1349	
1350	bridge-nf-call-arptables - BOOLEAN
1351		1 : pass bridged ARP traffic to arptables' FORWARD chain.
1352		0 : disable this.
1353		Default: 1
1354	
1355	bridge-nf-call-iptables - BOOLEAN
1356		1 : pass bridged IPv4 traffic to iptables' chains.
1357		0 : disable this.
1358		Default: 1
1359	
1360	bridge-nf-call-ip6tables - BOOLEAN
1361		1 : pass bridged IPv6 traffic to ip6tables' chains.
1362		0 : disable this.
1363		Default: 1
1364	
1365	bridge-nf-filter-vlan-tagged - BOOLEAN
1366		1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
1367		0 : disable this.
1368		Default: 0
1369	
1370	bridge-nf-filter-pppoe-tagged - BOOLEAN
1371		1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
1372		0 : disable this.
1373		Default: 0
1374	
1375	bridge-nf-pass-vlan-input-dev - BOOLEAN
1376		1: if bridge-nf-filter-vlan-tagged is enabled, try to find a vlan
1377		interface on the bridge and set the netfilter input device to the vlan.
1378		This allows use of e.g. "iptables -i br0.1" and makes the REDIRECT
1379		target work with vlan-on-top-of-bridge interfaces.  When no matching
1380		vlan interface is found, or this switch is off, the input device is
1381		set to the bridge interface.
1382		0: disable bridge netfilter vlan interface lookup.
1383		Default: 0
1384	
1385	proc/sys/net/sctp/* Variables:
1386	
1387	addip_enable - BOOLEAN
1388		Enable or disable extension of  Dynamic Address Reconfiguration
1389		(ADD-IP) functionality specified in RFC5061.  This extension provides
1390		the ability to dynamically add and remove new addresses for the SCTP
1391		associations.
1392	
1393		1: Enable extension.
1394	
1395		0: Disable extension.
1396	
1397		Default: 0
1398	
1399	addip_noauth_enable - BOOLEAN
1400		Dynamic Address Reconfiguration (ADD-IP) requires the use of
1401		authentication to protect the operations of adding or removing new
1402		addresses.  This requirement is mandated so that unauthorized hosts
1403		would not be able to hijack associations.  However, older
1404		implementations may not have implemented this requirement while
1405		allowing the ADD-IP extension.  For reasons of interoperability,
1406		we provide this variable to control the enforcement of the
1407		authentication requirement.
1408	
1409		1: Allow ADD-IP extension to be used without authentication.  This
1410		   should only be set in a closed environment for interoperability
1411		   with older implementations.
1412	
1413		0: Enforce the authentication requirement
1414	
1415		Default: 0
1416	
1417	auth_enable - BOOLEAN
1418		Enable or disable Authenticated Chunks extension.  This extension
1419		provides the ability to send and receive authenticated chunks and is
1420		required for secure operation of Dynamic Address Reconfiguration
1421		(ADD-IP) extension.
1422	
1423		1: Enable this extension.
1424		0: Disable this extension.
1425	
1426		Default: 0
1427	
1428	prsctp_enable - BOOLEAN
1429		Enable or disable the Partial Reliability extension (RFC3758) which
1430		is used to notify peers that a given DATA should no longer be expected.
1431	
1432		1: Enable extension
1433		0: Disable
1434	
1435		Default: 1
1436	
1437	max_burst - INTEGER
1438		The limit of the number of new packets that can be initially sent.  It
1439		controls how bursty the generated traffic can be.
1440	
1441		Default: 4
1442	
1443	association_max_retrans - INTEGER
1444		Set the maximum number for retransmissions that an association can
1445		attempt deciding that the remote end is unreachable.  If this value
1446		is exceeded, the association is terminated.
1447	
1448		Default: 10
1449	
1450	max_init_retransmits - INTEGER
1451		The maximum number of retransmissions of INIT and COOKIE-ECHO chunks
1452		that an association will attempt before declaring the destination
1453		unreachable and terminating.
1454	
1455		Default: 8
1456	
1457	path_max_retrans - INTEGER
1458		The maximum number of retransmissions that will be attempted on a given
1459		path.  Once this threshold is exceeded, the path is considered
1460		unreachable, and new traffic will use a different path when the
1461		association is multihomed.
1462	
1463		Default: 5
1464	
1465	pf_retrans - INTEGER
1466		The number of retransmissions that will be attempted on a given path
1467		before traffic is redirected to an alternate transport (should one
1468		exist).  Note this is distinct from path_max_retrans, as a path that
1469		passes the pf_retrans threshold can still be used.  Its only
1470		deprioritized when a transmission path is selected by the stack.  This
1471		setting is primarily used to enable fast failover mechanisms without
1472		having to reduce path_max_retrans to a very low value.  See:
1473		http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
1474		for details.  Note also that a value of pf_retrans > path_max_retrans
1475		disables this feature
1476	
1477		Default: 0
1478	
1479	rto_initial - INTEGER
1480		The initial round trip timeout value in milliseconds that will be used
1481		in calculating round trip times.  This is the initial time interval
1482		for retransmissions.
1483	
1484		Default: 3000
1485	
1486	rto_max - INTEGER
1487		The maximum value (in milliseconds) of the round trip timeout.  This
1488		is the largest time interval that can elapse between retransmissions.
1489	
1490		Default: 60000
1491	
1492	rto_min - INTEGER
1493		The minimum value (in milliseconds) of the round trip timeout.  This
1494		is the smallest time interval the can elapse between retransmissions.
1495	
1496		Default: 1000
1497	
1498	hb_interval - INTEGER
1499		The interval (in milliseconds) between HEARTBEAT chunks.  These chunks
1500		are sent at the specified interval on idle paths to probe the state of
1501		a given path between 2 associations.
1502	
1503		Default: 30000
1504	
1505	sack_timeout - INTEGER
1506		The amount of time (in milliseconds) that the implementation will wait
1507		to send a SACK.
1508	
1509		Default: 200
1510	
1511	valid_cookie_life - INTEGER
1512		The default lifetime of the SCTP cookie (in milliseconds).  The cookie
1513		is used during association establishment.
1514	
1515		Default: 60000
1516	
1517	cookie_preserve_enable - BOOLEAN
1518		Enable or disable the ability to extend the lifetime of the SCTP cookie
1519		that is used during the establishment phase of SCTP association
1520	
1521		1: Enable cookie lifetime extension.
1522		0: Disable
1523	
1524		Default: 1
1525	
1526	cookie_hmac_alg - STRING
1527		Select the hmac algorithm used when generating the cookie value sent by
1528		a listening sctp socket to a connecting client in the INIT-ACK chunk.
1529		Valid values are:
1530		* md5
1531		* sha1
1532		* none
1533		Ability to assign md5 or sha1 as the selected alg is predicated on the
1534		configuration of those algorithms at build time (CONFIG_CRYPTO_MD5 and
1535		CONFIG_CRYPTO_SHA1).
1536	
1537		Default: Dependent on configuration.  MD5 if available, else SHA1 if
1538		available, else none.
1539	
1540	rcvbuf_policy - INTEGER
1541		Determines if the receive buffer is attributed to the socket or to
1542		association.   SCTP supports the capability to create multiple
1543		associations on a single socket.  When using this capability, it is
1544		possible that a single stalled association that's buffering a lot
1545		of data may block other associations from delivering their data by
1546		consuming all of the receive buffer space.  To work around this,
1547		the rcvbuf_policy could be set to attribute the receiver buffer space
1548		to each association instead of the socket.  This prevents the described
1549		blocking.
1550	
1551		1: rcvbuf space is per association
1552		0: rcvbuf space is per socket
1553	
1554		Default: 0
1555	
1556	sndbuf_policy - INTEGER
1557		Similar to rcvbuf_policy above, this applies to send buffer space.
1558	
1559		1: Send buffer is tracked per association
1560		0: Send buffer is tracked per socket.
1561	
1562		Default: 0
1563	
1564	sctp_mem - vector of 3 INTEGERs: min, pressure, max
1565		Number of pages allowed for queueing by all SCTP sockets.
1566	
1567		min: Below this number of pages SCTP is not bothered about its
1568		memory appetite. When amount of memory allocated by SCTP exceeds
1569		this number, SCTP starts to moderate memory usage.
1570	
1571		pressure: This value was introduced to follow format of tcp_mem.
1572	
1573		max: Number of pages allowed for queueing by all SCTP sockets.
1574	
1575		Default is calculated at boot time from amount of available memory.
1576	
1577	sctp_rmem - vector of 3 INTEGERs: min, default, max
1578		Only the first value ("min") is used, "default" and "max" are
1579		ignored.
1580	
1581		min: Minimal size of receive buffer used by SCTP socket.
1582		It is guaranteed to each SCTP socket (but not association) even
1583		under moderate memory pressure.
1584	
1585		Default: 1 page
1586	
1587	sctp_wmem  - vector of 3 INTEGERs: min, default, max
1588		Currently this tunable has no effect.
1589	
1590	addr_scope_policy - INTEGER
1591		Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
1592	
1593		0   - Disable IPv4 address scoping
1594		1   - Enable IPv4 address scoping
1595		2   - Follow draft but allow IPv4 private addresses
1596		3   - Follow draft but allow IPv4 link local addresses
1597	
1598		Default: 1
1599	
1600	
1601	/proc/sys/net/core/*
1602		Please see: Documentation/sysctl/net.txt for descriptions of these entries.
1603	
1604	
1605	/proc/sys/net/unix/*
1606	max_dgram_qlen - INTEGER
1607		The maximum length of dgram socket receive queue
1608	
1609		Default: 10
1610	
1611	
1612	UNDOCUMENTED:
1613	
1614	/proc/sys/net/irda/*
1615		fast_poll_increase FIXME
1616		warn_noreply_time FIXME
1617		discovery_slots FIXME
1618		slot_timeout FIXME
1619		max_baud_rate FIXME
1620		discovery_timeout FIXME
1621		lap_keepalive_time FIXME
1622		max_noreply_time FIXME
1623		max_tx_data_size FIXME
1624		max_tx_window FIXME
1625		min_tx_turn_time FIXME
Hide Line Numbers
About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Information is copyright its respective author. All material is available from the Linux Kernel Source distributed under a GPL License. This page is provided as a free service by mjmwired.net.