About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Documentation / networking / ip-sysctl.txt




Custom Search

Based on kernel version 4.9. Page generated on 2016-12-21 14:36 EST.

1	/proc/sys/net/ipv4/* Variables:
2	
3	ip_forward - BOOLEAN
4		0 - disabled (default)
5		not 0 - enabled
6	
7		Forward Packets between interfaces.
8	
9		This variable is special, its change resets all configuration
10		parameters to their default state (RFC1122 for hosts, RFC1812
11		for routers)
12	
13	ip_default_ttl - INTEGER
14		Default value of TTL field (Time To Live) for outgoing (but not
15		forwarded) IP packets. Should be between 1 and 255 inclusive.
16		Default: 64 (as recommended by RFC1700)
17	
18	ip_no_pmtu_disc - INTEGER
19		Disable Path MTU Discovery. If enabled in mode 1 and a
20		fragmentation-required ICMP is received, the PMTU to this
21		destination will be set to min_pmtu (see below). You will need
22		to raise min_pmtu to the smallest interface MTU on your system
23		manually if you want to avoid locally generated fragments.
24	
25		In mode 2 incoming Path MTU Discovery messages will be
26		discarded. Outgoing frames are handled the same as in mode 1,
27		implicitly setting IP_PMTUDISC_DONT on every created socket.
28	
29		Mode 3 is a hardend pmtu discover mode. The kernel will only
30		accept fragmentation-needed errors if the underlying protocol
31		can verify them besides a plain socket lookup. Current
32		protocols for which pmtu events will be honored are TCP, SCTP
33		and DCCP as they verify e.g. the sequence number or the
34		association. This mode should not be enabled globally but is
35		only intended to secure e.g. name servers in namespaces where
36		TCP path mtu must still work but path MTU information of other
37		protocols should be discarded. If enabled globally this mode
38		could break other protocols.
39	
40		Possible values: 0-3
41		Default: FALSE
42	
43	min_pmtu - INTEGER
44		default 552 - minimum discovered Path MTU
45	
46	ip_forward_use_pmtu - BOOLEAN
47		By default we don't trust protocol path MTUs while forwarding
48		because they could be easily forged and can lead to unwanted
49		fragmentation by the router.
50		You only need to enable this if you have user-space software
51		which tries to discover path mtus by itself and depends on the
52		kernel honoring this information. This is normally not the
53		case.
54		Default: 0 (disabled)
55		Possible values:
56		0 - disabled
57		1 - enabled
58	
59	fwmark_reflect - BOOLEAN
60		Controls the fwmark of kernel-generated IPv4 reply packets that are not
61		associated with a socket for example, TCP RSTs or ICMP echo replies).
62		If unset, these packets have a fwmark of zero. If set, they have the
63		fwmark of the packet they are replying to.
64		Default: 0
65	
66	fib_multipath_use_neigh - BOOLEAN
67		Use status of existing neighbor entry when determining nexthop for
68		multipath routes. If disabled, neighbor information is not used and
69		packets could be directed to a failed nexthop. Only valid for kernels
70		built with CONFIG_IP_ROUTE_MULTIPATH enabled.
71		Default: 0 (disabled)
72		Possible values:
73		0 - disabled
74		1 - enabled
75	
76	route/max_size - INTEGER
77		Maximum number of routes allowed in the kernel.  Increase
78		this when using large numbers of interfaces and/or routes.
79		From linux kernel 3.6 onwards, this is deprecated for ipv4
80		as route cache is no longer used.
81	
82	neigh/default/gc_thresh1 - INTEGER
83		Minimum number of entries to keep.  Garbage collector will not
84		purge entries if there are fewer than this number.
85		Default: 128
86	
87	neigh/default/gc_thresh2 - INTEGER
88		Threshold when garbage collector becomes more aggressive about
89		purging entries. Entries older than 5 seconds will be cleared
90		when over this number.
91		Default: 512
92	
93	neigh/default/gc_thresh3 - INTEGER
94		Maximum number of neighbor entries allowed.  Increase this
95		when using large numbers of interfaces and when communicating
96		with large numbers of directly-connected peers.
97		Default: 1024
98	
99	neigh/default/unres_qlen_bytes - INTEGER
100		The maximum number of bytes which may be used by packets
101		queued for each	unresolved address by other network layers.
102		(added in linux 3.3)
103		Setting negative value is meaningless and will return error.
104		Default: 65536 Bytes(64KB)
105	
106	neigh/default/unres_qlen - INTEGER
107		The maximum number of packets which may be queued for each
108		unresolved address by other network layers.
109		(deprecated in linux 3.3) : use unres_qlen_bytes instead.
110		Prior to linux 3.3, the default value is 3 which may cause
111		unexpected packet loss. The current default value is calculated
112		according to default value of unres_qlen_bytes and true size of
113		packet.
114		Default: 31
115	
116	mtu_expires - INTEGER
117		Time, in seconds, that cached PMTU information is kept.
118	
119	min_adv_mss - INTEGER
120		The advertised MSS depends on the first hop route MTU, but will
121		never be lower than this setting.
122	
123	IP Fragmentation:
124	
125	ipfrag_high_thresh - INTEGER
126		Maximum memory used to reassemble IP fragments. When
127		ipfrag_high_thresh bytes of memory is allocated for this purpose,
128		the fragment handler will toss packets until ipfrag_low_thresh
129		is reached. This also serves as a maximum limit to namespaces
130		different from the initial one.
131	
132	ipfrag_low_thresh - INTEGER
133		Maximum memory used to reassemble IP fragments before the kernel
134		begins to remove incomplete fragment queues to free up resources.
135		The kernel still accepts new fragments for defragmentation.
136	
137	ipfrag_time - INTEGER
138		Time in seconds to keep an IP fragment in memory.
139	
140	ipfrag_max_dist - INTEGER
141		ipfrag_max_dist is a non-negative integer value which defines the
142		maximum "disorder" which is allowed among fragments which share a
143		common IP source address. Note that reordering of packets is
144		not unusual, but if a large number of fragments arrive from a source
145		IP address while a particular fragment queue remains incomplete, it
146		probably indicates that one or more fragments belonging to that queue
147		have been lost. When ipfrag_max_dist is positive, an additional check
148		is done on fragments before they are added to a reassembly queue - if
149		ipfrag_max_dist (or more) fragments have arrived from a particular IP
150		address between additions to any IP fragment queue using that source
151		address, it's presumed that one or more fragments in the queue are
152		lost. The existing fragment queue will be dropped, and a new one
153		started. An ipfrag_max_dist value of zero disables this check.
154	
155		Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can
156		result in unnecessarily dropping fragment queues when normal
157		reordering of packets occurs, which could lead to poor application
158		performance. Using a very large value, e.g. 50000, increases the
159		likelihood of incorrectly reassembling IP fragments that originate
160		from different IP datagrams, which could result in data corruption.
161		Default: 64
162	
163	INET peer storage:
164	
165	inet_peer_threshold - INTEGER
166		The approximate size of the storage.  Starting from this threshold
167		entries will be thrown aggressively.  This threshold also determines
168		entries' time-to-live and time intervals between garbage collection
169		passes.  More entries, less time-to-live, less GC interval.
170	
171	inet_peer_minttl - INTEGER
172		Minimum time-to-live of entries.  Should be enough to cover fragment
173		time-to-live on the reassembling side.  This minimum time-to-live  is
174		guaranteed if the pool size is less than inet_peer_threshold.
175		Measured in seconds.
176	
177	inet_peer_maxttl - INTEGER
178		Maximum time-to-live of entries.  Unused entries will expire after
179		this period of time if there is no memory pressure on the pool (i.e.
180		when the number of entries in the pool is very small).
181		Measured in seconds.
182	
183	TCP variables:
184	
185	somaxconn - INTEGER
186		Limit of socket listen() backlog, known in userspace as SOMAXCONN.
187		Defaults to 128.  See also tcp_max_syn_backlog for additional tuning
188		for TCP sockets.
189	
190	tcp_abort_on_overflow - BOOLEAN
191		If listening service is too slow to accept new connections,
192		reset them. Default state is FALSE. It means that if overflow
193		occurred due to a burst, connection will recover. Enable this
194		option _only_ if you are really sure that listening daemon
195		cannot be tuned to accept connections faster. Enabling this
196		option can harm clients of your server.
197	
198	tcp_adv_win_scale - INTEGER
199		Count buffering overhead as bytes/2^tcp_adv_win_scale
200		(if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
201		if it is <= 0.
202		Possible values are [-31, 31], inclusive.
203		Default: 1
204	
205	tcp_allowed_congestion_control - STRING
206		Show/set the congestion control choices available to non-privileged
207		processes. The list is a subset of those listed in
208		tcp_available_congestion_control.
209		Default is "reno" and the default setting (tcp_congestion_control).
210	
211	tcp_app_win - INTEGER
212		Reserve max(window/2^tcp_app_win, mss) of window for application
213		buffer. Value 0 is special, it means that nothing is reserved.
214		Default: 31
215	
216	tcp_autocorking - BOOLEAN
217		Enable TCP auto corking :
218		When applications do consecutive small write()/sendmsg() system calls,
219		we try to coalesce these small writes as much as possible, to lower
220		total amount of sent packets. This is done if at least one prior
221		packet for the flow is waiting in Qdisc queues or device transmit
222		queue. Applications can still use TCP_CORK for optimal behavior
223		when they know how/when to uncork their sockets.
224		Default : 1
225	
226	tcp_available_congestion_control - STRING
227		Shows the available congestion control choices that are registered.
228		More congestion control algorithms may be available as modules,
229		but not loaded.
230	
231	tcp_base_mss - INTEGER
232		The initial value of search_low to be used by the packetization layer
233		Path MTU discovery (MTU probing).  If MTU probing is enabled,
234		this is the initial MSS used by the connection.
235	
236	tcp_congestion_control - STRING
237		Set the congestion control algorithm to be used for new
238		connections. The algorithm "reno" is always available, but
239		additional choices may be available based on kernel configuration.
240		Default is set as part of kernel configuration.
241		For passive connections, the listener congestion control choice
242		is inherited.
243		[see setsockopt(listenfd, SOL_TCP, TCP_CONGESTION, "name" ...) ]
244	
245	tcp_dsack - BOOLEAN
246		Allows TCP to send "duplicate" SACKs.
247	
248	tcp_early_retrans - INTEGER
249		Enable Early Retransmit (ER), per RFC 5827. ER lowers the threshold
250		for triggering fast retransmit when the amount of outstanding data is
251		small and when no previously unsent data can be transmitted (such
252		that limited transmit could be used). Also controls the use of
253		Tail loss probe (TLP) that converts RTOs occurring due to tail
254		losses into fast recovery (draft-dukkipati-tcpm-tcp-loss-probe-01).
255		Possible values:
256			0 disables ER
257			1 enables ER
258			2 enables ER but delays fast recovery and fast retransmit
259			  by a fourth of RTT. This mitigates connection falsely
260			  recovers when network has a small degree of reordering
261			  (less than 3 packets).
262			3 enables delayed ER and TLP.
263			4 enables TLP only.
264		Default: 3
265	
266	tcp_ecn - INTEGER
267		Control use of Explicit Congestion Notification (ECN) by TCP.
268		ECN is used only when both ends of the TCP connection indicate
269		support for it.  This feature is useful in avoiding losses due
270		to congestion by allowing supporting routers to signal
271		congestion before having to drop packets.
272		Possible values are:
273			0 Disable ECN.  Neither initiate nor accept ECN.
274			1 Enable ECN when requested by incoming connections and
275			  also request ECN on outgoing connection attempts.
276			2 Enable ECN when requested by incoming connections
277			  but do not request ECN on outgoing connections.
278		Default: 2
279	
280	tcp_ecn_fallback - BOOLEAN
281		If the kernel detects that ECN connection misbehaves, enable fall
282		back to non-ECN. Currently, this knob implements the fallback
283		from RFC3168, section 6.1.1.1., but we reserve that in future,
284		additional detection mechanisms could be implemented under this
285		knob. The value	is not used, if tcp_ecn or per route (or congestion
286		control) ECN settings are disabled.
287		Default: 1 (fallback enabled)
288	
289	tcp_fack - BOOLEAN
290		Enable FACK congestion avoidance and fast retransmission.
291		The value is not used, if tcp_sack is not enabled.
292	
293	tcp_fin_timeout - INTEGER
294		The length of time an orphaned (no longer referenced by any
295		application) connection will remain in the FIN_WAIT_2 state
296		before it is aborted at the local end.  While a perfectly
297		valid "receive only" state for an un-orphaned connection, an
298		orphaned connection in FIN_WAIT_2 state could otherwise wait
299		forever for the remote to close its end of the connection.
300		Cf. tcp_max_orphans
301		Default: 60 seconds
302	
303	tcp_frto - INTEGER
304		Enables Forward RTO-Recovery (F-RTO) defined in RFC5682.
305		F-RTO is an enhanced recovery algorithm for TCP retransmission
306		timeouts.  It is particularly beneficial in networks where the
307		RTT fluctuates (e.g., wireless). F-RTO is sender-side only
308		modification. It does not require any support from the peer.
309	
310		By default it's enabled with a non-zero value. 0 disables F-RTO.
311	
312	tcp_invalid_ratelimit - INTEGER
313		Limit the maximal rate for sending duplicate acknowledgments
314		in response to incoming TCP packets that are for an existing
315		connection but that are invalid due to any of these reasons:
316	
317		  (a) out-of-window sequence number,
318		  (b) out-of-window acknowledgment number, or
319		  (c) PAWS (Protection Against Wrapped Sequence numbers) check failure
320	
321		This can help mitigate simple "ack loop" DoS attacks, wherein
322		a buggy or malicious middlebox or man-in-the-middle can
323		rewrite TCP header fields in manner that causes each endpoint
324		to think that the other is sending invalid TCP segments, thus
325		causing each side to send an unterminating stream of duplicate
326		acknowledgments for invalid segments.
327	
328		Using 0 disables rate-limiting of dupacks in response to
329		invalid segments; otherwise this value specifies the minimal
330		space between sending such dupacks, in milliseconds.
331	
332		Default: 500 (milliseconds).
333	
334	tcp_keepalive_time - INTEGER
335		How often TCP sends out keepalive messages when keepalive is enabled.
336		Default: 2hours.
337	
338	tcp_keepalive_probes - INTEGER
339		How many keepalive probes TCP sends out, until it decides that the
340		connection is broken. Default value: 9.
341	
342	tcp_keepalive_intvl - INTEGER
343		How frequently the probes are send out. Multiplied by
344		tcp_keepalive_probes it is time to kill not responding connection,
345		after probes started. Default value: 75sec i.e. connection
346		will be aborted after ~11 minutes of retries.
347	
348	tcp_l3mdev_accept - BOOLEAN
349		Enables child sockets to inherit the L3 master device index.
350		Enabling this option allows a "global" listen socket to work
351		across L3 master domains (e.g., VRFs) with connected sockets
352		derived from the listen socket to be bound to the L3 domain in
353		which the packets originated. Only valid when the kernel was
354		compiled with CONFIG_NET_L3_MASTER_DEV.
355	
356	tcp_low_latency - BOOLEAN
357		If set, the TCP stack makes decisions that prefer lower
358		latency as opposed to higher throughput.  By default, this
359		option is not set meaning that higher throughput is preferred.
360		An example of an application where this default should be
361		changed would be a Beowulf compute cluster.
362		Default: 0
363	
364	tcp_max_orphans - INTEGER
365		Maximal number of TCP sockets not attached to any user file handle,
366		held by system.	If this number is exceeded orphaned connections are
367		reset immediately and warning is printed. This limit exists
368		only to prevent simple DoS attacks, you _must_ not rely on this
369		or lower the limit artificially, but rather increase it
370		(probably, after increasing installed memory),
371		if network conditions require more than default value,
372		and tune network services to linger and kill such states
373		more aggressively. Let me to remind again: each orphan eats
374		up to ~64K of unswappable memory.
375	
376	tcp_max_syn_backlog - INTEGER
377		Maximal number of remembered connection requests, which have not
378		received an acknowledgment from connecting client.
379		The minimal value is 128 for low memory machines, and it will
380		increase in proportion to the memory of machine.
381		If server suffers from overload, try increasing this number.
382	
383	tcp_max_tw_buckets - INTEGER
384		Maximal number of timewait sockets held by system simultaneously.
385		If this number is exceeded time-wait socket is immediately destroyed
386		and warning is printed. This limit exists only to prevent
387		simple DoS attacks, you _must_ not lower the limit artificially,
388		but rather increase it (probably, after increasing installed memory),
389		if network conditions require more than default value.
390	
391	tcp_mem - vector of 3 INTEGERs: min, pressure, max
392		min: below this number of pages TCP is not bothered about its
393		memory appetite.
394	
395		pressure: when amount of memory allocated by TCP exceeds this number
396		of pages, TCP moderates its memory consumption and enters memory
397		pressure mode, which is exited when memory consumption falls
398		under "min".
399	
400		max: number of pages allowed for queueing by all TCP sockets.
401	
402		Defaults are calculated at boot time from amount of available
403		memory.
404	
405	tcp_min_rtt_wlen - INTEGER
406		The window length of the windowed min filter to track the minimum RTT.
407		A shorter window lets a flow more quickly pick up new (higher)
408		minimum RTT when it is moved to a longer path (e.g., due to traffic
409		engineering). A longer window makes the filter more resistant to RTT
410		inflations such as transient congestion. The unit is seconds.
411		Default: 300
412	
413	tcp_moderate_rcvbuf - BOOLEAN
414		If set, TCP performs receive buffer auto-tuning, attempting to
415		automatically size the buffer (no greater than tcp_rmem[2]) to
416		match the size required by the path for full throughput.  Enabled by
417		default.
418	
419	tcp_mtu_probing - INTEGER
420		Controls TCP Packetization-Layer Path MTU Discovery.  Takes three
421		values:
422		  0 - Disabled
423		  1 - Disabled by default, enabled when an ICMP black hole detected
424		  2 - Always enabled, use initial MSS of tcp_base_mss.
425	
426	tcp_probe_interval - INTEGER
427		Controls how often to start TCP Packetization-Layer Path MTU
428		Discovery reprobe. The default is reprobing every 10 minutes as
429		per RFC4821.
430	
431	tcp_probe_threshold - INTEGER
432		Controls when TCP Packetization-Layer Path MTU Discovery probing
433		will stop in respect to the width of search range in bytes. Default
434		is 8 bytes.
435	
436	tcp_no_metrics_save - BOOLEAN
437		By default, TCP saves various connection metrics in the route cache
438		when the connection closes, so that connections established in the
439		near future can use these to set initial conditions.  Usually, this
440		increases overall performance, but may sometimes cause performance
441		degradation.  If set, TCP will not cache metrics on closing
442		connections.
443	
444	tcp_orphan_retries - INTEGER
445		This value influences the timeout of a locally closed TCP connection,
446		when RTO retransmissions remain unacknowledged.
447		See tcp_retries2 for more details.
448	
449		The default value is 8.
450		If your machine is a loaded WEB server,
451		you should think about lowering this value, such sockets
452		may consume significant resources. Cf. tcp_max_orphans.
453	
454	tcp_recovery - INTEGER
455		This value is a bitmap to enable various experimental loss recovery
456		features.
457	
458		RACK: 0x1 enables the RACK loss detection for fast detection of lost
459		      retransmissions and tail drops.
460	
461		Default: 0x1
462	
463	tcp_reordering - INTEGER
464		Initial reordering level of packets in a TCP stream.
465		TCP stack can then dynamically adjust flow reordering level
466		between this initial value and tcp_max_reordering
467		Default: 3
468	
469	tcp_max_reordering - INTEGER
470		Maximal reordering level of packets in a TCP stream.
471		300 is a fairly conservative value, but you might increase it
472		if paths are using per packet load balancing (like bonding rr mode)
473		Default: 300
474	
475	tcp_retrans_collapse - BOOLEAN
476		Bug-to-bug compatibility with some broken printers.
477		On retransmit try to send bigger packets to work around bugs in
478		certain TCP stacks.
479	
480	tcp_retries1 - INTEGER
481		This value influences the time, after which TCP decides, that
482		something is wrong due to unacknowledged RTO retransmissions,
483		and reports this suspicion to the network layer.
484		See tcp_retries2 for more details.
485	
486		RFC 1122 recommends at least 3 retransmissions, which is the
487		default.
488	
489	tcp_retries2 - INTEGER
490		This value influences the timeout of an alive TCP connection,
491		when RTO retransmissions remain unacknowledged.
492		Given a value of N, a hypothetical TCP connection following
493		exponential backoff with an initial RTO of TCP_RTO_MIN would
494		retransmit N times before killing the connection at the (N+1)th RTO.
495	
496		The default value of 15 yields a hypothetical timeout of 924.6
497		seconds and is a lower bound for the effective timeout.
498		TCP will effectively time out at the first RTO which exceeds the
499		hypothetical timeout.
500	
501		RFC 1122 recommends at least 100 seconds for the timeout,
502		which corresponds to a value of at least 8.
503	
504	tcp_rfc1337 - BOOLEAN
505		If set, the TCP stack behaves conforming to RFC1337. If unset,
506		we are not conforming to RFC, but prevent TCP TIME_WAIT
507		assassination.
508		Default: 0
509	
510	tcp_rmem - vector of 3 INTEGERs: min, default, max
511		min: Minimal size of receive buffer used by TCP sockets.
512		It is guaranteed to each TCP socket, even under moderate memory
513		pressure.
514		Default: 1 page
515	
516		default: initial size of receive buffer used by TCP sockets.
517		This value overrides net.core.rmem_default used by other protocols.
518		Default: 87380 bytes. This value results in window of 65535 with
519		default setting of tcp_adv_win_scale and tcp_app_win:0 and a bit
520		less for default tcp_app_win. See below about these variables.
521	
522		max: maximal size of receive buffer allowed for automatically
523		selected receiver buffers for TCP socket. This value does not override
524		net.core.rmem_max.  Calling setsockopt() with SO_RCVBUF disables
525		automatic tuning of that socket's receive buffer size, in which
526		case this value is ignored.
527		Default: between 87380B and 6MB, depending on RAM size.
528	
529	tcp_sack - BOOLEAN
530		Enable select acknowledgments (SACKS).
531	
532	tcp_slow_start_after_idle - BOOLEAN
533		If set, provide RFC2861 behavior and time out the congestion
534		window after an idle period.  An idle period is defined at
535		the current RTO.  If unset, the congestion window will not
536		be timed out after an idle period.
537		Default: 1
538	
539	tcp_stdurg - BOOLEAN
540		Use the Host requirements interpretation of the TCP urgent pointer field.
541		Most hosts use the older BSD interpretation, so if you turn this on
542		Linux might not communicate correctly with them.
543		Default: FALSE
544	
545	tcp_synack_retries - INTEGER
546		Number of times SYNACKs for a passive TCP connection attempt will
547		be retransmitted. Should not be higher than 255. Default value
548		is 5, which corresponds to 31seconds till the last retransmission
549		with the current initial RTO of 1second. With this the final timeout
550		for a passive TCP connection will happen after 63seconds.
551	
552	tcp_syncookies - BOOLEAN
553		Only valid when the kernel was compiled with CONFIG_SYN_COOKIES
554		Send out syncookies when the syn backlog queue of a socket
555		overflows. This is to prevent against the common 'SYN flood attack'
556		Default: 1
557	
558		Note, that syncookies is fallback facility.
559		It MUST NOT be used to help highly loaded servers to stand
560		against legal connection rate. If you see SYN flood warnings
561		in your logs, but investigation	shows that they occur
562		because of overload with legal connections, you should tune
563		another parameters until this warning disappear.
564		See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.
565	
566		syncookies seriously violate TCP protocol, do not allow
567		to use TCP extensions, can result in serious degradation
568		of some services (f.e. SMTP relaying), visible not by you,
569		but your clients and relays, contacting you. While you see
570		SYN flood warnings in logs not being really flooded, your server
571		is seriously misconfigured.
572	
573		If you want to test which effects syncookies have to your
574		network connections you can set this knob to 2 to enable
575		unconditionally generation of syncookies.
576	
577	tcp_fastopen - INTEGER
578		Enable TCP Fast Open (RFC7413) to send and accept data in the opening
579		SYN packet.
580	
581		The client support is enabled by flag 0x1 (on by default). The client
582		then must use sendmsg() or sendto() with the MSG_FASTOPEN flag,
583		rather than connect() to send data in SYN.
584	
585		The server support is enabled by flag 0x2 (off by default). Then
586		either enable for all listeners with another flag (0x400) or
587		enable individual listeners via TCP_FASTOPEN socket option with
588		the option value being the length of the syn-data backlog.
589	
590		The values (bitmap) are
591		  0x1: (client) enables sending data in the opening SYN on the client.
592		  0x2: (server) enables the server support, i.e., allowing data in
593				a SYN packet to be accepted and passed to the
594				application before 3-way handshake finishes.
595		  0x4: (client) send data in the opening SYN regardless of cookie
596				availability and without a cookie option.
597		0x200: (server) accept data-in-SYN w/o any cookie option present.
598		0x400: (server) enable all listeners to support Fast Open by
599				default without explicit TCP_FASTOPEN socket option.
600	
601		Default: 0x1
602	
603		Note that that additional client or server features are only
604		effective if the basic support (0x1 and 0x2) are enabled respectively.
605	
606	tcp_syn_retries - INTEGER
607		Number of times initial SYNs for an active TCP connection attempt
608		will be retransmitted. Should not be higher than 127. Default value
609		is 6, which corresponds to 63seconds till the last retransmission
610		with the current initial RTO of 1second. With this the final timeout
611		for an active TCP connection attempt will happen after 127seconds.
612	
613	tcp_timestamps - BOOLEAN
614		Enable timestamps as defined in RFC1323.
615	
616	tcp_min_tso_segs - INTEGER
617		Minimal number of segments per TSO frame.
618		Since linux-3.12, TCP does an automatic sizing of TSO frames,
619		depending on flow rate, instead of filling 64Kbytes packets.
620		For specific usages, it's possible to force TCP to build big
621		TSO frames. Note that TCP stack might split too big TSO packets
622		if available window is too small.
623		Default: 2
624	
625	tcp_pacing_ss_ratio - INTEGER
626		sk->sk_pacing_rate is set by TCP stack using a ratio applied
627		to current rate. (current_rate = cwnd * mss / srtt)
628		If TCP is in slow start, tcp_pacing_ss_ratio is applied
629		to let TCP probe for bigger speeds, assuming cwnd can be
630		doubled every other RTT.
631		Default: 200
632	
633	tcp_pacing_ca_ratio - INTEGER
634		sk->sk_pacing_rate is set by TCP stack using a ratio applied
635		to current rate. (current_rate = cwnd * mss / srtt)
636		If TCP is in congestion avoidance phase, tcp_pacing_ca_ratio
637		is applied to conservatively probe for bigger throughput.
638		Default: 120
639	
640	tcp_tso_win_divisor - INTEGER
641		This allows control over what percentage of the congestion window
642		can be consumed by a single TSO frame.
643		The setting of this parameter is a choice between burstiness and
644		building larger TSO frames.
645		Default: 3
646	
647	tcp_tw_recycle - BOOLEAN
648		Enable fast recycling TIME-WAIT sockets. Default value is 0.
649		It should not be changed without advice/request of technical
650		experts.
651	
652	tcp_tw_reuse - BOOLEAN
653		Allow to reuse TIME-WAIT sockets for new connections when it is
654		safe from protocol viewpoint. Default value is 0.
655		It should not be changed without advice/request of technical
656		experts.
657	
658	tcp_window_scaling - BOOLEAN
659		Enable window scaling as defined in RFC1323.
660	
661	tcp_wmem - vector of 3 INTEGERs: min, default, max
662		min: Amount of memory reserved for send buffers for TCP sockets.
663		Each TCP socket has rights to use it due to fact of its birth.
664		Default: 1 page
665	
666		default: initial size of send buffer used by TCP sockets.  This
667		value overrides net.core.wmem_default used by other protocols.
668		It is usually lower than net.core.wmem_default.
669		Default: 16K
670	
671		max: Maximal amount of memory allowed for automatically tuned
672		send buffers for TCP sockets. This value does not override
673		net.core.wmem_max.  Calling setsockopt() with SO_SNDBUF disables
674		automatic tuning of that socket's send buffer size, in which case
675		this value is ignored.
676		Default: between 64K and 4MB, depending on RAM size.
677	
678	tcp_notsent_lowat - UNSIGNED INTEGER
679		A TCP socket can control the amount of unsent bytes in its write queue,
680		thanks to TCP_NOTSENT_LOWAT socket option. poll()/select()/epoll()
681		reports POLLOUT events if the amount of unsent bytes is below a per
682		socket value, and if the write queue is not full. sendmsg() will
683		also not add new buffers if the limit is hit.
684	
685		This global variable controls the amount of unsent data for
686		sockets not using TCP_NOTSENT_LOWAT. For these sockets, a change
687		to the global variable has immediate effect.
688	
689		Default: UINT_MAX (0xFFFFFFFF)
690	
691	tcp_workaround_signed_windows - BOOLEAN
692		If set, assume no receipt of a window scaling option means the
693		remote TCP is broken and treats the window as a signed quantity.
694		If unset, assume the remote TCP is not broken even if we do
695		not receive a window scaling option from them.
696		Default: 0
697	
698	tcp_thin_linear_timeouts - BOOLEAN
699		Enable dynamic triggering of linear timeouts for thin streams.
700		If set, a check is performed upon retransmission by timeout to
701		determine if the stream is thin (less than 4 packets in flight).
702		As long as the stream is found to be thin, up to 6 linear
703		timeouts may be performed before exponential backoff mode is
704		initiated. This improves retransmission latency for
705		non-aggressive thin streams, often found to be time-dependent.
706		For more information on thin streams, see
707		Documentation/networking/tcp-thin.txt
708		Default: 0
709	
710	tcp_thin_dupack - BOOLEAN
711		Enable dynamic triggering of retransmissions after one dupACK
712		for thin streams. If set, a check is performed upon reception
713		of a dupACK to determine if the stream is thin (less than 4
714		packets in flight). As long as the stream is found to be thin,
715		data is retransmitted on the first received dupACK. This
716		improves retransmission latency for non-aggressive thin
717		streams, often found to be time-dependent.
718		For more information on thin streams, see
719		Documentation/networking/tcp-thin.txt
720		Default: 0
721	
722	tcp_limit_output_bytes - INTEGER
723		Controls TCP Small Queue limit per tcp socket.
724		TCP bulk sender tends to increase packets in flight until it
725		gets losses notifications. With SNDBUF autotuning, this can
726		result in a large amount of packets queued in qdisc/device
727		on the local machine, hurting latency of other flows, for
728		typical pfifo_fast qdiscs.
729		tcp_limit_output_bytes limits the number of bytes on qdisc
730		or device to reduce artificial RTT/cwnd and reduce bufferbloat.
731		Default: 262144
732	
733	tcp_challenge_ack_limit - INTEGER
734		Limits number of Challenge ACK sent per second, as recommended
735		in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
736		Default: 100
737	
738	UDP variables:
739	
740	udp_mem - vector of 3 INTEGERs: min, pressure, max
741		Number of pages allowed for queueing by all UDP sockets.
742	
743		min: Below this number of pages UDP is not bothered about its
744		memory appetite. When amount of memory allocated by UDP exceeds
745		this number, UDP starts to moderate memory usage.
746	
747		pressure: This value was introduced to follow format of tcp_mem.
748	
749		max: Number of pages allowed for queueing by all UDP sockets.
750	
751		Default is calculated at boot time from amount of available memory.
752	
753	udp_rmem_min - INTEGER
754		Minimal size of receive buffer used by UDP sockets in moderation.
755		Each UDP socket is able to use the size for receiving data, even if
756		total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
757		Default: 1 page
758	
759	udp_wmem_min - INTEGER
760		Minimal size of send buffer used by UDP sockets in moderation.
761		Each UDP socket is able to use the size for sending data, even if
762		total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
763		Default: 1 page
764	
765	CIPSOv4 Variables:
766	
767	cipso_cache_enable - BOOLEAN
768		If set, enable additions to and lookups from the CIPSO label mapping
769		cache.  If unset, additions are ignored and lookups always result in a
770		miss.  However, regardless of the setting the cache is still
771		invalidated when required when means you can safely toggle this on and
772		off and the cache will always be "safe".
773		Default: 1
774	
775	cipso_cache_bucket_size - INTEGER
776		The CIPSO label cache consists of a fixed size hash table with each
777		hash bucket containing a number of cache entries.  This variable limits
778		the number of entries in each hash bucket; the larger the value the
779		more CIPSO label mappings that can be cached.  When the number of
780		entries in a given hash bucket reaches this limit adding new entries
781		causes the oldest entry in the bucket to be removed to make room.
782		Default: 10
783	
784	cipso_rbm_optfmt - BOOLEAN
785		Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of
786		the CIPSO draft specification (see Documentation/netlabel for details).
787		This means that when set the CIPSO tag will be padded with empty
788		categories in order to make the packet data 32-bit aligned.
789		Default: 0
790	
791	cipso_rbm_structvalid - BOOLEAN
792		If set, do a very strict check of the CIPSO option when
793		ip_options_compile() is called.  If unset, relax the checks done during
794		ip_options_compile().  Either way is "safe" as errors are caught else
795		where in the CIPSO processing code but setting this to 0 (False) should
796		result in less work (i.e. it should be faster) but could cause problems
797		with other implementations that require strict checking.
798		Default: 0
799	
800	IP Variables:
801	
802	ip_local_port_range - 2 INTEGERS
803		Defines the local port range that is used by TCP and UDP to
804		choose the local port. The first number is the first, the
805		second the last local port number.
806		If possible, it is better these numbers have different parity.
807		(one even and one odd values)
808		The default values are 32768 and 60999 respectively.
809	
810	ip_local_reserved_ports - list of comma separated ranges
811		Specify the ports which are reserved for known third-party
812		applications. These ports will not be used by automatic port
813		assignments (e.g. when calling connect() or bind() with port
814		number 0). Explicit port allocation behavior is unchanged.
815	
816		The format used for both input and output is a comma separated
817		list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
818		10). Writing to the file will clear all previously reserved
819		ports and update the current list with the one given in the
820		input.
821	
822		Note that ip_local_port_range and ip_local_reserved_ports
823		settings are independent and both are considered by the kernel
824		when determining which ports are available for automatic port
825		assignments.
826	
827		You can reserve ports which are not in the current
828		ip_local_port_range, e.g.:
829	
830		$ cat /proc/sys/net/ipv4/ip_local_port_range
831		32000	60999
832		$ cat /proc/sys/net/ipv4/ip_local_reserved_ports
833		8080,9148
834	
835		although this is redundant. However such a setting is useful
836		if later the port range is changed to a value that will
837		include the reserved ports.
838	
839		Default: Empty
840	
841	ip_nonlocal_bind - BOOLEAN
842		If set, allows processes to bind() to non-local IP addresses,
843		which can be quite useful - but may break some applications.
844		Default: 0
845	
846	ip_dynaddr - BOOLEAN
847		If set non-zero, enables support for dynamic addresses.
848		If set to a non-zero value larger than 1, a kernel log
849		message will be printed when dynamic address rewriting
850		occurs.
851		Default: 0
852	
853	ip_early_demux - BOOLEAN
854		Optimize input packet processing down to one demux for
855		certain kinds of local sockets.  Currently we only do this
856		for established TCP sockets.
857	
858		It may add an additional cost for pure routing workloads that
859		reduces overall throughput, in such case you should disable it.
860		Default: 1
861	
862	icmp_echo_ignore_all - BOOLEAN
863		If set non-zero, then the kernel will ignore all ICMP ECHO
864		requests sent to it.
865		Default: 0
866	
867	icmp_echo_ignore_broadcasts - BOOLEAN
868		If set non-zero, then the kernel will ignore all ICMP ECHO and
869		TIMESTAMP requests sent to it via broadcast/multicast.
870		Default: 1
871	
872	icmp_ratelimit - INTEGER
873		Limit the maximal rates for sending ICMP packets whose type matches
874		icmp_ratemask (see below) to specific targets.
875		0 to disable any limiting,
876		otherwise the minimal space between responses in milliseconds.
877		Note that another sysctl, icmp_msgs_per_sec limits the number
878		of ICMP packets	sent on all targets.
879		Default: 1000
880	
881	icmp_msgs_per_sec - INTEGER
882		Limit maximal number of ICMP packets sent per second from this host.
883		Only messages whose type matches icmp_ratemask (see below) are
884		controlled by this limit.
885		Default: 1000
886	
887	icmp_msgs_burst - INTEGER
888		icmp_msgs_per_sec controls number of ICMP packets sent per second,
889		while icmp_msgs_burst controls the burst size of these packets.
890		Default: 50
891	
892	icmp_ratemask - INTEGER
893		Mask made of ICMP types for which rates are being limited.
894		Significant bits: IHGFEDCBA9876543210
895		Default mask:     0000001100000011000 (6168)
896	
897		Bit definitions (see include/linux/icmp.h):
898			0 Echo Reply
899			3 Destination Unreachable *
900			4 Source Quench *
901			5 Redirect
902			8 Echo Request
903			B Time Exceeded *
904			C Parameter Problem *
905			D Timestamp Request
906			E Timestamp Reply
907			F Info Request
908			G Info Reply
909			H Address Mask Request
910			I Address Mask Reply
911	
912		* These are rate limited by default (see default mask above)
913	
914	icmp_ignore_bogus_error_responses - BOOLEAN
915		Some routers violate RFC1122 by sending bogus responses to broadcast
916		frames.  Such violations are normally logged via a kernel warning.
917		If this is set to TRUE, the kernel will not give such warnings, which
918		will avoid log file clutter.
919		Default: 1
920	
921	icmp_errors_use_inbound_ifaddr - BOOLEAN
922	
923		If zero, icmp error messages are sent with the primary address of
924		the exiting interface.
925	
926		If non-zero, the message will be sent with the primary address of
927		the interface that received the packet that caused the icmp error.
928		This is the behaviour network many administrators will expect from
929		a router. And it can make debugging complicated network layouts
930		much easier.
931	
932		Note that if no primary address exists for the interface selected,
933		then the primary address of the first non-loopback interface that
934		has one will be used regardless of this setting.
935	
936		Default: 0
937	
938	igmp_max_memberships - INTEGER
939		Change the maximum number of multicast groups we can subscribe to.
940		Default: 20
941	
942		Theoretical maximum value is bounded by having to send a membership
943		report in a single datagram (i.e. the report can't span multiple
944		datagrams, or risk confusing the switch and leaving groups you don't
945		intend to).
946	
947		The number of supported groups 'M' is bounded by the number of group
948		report entries you can fit into a single datagram of 65535 bytes.
949	
950		M = 65536-sizeof (ip header)/(sizeof(Group record))
951	
952		Group records are variable length, with a minimum of 12 bytes.
953		So net.ipv4.igmp_max_memberships should not be set higher than:
954	
955		(65536-24) / 12 = 5459
956	
957		The value 5459 assumes no IP header options, so in practice
958		this number may be lower.
959	
960	igmp_max_msf - INTEGER
961		Maximum number of addresses allowed in the source filter list for a
962		multicast group.
963		Default: 10
964	
965	igmp_qrv - INTEGER
966		Controls the IGMP query robustness variable (see RFC2236 8.1).
967		Default: 2 (as specified by RFC2236 8.1)
968		Minimum: 1 (as specified by RFC6636 4.5)
969	
970	conf/interface/*  changes special settings per interface (where
971	"interface" is the name of your network interface)
972	
973	conf/all/*	  is special, changes the settings for all interfaces
974	
975	log_martians - BOOLEAN
976		Log packets with impossible addresses to kernel log.
977		log_martians for the interface will be enabled if at least one of
978		conf/{all,interface}/log_martians is set to TRUE,
979		it will be disabled otherwise
980	
981	accept_redirects - BOOLEAN
982		Accept ICMP redirect messages.
983		accept_redirects for the interface will be enabled if:
984		- both conf/{all,interface}/accept_redirects are TRUE in the case
985		  forwarding for the interface is enabled
986		or
987		- at least one of conf/{all,interface}/accept_redirects is TRUE in the
988		  case forwarding for the interface is disabled
989		accept_redirects for the interface will be disabled otherwise
990		default TRUE (host)
991			FALSE (router)
992	
993	forwarding - BOOLEAN
994		Enable IP forwarding on this interface.
995	
996	mc_forwarding - BOOLEAN
997		Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
998		and a multicast routing daemon is required.
999		conf/all/mc_forwarding must also be set to TRUE to enable multicast
1000		routing	for the interface
1001	
1002	medium_id - INTEGER
1003		Integer value used to differentiate the devices by the medium they
1004		are attached to. Two devices can have different id values when
1005		the broadcast packets are received only on one of them.
1006		The default value 0 means that the device is the only interface
1007		to its medium, value of -1 means that medium is not known.
1008	
1009		Currently, it is used to change the proxy_arp behavior:
1010		the proxy_arp feature is enabled for packets forwarded between
1011		two devices attached to different media.
1012	
1013	proxy_arp - BOOLEAN
1014		Do proxy arp.
1015		proxy_arp for the interface will be enabled if at least one of
1016		conf/{all,interface}/proxy_arp is set to TRUE,
1017		it will be disabled otherwise
1018	
1019	proxy_arp_pvlan - BOOLEAN
1020		Private VLAN proxy arp.
1021		Basically allow proxy arp replies back to the same interface
1022		(from which the ARP request/solicitation was received).
1023	
1024		This is done to support (ethernet) switch features, like RFC
1025		3069, where the individual ports are NOT allowed to
1026		communicate with each other, but they are allowed to talk to
1027		the upstream router.  As described in RFC 3069, it is possible
1028		to allow these hosts to communicate through the upstream
1029		router by proxy_arp'ing. Don't need to be used together with
1030		proxy_arp.
1031	
1032		This technology is known by different names:
1033		  In RFC 3069 it is called VLAN Aggregation.
1034		  Cisco and Allied Telesyn call it Private VLAN.
1035		  Hewlett-Packard call it Source-Port filtering or port-isolation.
1036		  Ericsson call it MAC-Forced Forwarding (RFC Draft).
1037	
1038	shared_media - BOOLEAN
1039		Send(router) or accept(host) RFC1620 shared media redirects.
1040		Overrides secure_redirects.
1041		shared_media for the interface will be enabled if at least one of
1042		conf/{all,interface}/shared_media is set to TRUE,
1043		it will be disabled otherwise
1044		default TRUE
1045	
1046	secure_redirects - BOOLEAN
1047		Accept ICMP redirect messages only to gateways listed in the
1048		interface's current gateway list. Even if disabled, RFC1122 redirect
1049		rules still apply.
1050		Overridden by shared_media.
1051		secure_redirects for the interface will be enabled if at least one of
1052		conf/{all,interface}/secure_redirects is set to TRUE,
1053		it will be disabled otherwise
1054		default TRUE
1055	
1056	send_redirects - BOOLEAN
1057		Send redirects, if router.
1058		send_redirects for the interface will be enabled if at least one of
1059		conf/{all,interface}/send_redirects is set to TRUE,
1060		it will be disabled otherwise
1061		Default: TRUE
1062	
1063	bootp_relay - BOOLEAN
1064		Accept packets with source address 0.b.c.d destined
1065		not to this host as local ones. It is supposed, that
1066		BOOTP relay daemon will catch and forward such packets.
1067		conf/all/bootp_relay must also be set to TRUE to enable BOOTP relay
1068		for the interface
1069		default FALSE
1070		Not Implemented Yet.
1071	
1072	accept_source_route - BOOLEAN
1073		Accept packets with SRR option.
1074		conf/all/accept_source_route must also be set to TRUE to accept packets
1075		with SRR option on the interface
1076		default TRUE (router)
1077			FALSE (host)
1078	
1079	accept_local - BOOLEAN
1080		Accept packets with local source addresses. In combination with
1081		suitable routing, this can be used to direct packets between two
1082		local interfaces over the wire and have them accepted properly.
1083		default FALSE
1084	
1085	route_localnet - BOOLEAN
1086		Do not consider loopback addresses as martian source or destination
1087		while routing. This enables the use of 127/8 for local routing purposes.
1088		default FALSE
1089	
1090	rp_filter - INTEGER
1091		0 - No source validation.
1092		1 - Strict mode as defined in RFC3704 Strict Reverse Path
1093		    Each incoming packet is tested against the FIB and if the interface
1094		    is not the best reverse path the packet check will fail.
1095		    By default failed packets are discarded.
1096		2 - Loose mode as defined in RFC3704 Loose Reverse Path
1097		    Each incoming packet's source address is also tested against the FIB
1098		    and if the source address is not reachable via any interface
1099		    the packet check will fail.
1100	
1101		Current recommended practice in RFC3704 is to enable strict mode
1102		to prevent IP spoofing from DDos attacks. If using asymmetric routing
1103		or other complicated routing, then loose mode is recommended.
1104	
1105		The max value from conf/{all,interface}/rp_filter is used
1106		when doing source validation on the {interface}.
1107	
1108		Default value is 0. Note that some distributions enable it
1109		in startup scripts.
1110	
1111	arp_filter - BOOLEAN
1112		1 - Allows you to have multiple network interfaces on the same
1113		subnet, and have the ARPs for each interface be answered
1114		based on whether or not the kernel would route a packet from
1115		the ARP'd IP out that interface (therefore you must use source
1116		based routing for this to work). In other words it allows control
1117		of which cards (usually 1) will respond to an arp request.
1118	
1119		0 - (default) The kernel can respond to arp requests with addresses
1120		from other interfaces. This may seem wrong but it usually makes
1121		sense, because it increases the chance of successful communication.
1122		IP addresses are owned by the complete host on Linux, not by
1123		particular interfaces. Only for more complex setups like load-
1124		balancing, does this behaviour cause problems.
1125	
1126		arp_filter for the interface will be enabled if at least one of
1127		conf/{all,interface}/arp_filter is set to TRUE,
1128		it will be disabled otherwise
1129	
1130	arp_announce - INTEGER
1131		Define different restriction levels for announcing the local
1132		source IP address from IP packets in ARP requests sent on
1133		interface:
1134		0 - (default) Use any local address, configured on any interface
1135		1 - Try to avoid local addresses that are not in the target's
1136		subnet for this interface. This mode is useful when target
1137		hosts reachable via this interface require the source IP
1138		address in ARP requests to be part of their logical network
1139		configured on the receiving interface. When we generate the
1140		request we will check all our subnets that include the
1141		target IP and will preserve the source address if it is from
1142		such subnet. If there is no such subnet we select source
1143		address according to the rules for level 2.
1144		2 - Always use the best local address for this target.
1145		In this mode we ignore the source address in the IP packet
1146		and try to select local address that we prefer for talks with
1147		the target host. Such local address is selected by looking
1148		for primary IP addresses on all our subnets on the outgoing
1149		interface that include the target IP address. If no suitable
1150		local address is found we select the first local address
1151		we have on the outgoing interface or on all other interfaces,
1152		with the hope we will receive reply for our request and
1153		even sometimes no matter the source IP address we announce.
1154	
1155		The max value from conf/{all,interface}/arp_announce is used.
1156	
1157		Increasing the restriction level gives more chance for
1158		receiving answer from the resolved target while decreasing
1159		the level announces more valid sender's information.
1160	
1161	arp_ignore - INTEGER
1162		Define different modes for sending replies in response to
1163		received ARP requests that resolve local target IP addresses:
1164		0 - (default): reply for any local target IP address, configured
1165		on any interface
1166		1 - reply only if the target IP address is local address
1167		configured on the incoming interface
1168		2 - reply only if the target IP address is local address
1169		configured on the incoming interface and both with the
1170		sender's IP address are part from same subnet on this interface
1171		3 - do not reply for local addresses configured with scope host,
1172		only resolutions for global and link addresses are replied
1173		4-7 - reserved
1174		8 - do not reply for all local addresses
1175	
1176		The max value from conf/{all,interface}/arp_ignore is used
1177		when ARP request is received on the {interface}
1178	
1179	arp_notify - BOOLEAN
1180		Define mode for notification of address and device changes.
1181		0 - (default): do nothing
1182		1 - Generate gratuitous arp requests when device is brought up
1183		    or hardware address changes.
1184	
1185	arp_accept - BOOLEAN
1186		Define behavior for gratuitous ARP frames who's IP is not
1187		already present in the ARP table:
1188		0 - don't create new entries in the ARP table
1189		1 - create new entries in the ARP table
1190	
1191		Both replies and requests type gratuitous arp will trigger the
1192		ARP table to be updated, if this setting is on.
1193	
1194		If the ARP table already contains the IP address of the
1195		gratuitous arp frame, the arp table will be updated regardless
1196		if this setting is on or off.
1197	
1198	mcast_solicit - INTEGER
1199		The maximum number of multicast probes in INCOMPLETE state,
1200		when the associated hardware address is unknown.  Defaults
1201		to 3.
1202	
1203	ucast_solicit - INTEGER
1204		The maximum number of unicast probes in PROBE state, when
1205		the hardware address is being reconfirmed.  Defaults to 3.
1206	
1207	app_solicit - INTEGER
1208		The maximum number of probes to send to the user space ARP daemon
1209		via netlink before dropping back to multicast probes (see
1210		mcast_resolicit).  Defaults to 0.
1211	
1212	mcast_resolicit - INTEGER
1213		The maximum number of multicast probes after unicast and
1214		app probes in PROBE state.  Defaults to 0.
1215	
1216	disable_policy - BOOLEAN
1217		Disable IPSEC policy (SPD) for this interface
1218	
1219	disable_xfrm - BOOLEAN
1220		Disable IPSEC encryption on this interface, whatever the policy
1221	
1222	igmpv2_unsolicited_report_interval - INTEGER
1223		The interval in milliseconds in which the next unsolicited
1224		IGMPv1 or IGMPv2 report retransmit will take place.
1225		Default: 10000 (10 seconds)
1226	
1227	igmpv3_unsolicited_report_interval - INTEGER
1228		The interval in milliseconds in which the next unsolicited
1229		IGMPv3 report retransmit will take place.
1230		Default: 1000 (1 seconds)
1231	
1232	promote_secondaries - BOOLEAN
1233		When a primary IP address is removed from this interface
1234		promote a corresponding secondary IP address instead of
1235		removing all the corresponding secondary IP addresses.
1236	
1237	drop_unicast_in_l2_multicast - BOOLEAN
1238		Drop any unicast IP packets that are received in link-layer
1239		multicast (or broadcast) frames.
1240		This behavior (for multicast) is actually a SHOULD in RFC
1241		1122, but is disabled by default for compatibility reasons.
1242		Default: off (0)
1243	
1244	drop_gratuitous_arp - BOOLEAN
1245		Drop all gratuitous ARP frames, for example if there's a known
1246		good ARP proxy on the network and such frames need not be used
1247		(or in the case of 802.11, must not be used to prevent attacks.)
1248		Default: off (0)
1249	
1250	
1251	tag - INTEGER
1252		Allows you to write a number, which can be used as required.
1253		Default value is 0.
1254	
1255	xfrm4_gc_thresh - INTEGER
1256		The threshold at which we will start garbage collecting for IPv4
1257		destination cache entries.  At twice this value the system will
1258		refuse new allocations. The value must be set below the flowcache
1259		limit (4096 * number of online cpus) to take effect.
1260	
1261	igmp_link_local_mcast_reports - BOOLEAN
1262		Enable IGMP reports for link local multicast groups in the
1263		224.0.0.X range.
1264		Default TRUE
1265	
1266	Alexey Kuznetsov.
1267	kuznet@ms2.inr.ac.ru
1268	
1269	Updated by:
1270	Andi Kleen
1271	ak@muc.de
1272	Nicolas Delon
1273	delon.nicolas@wanadoo.fr
1274	
1275	
1276	
1277	
1278	/proc/sys/net/ipv6/* Variables:
1279	
1280	IPv6 has no global variables such as tcp_*.  tcp_* settings under ipv4/ also
1281	apply to IPv6 [XXX?].
1282	
1283	bindv6only - BOOLEAN
1284		Default value for IPV6_V6ONLY socket option,
1285		which restricts use of the IPv6 socket to IPv6 communication
1286		only.
1287			TRUE: disable IPv4-mapped address feature
1288			FALSE: enable IPv4-mapped address feature
1289	
1290		Default: FALSE (as specified in RFC3493)
1291	
1292	flowlabel_consistency - BOOLEAN
1293		Protect the consistency (and unicity) of flow label.
1294		You have to disable it to use IPV6_FL_F_REFLECT flag on the
1295		flow label manager.
1296		TRUE: enabled
1297		FALSE: disabled
1298		Default: TRUE
1299	
1300	auto_flowlabels - INTEGER
1301		Automatically generate flow labels based on a flow hash of the
1302		packet. This allows intermediate devices, such as routers, to
1303		identify packet flows for mechanisms like Equal Cost Multipath
1304		Routing (see RFC 6438).
1305		0: automatic flow labels are completely disabled
1306		1: automatic flow labels are enabled by default, they can be
1307		   disabled on a per socket basis using the IPV6_AUTOFLOWLABEL
1308		   socket option
1309		2: automatic flow labels are allowed, they may be enabled on a
1310		   per socket basis using the IPV6_AUTOFLOWLABEL socket option
1311		3: automatic flow labels are enabled and enforced, they cannot
1312		   be disabled by the socket option
1313		Default: 1
1314	
1315	flowlabel_state_ranges - BOOLEAN
1316		Split the flow label number space into two ranges. 0-0x7FFFF is
1317		reserved for the IPv6 flow manager facility, 0x80000-0xFFFFF
1318		is reserved for stateless flow labels as described in RFC6437.
1319		TRUE: enabled
1320		FALSE: disabled
1321		Default: true
1322	
1323	anycast_src_echo_reply - BOOLEAN
1324		Controls the use of anycast addresses as source addresses for ICMPv6
1325		echo reply
1326		TRUE:  enabled
1327		FALSE: disabled
1328		Default: FALSE
1329	
1330	idgen_delay - INTEGER
1331		Controls the delay in seconds after which time to retry
1332		privacy stable address generation if a DAD conflict is
1333		detected.
1334		Default: 1 (as specified in RFC7217)
1335	
1336	idgen_retries - INTEGER
1337		Controls the number of retries to generate a stable privacy
1338		address if a DAD conflict is detected.
1339		Default: 3 (as specified in RFC7217)
1340	
1341	mld_qrv - INTEGER
1342		Controls the MLD query robustness variable (see RFC3810 9.1).
1343		Default: 2 (as specified by RFC3810 9.1)
1344		Minimum: 1 (as specified by RFC6636 4.5)
1345	
1346	IPv6 Fragmentation:
1347	
1348	ip6frag_high_thresh - INTEGER
1349		Maximum memory used to reassemble IPv6 fragments. When
1350		ip6frag_high_thresh bytes of memory is allocated for this purpose,
1351		the fragment handler will toss packets until ip6frag_low_thresh
1352		is reached.
1353	
1354	ip6frag_low_thresh - INTEGER
1355		See ip6frag_high_thresh
1356	
1357	ip6frag_time - INTEGER
1358		Time in seconds to keep an IPv6 fragment in memory.
1359	
1360	conf/default/*:
1361		Change the interface-specific default settings.
1362	
1363	
1364	conf/all/*:
1365		Change all the interface-specific settings.
1366	
1367		[XXX:  Other special features than forwarding?]
1368	
1369	conf/all/forwarding - BOOLEAN
1370		Enable global IPv6 forwarding between all interfaces.
1371	
1372		IPv4 and IPv6 work differently here; e.g. netfilter must be used
1373		to control which interfaces may forward packets and which not.
1374	
1375		This also sets all interfaces' Host/Router setting
1376		'forwarding' to the specified value.  See below for details.
1377	
1378		This referred to as global forwarding.
1379	
1380	proxy_ndp - BOOLEAN
1381		Do proxy ndp.
1382	
1383	fwmark_reflect - BOOLEAN
1384		Controls the fwmark of kernel-generated IPv6 reply packets that are not
1385		associated with a socket for example, TCP RSTs or ICMPv6 echo replies).
1386		If unset, these packets have a fwmark of zero. If set, they have the
1387		fwmark of the packet they are replying to.
1388		Default: 0
1389	
1390	conf/interface/*:
1391		Change special settings per interface.
1392	
1393		The functional behaviour for certain settings is different
1394		depending on whether local forwarding is enabled or not.
1395	
1396	accept_ra - INTEGER
1397		Accept Router Advertisements; autoconfigure using them.
1398	
1399		It also determines whether or not to transmit Router
1400		Solicitations. If and only if the functional setting is to
1401		accept Router Advertisements, Router Solicitations will be
1402		transmitted.
1403	
1404		Possible values are:
1405			0 Do not accept Router Advertisements.
1406			1 Accept Router Advertisements if forwarding is disabled.
1407			2 Overrule forwarding behaviour. Accept Router Advertisements
1408			  even if forwarding is enabled.
1409	
1410		Functional default: enabled if local forwarding is disabled.
1411				    disabled if local forwarding is enabled.
1412	
1413	accept_ra_defrtr - BOOLEAN
1414		Learn default router in Router Advertisement.
1415	
1416		Functional default: enabled if accept_ra is enabled.
1417				    disabled if accept_ra is disabled.
1418	
1419	accept_ra_from_local - BOOLEAN
1420		Accept RA with source-address that is found on local machine
1421	        if the RA is otherwise proper and able to be accepted.
1422	        Default is to NOT accept these as it may be an un-intended
1423	        network loop.
1424	
1425		Functional default:
1426	           enabled if accept_ra_from_local is enabled
1427	               on a specific interface.
1428		   disabled if accept_ra_from_local is disabled
1429	               on a specific interface.
1430	
1431	accept_ra_min_hop_limit - INTEGER
1432		Minimum hop limit Information in Router Advertisement.
1433	
1434		Hop limit Information in Router Advertisement less than this
1435		variable shall be ignored.
1436	
1437		Default: 1
1438	
1439	accept_ra_pinfo - BOOLEAN
1440		Learn Prefix Information in Router Advertisement.
1441	
1442		Functional default: enabled if accept_ra is enabled.
1443				    disabled if accept_ra is disabled.
1444	
1445	accept_ra_rt_info_max_plen - INTEGER
1446		Maximum prefix length of Route Information in RA.
1447	
1448		Route Information w/ prefix larger than or equal to this
1449		variable shall be ignored.
1450	
1451		Functional default: 0 if accept_ra_rtr_pref is enabled.
1452				    -1 if accept_ra_rtr_pref is disabled.
1453	
1454	accept_ra_rtr_pref - BOOLEAN
1455		Accept Router Preference in RA.
1456	
1457		Functional default: enabled if accept_ra is enabled.
1458				    disabled if accept_ra is disabled.
1459	
1460	accept_ra_mtu - BOOLEAN
1461		Apply the MTU value specified in RA option 5 (RFC4861). If
1462		disabled, the MTU specified in the RA will be ignored.
1463	
1464		Functional default: enabled if accept_ra is enabled.
1465				    disabled if accept_ra is disabled.
1466	
1467	accept_redirects - BOOLEAN
1468		Accept Redirects.
1469	
1470		Functional default: enabled if local forwarding is disabled.
1471				    disabled if local forwarding is enabled.
1472	
1473	accept_source_route - INTEGER
1474		Accept source routing (routing extension header).
1475	
1476		>= 0: Accept only routing header type 2.
1477		< 0: Do not accept routing header.
1478	
1479		Default: 0
1480	
1481	autoconf - BOOLEAN
1482		Autoconfigure addresses using Prefix Information in Router
1483		Advertisements.
1484	
1485		Functional default: enabled if accept_ra_pinfo is enabled.
1486				    disabled if accept_ra_pinfo is disabled.
1487	
1488	dad_transmits - INTEGER
1489		The amount of Duplicate Address Detection probes to send.
1490		Default: 1
1491	
1492	forwarding - INTEGER
1493		Configure interface-specific Host/Router behaviour.
1494	
1495		Note: It is recommended to have the same setting on all
1496		interfaces; mixed router/host scenarios are rather uncommon.
1497	
1498		Possible values are:
1499			0 Forwarding disabled
1500			1 Forwarding enabled
1501	
1502		FALSE (0):
1503	
1504		By default, Host behaviour is assumed.  This means:
1505	
1506		1. IsRouter flag is not set in Neighbour Advertisements.
1507		2. If accept_ra is TRUE (default), transmit Router
1508		   Solicitations.
1509		3. If accept_ra is TRUE (default), accept Router
1510		   Advertisements (and do autoconfiguration).
1511		4. If accept_redirects is TRUE (default), accept Redirects.
1512	
1513		TRUE (1):
1514	
1515		If local forwarding is enabled, Router behaviour is assumed.
1516		This means exactly the reverse from the above:
1517	
1518		1. IsRouter flag is set in Neighbour Advertisements.
1519		2. Router Solicitations are not sent unless accept_ra is 2.
1520		3. Router Advertisements are ignored unless accept_ra is 2.
1521		4. Redirects are ignored.
1522	
1523		Default: 0 (disabled) if global forwarding is disabled (default),
1524			 otherwise 1 (enabled).
1525	
1526	hop_limit - INTEGER
1527		Default Hop Limit to set.
1528		Default: 64
1529	
1530	mtu - INTEGER
1531		Default Maximum Transfer Unit
1532		Default: 1280 (IPv6 required minimum)
1533	
1534	ip_nonlocal_bind - BOOLEAN
1535		If set, allows processes to bind() to non-local IPv6 addresses,
1536		which can be quite useful - but may break some applications.
1537		Default: 0
1538	
1539	router_probe_interval - INTEGER
1540		Minimum interval (in seconds) between Router Probing described
1541		in RFC4191.
1542	
1543		Default: 60
1544	
1545	router_solicitation_delay - INTEGER
1546		Number of seconds to wait after interface is brought up
1547		before sending Router Solicitations.
1548		Default: 1
1549	
1550	router_solicitation_interval - INTEGER
1551		Number of seconds to wait between Router Solicitations.
1552		Default: 4
1553	
1554	router_solicitations - INTEGER
1555		Number of Router Solicitations to send until assuming no
1556		routers are present.
1557		Default: 3
1558	
1559	use_oif_addrs_only - BOOLEAN
1560		When enabled, the candidate source addresses for destinations
1561		routed via this interface are restricted to the set of addresses
1562		configured on this interface (vis. RFC 6724, section 4).
1563	
1564		Default: false
1565	
1566	use_tempaddr - INTEGER
1567		Preference for Privacy Extensions (RFC3041).
1568		  <= 0 : disable Privacy Extensions
1569		  == 1 : enable Privacy Extensions, but prefer public
1570		         addresses over temporary addresses.
1571		  >  1 : enable Privacy Extensions and prefer temporary
1572		         addresses over public addresses.
1573		Default:  0 (for most devices)
1574			 -1 (for point-to-point devices and loopback devices)
1575	
1576	temp_valid_lft - INTEGER
1577		valid lifetime (in seconds) for temporary addresses.
1578		Default: 604800 (7 days)
1579	
1580	temp_prefered_lft - INTEGER
1581		Preferred lifetime (in seconds) for temporary addresses.
1582		Default: 86400 (1 day)
1583	
1584	keep_addr_on_down - INTEGER
1585		Keep all IPv6 addresses on an interface down event. If set static
1586		global addresses with no expiration time are not flushed.
1587		  >0 : enabled
1588		   0 : system default
1589		  <0 : disabled
1590	
1591		Default: 0 (addresses are removed)
1592	
1593	max_desync_factor - INTEGER
1594		Maximum value for DESYNC_FACTOR, which is a random value
1595		that ensures that clients don't synchronize with each
1596		other and generate new addresses at exactly the same time.
1597		value is in seconds.
1598		Default: 600
1599	
1600	regen_max_retry - INTEGER
1601		Number of attempts before give up attempting to generate
1602		valid temporary addresses.
1603		Default: 5
1604	
1605	max_addresses - INTEGER
1606		Maximum number of autoconfigured addresses per interface.  Setting
1607		to zero disables the limitation.  It is not recommended to set this
1608		value too large (or to zero) because it would be an easy way to
1609		crash the kernel by allowing too many addresses to be created.
1610		Default: 16
1611	
1612	disable_ipv6 - BOOLEAN
1613		Disable IPv6 operation.  If accept_dad is set to 2, this value
1614		will be dynamically set to TRUE if DAD fails for the link-local
1615		address.
1616		Default: FALSE (enable IPv6 operation)
1617	
1618		When this value is changed from 1 to 0 (IPv6 is being enabled),
1619		it will dynamically create a link-local address on the given
1620		interface and start Duplicate Address Detection, if necessary.
1621	
1622		When this value is changed from 0 to 1 (IPv6 is being disabled),
1623		it will dynamically delete all address on the given interface.
1624	
1625	accept_dad - INTEGER
1626		Whether to accept DAD (Duplicate Address Detection).
1627		0: Disable DAD
1628		1: Enable DAD (default)
1629		2: Enable DAD, and disable IPv6 operation if MAC-based duplicate
1630		   link-local address has been found.
1631	
1632	force_tllao - BOOLEAN
1633		Enable sending the target link-layer address option even when
1634		responding to a unicast neighbor solicitation.
1635		Default: FALSE
1636	
1637		Quoting from RFC 2461, section 4.4, Target link-layer address:
1638	
1639		"The option MUST be included for multicast solicitations in order to
1640		avoid infinite Neighbor Solicitation "recursion" when the peer node
1641		does not have a cache entry to return a Neighbor Advertisements
1642		message.  When responding to unicast solicitations, the option can be
1643		omitted since the sender of the solicitation has the correct link-
1644		layer address; otherwise it would not have be able to send the unicast
1645		solicitation in the first place. However, including the link-layer
1646		address in this case adds little overhead and eliminates a potential
1647		race condition where the sender deletes the cached link-layer address
1648		prior to receiving a response to a previous solicitation."
1649	
1650	ndisc_notify - BOOLEAN
1651		Define mode for notification of address and device changes.
1652		0 - (default): do nothing
1653		1 - Generate unsolicited neighbour advertisements when device is brought
1654		    up or hardware address changes.
1655	
1656	mldv1_unsolicited_report_interval - INTEGER
1657		The interval in milliseconds in which the next unsolicited
1658		MLDv1 report retransmit will take place.
1659		Default: 10000 (10 seconds)
1660	
1661	mldv2_unsolicited_report_interval - INTEGER
1662		The interval in milliseconds in which the next unsolicited
1663		MLDv2 report retransmit will take place.
1664		Default: 1000 (1 second)
1665	
1666	force_mld_version - INTEGER
1667		0 - (default) No enforcement of a MLD version, MLDv1 fallback allowed
1668		1 - Enforce to use MLD version 1
1669		2 - Enforce to use MLD version 2
1670	
1671	suppress_frag_ndisc - INTEGER
1672		Control RFC 6980 (Security Implications of IPv6 Fragmentation
1673		with IPv6 Neighbor Discovery) behavior:
1674		1 - (default) discard fragmented neighbor discovery packets
1675		0 - allow fragmented neighbor discovery packets
1676	
1677	optimistic_dad - BOOLEAN
1678		Whether to perform Optimistic Duplicate Address Detection (RFC 4429).
1679			0: disabled (default)
1680			1: enabled
1681	
1682	use_optimistic - BOOLEAN
1683		If enabled, do not classify optimistic addresses as deprecated during
1684		source address selection.  Preferred addresses will still be chosen
1685		before optimistic addresses, subject to other ranking in the source
1686		address selection algorithm.
1687			0: disabled (default)
1688			1: enabled
1689	
1690	stable_secret - IPv6 address
1691		This IPv6 address will be used as a secret to generate IPv6
1692		addresses for link-local addresses and autoconfigured
1693		ones. All addresses generated after setting this secret will
1694		be stable privacy ones by default. This can be changed via the
1695		addrgenmode ip-link. conf/default/stable_secret is used as the
1696		secret for the namespace, the interface specific ones can
1697		overwrite that. Writes to conf/all/stable_secret are refused.
1698	
1699		It is recommended to generate this secret during installation
1700		of a system and keep it stable after that.
1701	
1702		By default the stable secret is unset.
1703	
1704	drop_unicast_in_l2_multicast - BOOLEAN
1705		Drop any unicast IPv6 packets that are received in link-layer
1706		multicast (or broadcast) frames.
1707	
1708		By default this is turned off.
1709	
1710	drop_unsolicited_na - BOOLEAN
1711		Drop all unsolicited neighbor advertisements, for example if there's
1712		a known good NA proxy on the network and such frames need not be used
1713		(or in the case of 802.11, must not be used to prevent attacks.)
1714	
1715		By default this is turned off.
1716	
1717	icmp/*:
1718	ratelimit - INTEGER
1719		Limit the maximal rates for sending ICMPv6 packets.
1720		0 to disable any limiting,
1721		otherwise the minimal space between responses in milliseconds.
1722		Default: 1000
1723	
1724	xfrm6_gc_thresh - INTEGER
1725		The threshold at which we will start garbage collecting for IPv6
1726		destination cache entries.  At twice this value the system will
1727		refuse new allocations. The value must be set below the flowcache
1728		limit (4096 * number of online cpus) to take effect.
1729	
1730	
1731	IPv6 Update by:
1732	Pekka Savola <pekkas@netcore.fi>
1733	YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
1734	
1735	
1736	/proc/sys/net/bridge/* Variables:
1737	
1738	bridge-nf-call-arptables - BOOLEAN
1739		1 : pass bridged ARP traffic to arptables' FORWARD chain.
1740		0 : disable this.
1741		Default: 1
1742	
1743	bridge-nf-call-iptables - BOOLEAN
1744		1 : pass bridged IPv4 traffic to iptables' chains.
1745		0 : disable this.
1746		Default: 1
1747	
1748	bridge-nf-call-ip6tables - BOOLEAN
1749		1 : pass bridged IPv6 traffic to ip6tables' chains.
1750		0 : disable this.
1751		Default: 1
1752	
1753	bridge-nf-filter-vlan-tagged - BOOLEAN
1754		1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
1755		0 : disable this.
1756		Default: 0
1757	
1758	bridge-nf-filter-pppoe-tagged - BOOLEAN
1759		1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
1760		0 : disable this.
1761		Default: 0
1762	
1763	bridge-nf-pass-vlan-input-dev - BOOLEAN
1764		1: if bridge-nf-filter-vlan-tagged is enabled, try to find a vlan
1765		interface on the bridge and set the netfilter input device to the vlan.
1766		This allows use of e.g. "iptables -i br0.1" and makes the REDIRECT
1767		target work with vlan-on-top-of-bridge interfaces.  When no matching
1768		vlan interface is found, or this switch is off, the input device is
1769		set to the bridge interface.
1770		0: disable bridge netfilter vlan interface lookup.
1771		Default: 0
1772	
1773	proc/sys/net/sctp/* Variables:
1774	
1775	addip_enable - BOOLEAN
1776		Enable or disable extension of  Dynamic Address Reconfiguration
1777		(ADD-IP) functionality specified in RFC5061.  This extension provides
1778		the ability to dynamically add and remove new addresses for the SCTP
1779		associations.
1780	
1781		1: Enable extension.
1782	
1783		0: Disable extension.
1784	
1785		Default: 0
1786	
1787	pf_enable - INTEGER
1788		Enable or disable pf (pf is short for potentially failed) state. A value
1789		of pf_retrans > path_max_retrans also disables pf state. That is, one of
1790		both pf_enable and pf_retrans > path_max_retrans can disable pf state.
1791		Since pf_retrans and path_max_retrans can be changed by userspace
1792		application, sometimes user expects to disable pf state by the value of
1793		pf_retrans > path_max_retrans, but occasionally the value of pf_retrans
1794		or path_max_retrans is changed by the user application, this pf state is
1795		enabled. As such, it is necessary to add this to dynamically enable
1796		and disable pf state. See:
1797		https://datatracker.ietf.org/doc/draft-ietf-tsvwg-sctp-failover for
1798		details.
1799	
1800		1: Enable pf.
1801	
1802		0: Disable pf.
1803	
1804		Default: 1
1805	
1806	addip_noauth_enable - BOOLEAN
1807		Dynamic Address Reconfiguration (ADD-IP) requires the use of
1808		authentication to protect the operations of adding or removing new
1809		addresses.  This requirement is mandated so that unauthorized hosts
1810		would not be able to hijack associations.  However, older
1811		implementations may not have implemented this requirement while
1812		allowing the ADD-IP extension.  For reasons of interoperability,
1813		we provide this variable to control the enforcement of the
1814		authentication requirement.
1815	
1816		1: Allow ADD-IP extension to be used without authentication.  This
1817		   should only be set in a closed environment for interoperability
1818		   with older implementations.
1819	
1820		0: Enforce the authentication requirement
1821	
1822		Default: 0
1823	
1824	auth_enable - BOOLEAN
1825		Enable or disable Authenticated Chunks extension.  This extension
1826		provides the ability to send and receive authenticated chunks and is
1827		required for secure operation of Dynamic Address Reconfiguration
1828		(ADD-IP) extension.
1829	
1830		1: Enable this extension.
1831		0: Disable this extension.
1832	
1833		Default: 0
1834	
1835	prsctp_enable - BOOLEAN
1836		Enable or disable the Partial Reliability extension (RFC3758) which
1837		is used to notify peers that a given DATA should no longer be expected.
1838	
1839		1: Enable extension
1840		0: Disable
1841	
1842		Default: 1
1843	
1844	max_burst - INTEGER
1845		The limit of the number of new packets that can be initially sent.  It
1846		controls how bursty the generated traffic can be.
1847	
1848		Default: 4
1849	
1850	association_max_retrans - INTEGER
1851		Set the maximum number for retransmissions that an association can
1852		attempt deciding that the remote end is unreachable.  If this value
1853		is exceeded, the association is terminated.
1854	
1855		Default: 10
1856	
1857	max_init_retransmits - INTEGER
1858		The maximum number of retransmissions of INIT and COOKIE-ECHO chunks
1859		that an association will attempt before declaring the destination
1860		unreachable and terminating.
1861	
1862		Default: 8
1863	
1864	path_max_retrans - INTEGER
1865		The maximum number of retransmissions that will be attempted on a given
1866		path.  Once this threshold is exceeded, the path is considered
1867		unreachable, and new traffic will use a different path when the
1868		association is multihomed.
1869	
1870		Default: 5
1871	
1872	pf_retrans - INTEGER
1873		The number of retransmissions that will be attempted on a given path
1874		before traffic is redirected to an alternate transport (should one
1875		exist).  Note this is distinct from path_max_retrans, as a path that
1876		passes the pf_retrans threshold can still be used.  Its only
1877		deprioritized when a transmission path is selected by the stack.  This
1878		setting is primarily used to enable fast failover mechanisms without
1879		having to reduce path_max_retrans to a very low value.  See:
1880		http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
1881		for details.  Note also that a value of pf_retrans > path_max_retrans
1882		disables this feature. Since both pf_retrans and path_max_retrans can
1883		be changed by userspace application, a variable pf_enable is used to
1884		disable pf state.
1885	
1886		Default: 0
1887	
1888	rto_initial - INTEGER
1889		The initial round trip timeout value in milliseconds that will be used
1890		in calculating round trip times.  This is the initial time interval
1891		for retransmissions.
1892	
1893		Default: 3000
1894	
1895	rto_max - INTEGER
1896		The maximum value (in milliseconds) of the round trip timeout.  This
1897		is the largest time interval that can elapse between retransmissions.
1898	
1899		Default: 60000
1900	
1901	rto_min - INTEGER
1902		The minimum value (in milliseconds) of the round trip timeout.  This
1903		is the smallest time interval the can elapse between retransmissions.
1904	
1905		Default: 1000
1906	
1907	hb_interval - INTEGER
1908		The interval (in milliseconds) between HEARTBEAT chunks.  These chunks
1909		are sent at the specified interval on idle paths to probe the state of
1910		a given path between 2 associations.
1911	
1912		Default: 30000
1913	
1914	sack_timeout - INTEGER
1915		The amount of time (in milliseconds) that the implementation will wait
1916		to send a SACK.
1917	
1918		Default: 200
1919	
1920	valid_cookie_life - INTEGER
1921		The default lifetime of the SCTP cookie (in milliseconds).  The cookie
1922		is used during association establishment.
1923	
1924		Default: 60000
1925	
1926	cookie_preserve_enable - BOOLEAN
1927		Enable or disable the ability to extend the lifetime of the SCTP cookie
1928		that is used during the establishment phase of SCTP association
1929	
1930		1: Enable cookie lifetime extension.
1931		0: Disable
1932	
1933		Default: 1
1934	
1935	cookie_hmac_alg - STRING
1936		Select the hmac algorithm used when generating the cookie value sent by
1937		a listening sctp socket to a connecting client in the INIT-ACK chunk.
1938		Valid values are:
1939		* md5
1940		* sha1
1941		* none
1942		Ability to assign md5 or sha1 as the selected alg is predicated on the
1943		configuration of those algorithms at build time (CONFIG_CRYPTO_MD5 and
1944		CONFIG_CRYPTO_SHA1).
1945	
1946		Default: Dependent on configuration.  MD5 if available, else SHA1 if
1947		available, else none.
1948	
1949	rcvbuf_policy - INTEGER
1950		Determines if the receive buffer is attributed to the socket or to
1951		association.   SCTP supports the capability to create multiple
1952		associations on a single socket.  When using this capability, it is
1953		possible that a single stalled association that's buffering a lot
1954		of data may block other associations from delivering their data by
1955		consuming all of the receive buffer space.  To work around this,
1956		the rcvbuf_policy could be set to attribute the receiver buffer space
1957		to each association instead of the socket.  This prevents the described
1958		blocking.
1959	
1960		1: rcvbuf space is per association
1961		0: rcvbuf space is per socket
1962	
1963		Default: 0
1964	
1965	sndbuf_policy - INTEGER
1966		Similar to rcvbuf_policy above, this applies to send buffer space.
1967	
1968		1: Send buffer is tracked per association
1969		0: Send buffer is tracked per socket.
1970	
1971		Default: 0
1972	
1973	sctp_mem - vector of 3 INTEGERs: min, pressure, max
1974		Number of pages allowed for queueing by all SCTP sockets.
1975	
1976		min: Below this number of pages SCTP is not bothered about its
1977		memory appetite. When amount of memory allocated by SCTP exceeds
1978		this number, SCTP starts to moderate memory usage.
1979	
1980		pressure: This value was introduced to follow format of tcp_mem.
1981	
1982		max: Number of pages allowed for queueing by all SCTP sockets.
1983	
1984		Default is calculated at boot time from amount of available memory.
1985	
1986	sctp_rmem - vector of 3 INTEGERs: min, default, max
1987		Only the first value ("min") is used, "default" and "max" are
1988		ignored.
1989	
1990		min: Minimal size of receive buffer used by SCTP socket.
1991		It is guaranteed to each SCTP socket (but not association) even
1992		under moderate memory pressure.
1993	
1994		Default: 1 page
1995	
1996	sctp_wmem  - vector of 3 INTEGERs: min, default, max
1997		Currently this tunable has no effect.
1998	
1999	addr_scope_policy - INTEGER
2000		Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
2001	
2002		0   - Disable IPv4 address scoping
2003		1   - Enable IPv4 address scoping
2004		2   - Follow draft but allow IPv4 private addresses
2005		3   - Follow draft but allow IPv4 link local addresses
2006	
2007		Default: 1
2008	
2009	
2010	/proc/sys/net/core/*
2011		Please see: Documentation/sysctl/net.txt for descriptions of these entries.
2012	
2013	
2014	/proc/sys/net/unix/*
2015	max_dgram_qlen - INTEGER
2016		The maximum length of dgram socket receive queue
2017	
2018		Default: 10
2019	
2020	
2021	UNDOCUMENTED:
2022	
2023	/proc/sys/net/irda/*
2024		fast_poll_increase FIXME
2025		warn_noreply_time FIXME
2026		discovery_slots FIXME
2027		slot_timeout FIXME
2028		max_baud_rate FIXME
2029		discovery_timeout FIXME
2030		lap_keepalive_time FIXME
2031		max_noreply_time FIXME
2032		max_tx_data_size FIXME
2033		max_tx_window FIXME
2034		min_tx_turn_time FIXME
Hide Line Numbers
About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Information is copyright its respective author. All material is available from the Linux Kernel Source distributed under a GPL License. This page is provided as a free service by mjmwired.net.