ip-sysctl.txt

来自「Linux Kernel 2.6.9 for OMAP1710」· 文本 代码 · 共 873 行 · 第 1/2 页

/proc/sys/net/ipv4/* Variables:

ip_forward - BOOLEAN
	0 - disabled (default)
	not 0 - enabled 

	Forward Packets between interfaces.

	This variable is special, its change resets all configuration
	parameters to their default state (RFC1122 for hosts, RFC1812
	for routers)

ip_default_ttl - INTEGER
	default 64

ip_no_pmtu_disc - BOOLEAN
	Disable Path MTU Discovery.
	default FALSE

min_pmtu - INTEGER
	default 562 - minimum discovered Path MTU

mtu_expires - INTEGER
	Time, in seconds, that cached PMTU information is kept.

min_adv_mss - INTEGER
	The advertised MSS depends on the first hop route MTU, but will
	never be lower than this setting.

IP Fragmentation:

ipfrag_high_thresh - INTEGER
	Maximum memory used to reassemble IP fragments. When 
	ipfrag_high_thresh bytes of memory is allocated for this purpose,
	the fragment handler will toss packets until ipfrag_low_thresh
	is reached.
	
ipfrag_low_thresh - INTEGER
	See ipfrag_high_thresh	

ipfrag_time - INTEGER
	Time in seconds to keep an IP fragment in memory.	

ipfrag_secret_interval - INTEGER
	Regeneration interval (in seconds) of the hash secret (or lifetime 
	for the hash secret) for IP fragments.
	Default: 600

INET peer storage:

inet_peer_threshold - INTEGER
	The approximate size of the storage.  Starting from this threshold	
	entries will be thrown aggressively.  This threshold also determines
	entries' time-to-live and time intervals between garbage collection
	passes.  More entries, less time-to-live, less GC interval.

inet_peer_minttl - INTEGER
	Minimum time-to-live of entries.  Should be enough to cover fragment
	time-to-live on the reassembling side.  This minimum time-to-live  is
	guaranteed if the pool size is less than inet_peer_threshold.
	Measured in jiffies(1).

inet_peer_maxttl - INTEGER
	Maximum time-to-live of entries.  Unused entries will expire after
	this period of time if there is no memory pressure on the pool (i.e.
	when the number of entries in the pool is very small).
	Measured in jiffies(1).

inet_peer_gc_mintime - INTEGER
	Minimum interval between garbage collection passes.  This interval is
	in effect under high memory pressure on the pool.
	Measured in jiffies(1).

inet_peer_gc_maxtime - INTEGER
	Minimum interval between garbage collection passes.  This interval is
	in effect under low (or absent) memory pressure on the pool.
	Measured in jiffies(1).

TCP variables: 

tcp_syn_retries - INTEGER
	Number of times initial SYNs for an active TCP connection attempt
	will be retransmitted. Should not be higher than 255. Default value
	is 5, which corresponds to ~180seconds.

tcp_synack_retries - INTEGER
	Number of times SYNACKs for a passive TCP connection attempt will
	be retransmitted. Should not be higher than 255. Default value
	is 5, which corresponds to ~180seconds.

tcp_keepalive_time - INTEGER
	How often TCP sends out keepalive messages when keepalive is enabled.
	Default: 2hours.

tcp_keepalive_probes - INTEGER
	How many keepalive probes TCP sends out, until it decides that the
	connection is broken. Default value: 9.

tcp_keepalive_intvl - INTEGER
	How frequently the probes are send out. Multiplied by
	tcp_keepalive_probes it is time to kill not responding connection,
	after probes started. Default value: 75sec i.e. connection
	will be aborted after ~11 minutes of retries.

tcp_retries1 - INTEGER
	How many times to retry before deciding that something is wrong
	and it is necessary to report this suspicion to network layer.
	Minimal RFC value is 3, it is default, which corresponds
	to ~3sec-8min depending on RTO.

tcp_retries2 - INTEGER
	How may times to retry before killing alive TCP connection.
	RFC1122 says that the limit should be longer than 100 sec.
	It is too small number.	Default value 15 corresponds to ~13-30min
	depending on RTO.

tcp_orphan_retries - INTEGER
	How may times to retry before killing TCP connection, closed
	by our side. Default value 7 corresponds to ~50sec-16min
	depending on RTO. If you machine is loaded WEB server,
	you should think about lowering this value, such sockets
	may consume significant resources. Cf. tcp_max_orphans.

tcp_fin_timeout - INTEGER
	Time to hold socket in state FIN-WAIT-2, if it was closed
	by our side. Peer can be broken and never close its side,
	or even died unexpectedly. Default value is 60sec.
	Usual value used in 2.2 was 180 seconds, you may restore
	it, but remember that if your machine is even underloaded WEB server,
	you risk to overflow memory with kilotons of dead sockets,
	FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1,
	because they eat maximum 1.5K of memory, but they tend
	to live longer.	Cf. tcp_max_orphans.

tcp_max_tw_buckets - INTEGER
	Maximal number of timewait sockets held by system simultaneously.
	If this number is exceeded time-wait socket is immediately destroyed
	and warning is printed. This limit exists only to prevent
	simple DoS attacks, you _must_ not lower the limit artificially,
	but rather increase it (probably, after increasing installed memory),
	if network conditions require more than default value.

tcp_tw_recycle - BOOLEAN
	Enable fast recycling TIME-WAIT sockets. Default value is 0.
	It should not be changed without advice/request of technical
	experts.

tcp_tw_reuse - BOOLEAN
	Allow to reuse TIME-WAIT sockets for new connections when it is
	safe from protocol viewpoint. Default value is 0.
	It should not be changed without advice/request of technical
	experts.

tcp_max_orphans - INTEGER
	Maximal number of TCP sockets not attached to any user file handle,
	held by system.	If this number is exceeded orphaned connections are
	reset immediately and warning is printed. This limit exists
	only to prevent simple DoS attacks, you _must_ not rely on this
	or lower the limit artificially, but rather increase it
	(probably, after increasing installed memory),
	if network conditions require more than default value,
	and tune network services to linger and kill such states
	more aggressively. Let me to remind again: each orphan eats
	up to ~64K of unswappable memory.

tcp_abort_on_overflow - BOOLEAN
	If listening service is too slow to accept new connections,
	reset them. Default state is FALSE. It means that if overflow
	occurred due to a burst, connection will recover. Enable this
	option _only_ if you are really sure that listening daemon
	cannot be tuned to accept connections faster. Enabling this
	option can harm clients of your server.

tcp_syncookies - BOOLEAN
	Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
	Send out syncookies when the syn backlog queue of a socket 
	overflows. This is to prevent against the common 'syn flood attack'
	Default: FALSE

	Note, that syncookies is fallback facility.
	It MUST NOT be used to help highly loaded servers to stand
	against legal connection rate. If you see synflood warnings
	in your logs, but investigation	shows that they occur
	because of overload with legal connections, you should tune
	another parameters until this warning disappear.
	See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.

	syncookies seriously violate TCP protocol, do not allow
	to use TCP extensions, can result in serious degradation
	of some services (f.e. SMTP relaying), visible not by you,
	but your clients and relays, contacting you. While you see
	synflood warnings in logs not being really flooded, your server
	is seriously misconfigured.

tcp_stdurg - BOOLEAN
	Use the Host requirements interpretation of the TCP urg pointer field.
	Most hosts use the older BSD interpretation, so if you turn this on
	Linux might not communicate correctly with them.	
	Default: FALSE 
	
tcp_max_syn_backlog - INTEGER
	Maximal number of remembered connection requests, which are
	still did not receive an acknowledgment from connecting client.
	Default value is 1024 for systems with more than 128Mb of memory,
	and 128 for low memory machines. If server suffers of overload,
	try to increase this number.

tcp_window_scaling - BOOLEAN
	Enable window scaling as defined in RFC1323.

tcp_timestamps - BOOLEAN
	Enable timestamps as defined in RFC1323.

tcp_sack - BOOLEAN
	Enable select acknowledgments (SACKS).

tcp_fack - BOOLEAN
	Enable FACK congestion avoidance and fast retransmission.
	The value is not used, if tcp_sack is not enabled.

tcp_dsack - BOOLEAN
	Allows TCP to send "duplicate" SACKs.

tcp_ecn - BOOLEAN
	Enable Explicit Congestion Notification in TCP.

tcp_reordering - INTEGER
	Maximal reordering of packets in a TCP stream.
	Default: 3	

tcp_retrans_collapse - BOOLEAN
	Bug-to-bug compatibility with some broken printers.
	On retransmit try to send bigger packets to work around bugs in
	certain TCP stacks.

tcp_wmem - vector of 3 INTEGERs: min, default, max
	min: Amount of memory reserved for send buffers for TCP socket.
	Each TCP socket has rights to use it due to fact of its birth.
	Default: 4K

	default: Amount of memory allowed for send buffers for TCP socket
	by default. This value overrides net.core.wmem_default used
	by other protocols, it is usually lower than net.core.wmem_default.
	Default: 16K

	max: Maximal amount of memory allowed for automatically selected
	send buffers for TCP socket. This value does not override
	net.core.wmem_max, "static" selection via SO_SNDBUF does not use this.
	Default: 128K

tcp_rmem - vector of 3 INTEGERs: min, default, max
	min: Minimal size of receive buffer used by TCP sockets.
	It is guaranteed to each TCP socket, even under moderate memory
	pressure.
	Default: 8K

	default: default size of receive buffer used by TCP sockets.
	This value overrides net.core.rmem_default used by other protocols.
	Default: 87380 bytes. This value results in window of 65535 with
	default setting of tcp_adv_win_scale and tcp_app_win:0 and a bit
	less for default tcp_app_win. See below about these variables.

	max: maximal size of receive buffer allowed for automatically
	selected receiver buffers for TCP socket. This value does not override
	net.core.rmem_max, "static" selection via SO_RCVBUF does not use this.
	Default: 87380*2 bytes.

tcp_mem - vector of 3 INTEGERs: min, pressure, max
	low: below this number of pages TCP is not bothered about its
	memory appetite.

	pressure: when amount of memory allocated by TCP exceeds this number
	of pages, TCP moderates its memory consumption and enters memory
	pressure mode, which is exited when memory consumption falls
	under "low".

	high: number of pages allowed for queueing by all TCP sockets.

	Defaults are calculated at boot time from amount of available
	memory.

tcp_app_win - INTEGER
	Reserve max(window/2^tcp_app_win, mss) of window for application
	buffer. Value 0 is special, it means that nothing is reserved.
	Default: 31

tcp_adv_win_scale - INTEGER
	Count buffering overhead as bytes/2^tcp_adv_win_scale
	(if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
	if it is <= 0.
	Default: 2

tcp_rfc1337 - BOOLEAN
	If set, the TCP stack behaves conforming to RFC1337. If unset,
	we are not conforming to RFC, but prevent TCP TIME_WAIT
	assassination.   
	Default: 0

tcp_low_latency - BOOLEAN
	If set, the TCP stack makes decisions that prefer lower
	latency as opposed to higher throughput.  By default, this
	option is not set meaning that higher throughput is preferred.
	An example of an application where this default should be
	changed would be a Beowulf compute cluster.
	Default: 0

tcp_westwood - BOOLEAN
        Enable TCP Westwood+ congestion control algorithm.
	TCP Westwood+ is a sender-side only modification of the TCP Reno 
	protocol stack that optimizes the performance of TCP congestion 
	control. It is based on end-to-end bandwidth estimation to set 
	congestion window and slow start threshold after a congestion 
	episode. Using this estimation, TCP Westwood+ adaptively sets a 
	slow start threshold and a congestion window which takes into 
	account the bandwidth used  at the time congestion is experienced. 
	TCP Westwood+ significantly increases fairness wrt TCP Reno in 
	wired networks and throughput over wireless links.   
        Default: 0

tcp_vegas_cong_avoid - BOOLEAN
	Enable TCP Vegas congestion avoidance algorithm.
	TCP Vegas is a sender-side only change to TCP that anticipates
	the onset of congestion by estimating the bandwidth. TCP Vegas
	adjusts the sending rate by modifying the congestion
	window. TCP Vegas should provide less packet loss, but it is
	not as aggressive as TCP Reno.
	Default:0

tcp_bic - BOOLEAN
	Enable BIC TCP congestion control algorithm.
	BIC-TCP is a sender-side only change that ensures a linear RTT
	fairness under large windows while offering both scalability and
	bounded TCP-friendliness. The protocol combines two schemes
	called additive increase and binary search increase. When the
	congestion window is large, additive increase with a large
	increment ensures linear RTT fairness as well as good
	scalability. Under small congestion windows, binary search
	increase provides TCP friendliness.
	Default: 0

tcp_bic_low_window - INTEGER
	Sets the threshold window (in packets) where BIC TCP starts to
	adjust the congestion window. Below this threshold BIC TCP behaves
	the same as the default TCP Reno. 
	Default: 14

tcp_bic_fast_convergence - BOOLEAN
	Forces BIC TCP to more quickly respond to changes in congestion
	window. Allows two flows sharing the same connection to converge
	more rapidly.
	Default: 1

tcp_default_win_scale - INTEGER
	Sets the minimum window scale TCP will negotiate for on all
	conections.
	Default: 7


tcp_frto - BOOLEAN
	Enables F-RTO, an enhanced recovery algorithm for TCP retransmission
	timeouts.  It is particularly beneficial in wireless environments
	where packet loss is typically due to random radio interference
	rather than intermediate router congestion.

somaxconn - INTEGER
	Limit of socket listen() backlog, known in userspace as SOMAXCONN.
	Defaults to 128.  See also tcp_max_syn_backlog for additional tuning
	for TCP sockets.

IP Variables:

ip_local_port_range - 2 INTEGERS
	Defines the local port range that is used by TCP and UDP to
	choose the local port. The first number is the first, the 
	second the last local port number. Default value depends on
	amount of memory available on the system:
	> 128Mb 32768-61000
	< 128Mb 1024-4999 or even less.
	This number defines number of active connections, which this
	system can issue simultaneously to systems not supporting
	TCP extensions (timestamps). With tcp_tw_recycle enabled
	(i.e. by default) range 1024-4999 is enough to issue up to
	2000 connections per second to systems supporting timestamps.

ip_nonlocal_bind - BOOLEAN
	If set, allows processes to bind() to non-local IP addresses,
	which can be quite useful - but may break some applications.
	Default: 0

ip_dynaddr - BOOLEAN
	If set non-zero, enables support for dynamic addresses.
	If set to a non-zero value larger than 1, a kernel log
	message will be printed when dynamic address rewriting
	occurs.
	Default: 0

icmp_echo_ignore_all - BOOLEAN
icmp_echo_ignore_broadcasts - BOOLEAN
	If either is set to true, then the kernel will ignore either all
	ICMP ECHO requests sent to it or just those to broadcast/multicast
	addresses, respectively.

icmp_ratelimit - INTEGER
	Limit the maximal rates for sending ICMP packets whose type matches
	icmp_ratemask (see below) to specific targets.
	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
	Default: 100

icmp_ratemask - INTEGER
	Mask made of ICMP types for which rates are being limited.
	Significant bits: IHGFEDCBA9876543210
	Default mask:     0000001100000011000 (6168)

	Bit definitions (see include/linux/icmp.h):
		0 Echo Reply
		3 Destination Unreachable *
		4 Source Quench *
		5 Redirect
		8 Echo Request
		B Time Exceeded *
		C Parameter Problem *
		D Timestamp Request
		E Timestamp Reply
		F Info Request
		G Info Reply
		H Address Mask Request
		I Address Mask Reply

	* These are rate limited by default (see default mask above)

icmp_ignore_bogus_error_responses - BOOLEAN
	Some routers violate RFC1122 by sending bogus responses to broadcast
	frames.  Such violations are normally logged via a kernel warning.
	If this is set to TRUE, the kernel will not give such warnings, which
	will avoid log file clutter.
	Default: FALSE