ip-sysctl.txt

来自「Linux Kernel 2.6.9 for OMAP1710」· 文本 代码 · 共 873 行 · 第 1/2 页

igmp_max_memberships - INTEGER
	Change the maximum number of multicast groups we can subscribe to.
	Default: 20

conf/interface/*  changes special settings per interface (where "interface" is 
		  the name of your network interface)
conf/all/*	  is special, changes the settings for all interfaces


log_martians - BOOLEAN
	Log packets with impossible addresses to kernel log.
	log_martians for the interface will be enabled if at least one of
	conf/{all,interface}/log_martians is set to TRUE,
	it will be disabled otherwise

accept_redirects - BOOLEAN
	Accept ICMP redirect messages.
	accept_redirects for the interface will be enabled if:
	- both conf/{all,interface}/accept_redirects are TRUE in the case forwarding
	  for the interface is enabled
	or
	- at least one of conf/{all,interface}/accept_redirects is TRUE in the case
	  forwarding for the interface is disabled
	accept_redirects for the interface will be disabled otherwise
	default TRUE (host)
		FALSE (router)

forwarding - BOOLEAN
	Enable IP forwarding on this interface.

mc_forwarding - BOOLEAN
	Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
	and a multicast routing daemon is required.
	conf/all/mc_forwarding must also be set to TRUE to enable multicast routing
	for the interface

medium_id - INTEGER
	Integer value used to differentiate the devices by the medium they
	are attached to. Two devices can have different id values when
	the broadcast packets are received only on one of them.
	The default value 0 means that the device is the only interface
	to its medium, value of -1 means that medium is not known.
	
	Currently, it is used to change the proxy_arp behavior:
	the proxy_arp feature is enabled for packets forwarded between
	two devices attached to different media.

proxy_arp - BOOLEAN
	Do proxy arp.
	proxy_arp for the interface will be enabled if at least one of
	conf/{all,interface}/proxy_arp is set to TRUE,
	it will be disabled otherwise

shared_media - BOOLEAN
	Send(router) or accept(host) RFC1620 shared media redirects.
	Overrides ip_secure_redirects.
	shared_media for the interface will be enabled if at least one of
	conf/{all,interface}/shared_media is set to TRUE,
	it will be disabled otherwise
	default TRUE

secure_redirects - BOOLEAN
	Accept ICMP redirect messages only for gateways,
	listed in default gateway list.
	secure_redirects for the interface will be enabled if at least one of
	conf/{all,interface}/secure_redirects is set to TRUE,
	it will be disabled otherwise
	default TRUE

send_redirects - BOOLEAN
	Send redirects, if router.
	send_redirects for the interface will be enabled if at least one of
	conf/{all,interface}/send_redirects is set to TRUE,
	it will be disabled otherwise
	Default: TRUE

bootp_relay - BOOLEAN
	Accept packets with source address 0.b.c.d destined
	not to this host as local ones. It is supposed, that
	BOOTP relay daemon will catch and forward such packets.
	conf/all/bootp_relay must also be set to TRUE to enable BOOTP relay
	for the interface
	default FALSE
	Not Implemented Yet.

accept_source_route - BOOLEAN
	Accept packets with SRR option.
	conf/all/accept_source_route must also be set to TRUE to accept packets
	with SRR option on the interface
	default TRUE (router)
		FALSE (host)

rp_filter - BOOLEAN
	1 - do source validation by reversed path, as specified in RFC1812
	    Recommended option for single homed hosts and stub network
	    routers. Could cause troubles for complicated (not loop free)
	    networks running a slow unreliable protocol (sort of RIP),
	    or using static routes.

	0 - No source validation.

	conf/all/rp_filter must also be set to TRUE to do source validation
	on the interface

	Default value is 0. Note that some distributions enable it
	in startup scripts.

arp_filter - BOOLEAN
	1 - Allows you to have multiple network interfaces on the same
	subnet, and have the ARPs for each interface be answered
	based on whether or not the kernel would route a packet from
	the ARP'd IP out that interface (therefore you must use source
	based routing for this to work). In other words it allows control
	of which cards (usually 1) will respond to an arp request.

	0 - (default) The kernel can respond to arp requests with addresses
	from other interfaces. This may seem wrong but it usually makes
	sense, because it increases the chance of successful communication.
	IP addresses are owned by the complete host on Linux, not by
	particular interfaces. Only for more complex setups like load-
	balancing, does this behaviour cause problems.

	arp_filter for the interface will be enabled if at least one of
	conf/{all,interface}/arp_filter is set to TRUE,
	it will be disabled otherwise

arp_announce - INTEGER
	Define different restriction levels for announcing the local
	source IP address from IP packets in ARP requests sent on
	interface:
	0 - (default) Use any local address, configured on any interface
	1 - Try to avoid local addresses that are not in the target's
	subnet for this interface. This mode is useful when target
	hosts reachable via this interface require the source IP
	address in ARP requests to be part of their logical network
	configured on the receiving interface. When we generate the
	request we will check all our subnets that include the
	target IP and will preserve the source address if it is from
	such subnet. If there is no such subnet we select source
	address according to the rules for level 2.
	2 - Always use the best local address for this target.
	In this mode we ignore the source address in the IP packet
	and try to select local address that we prefer for talks with
	the target host. Such local address is selected by looking
	for primary IP addresses on all our subnets on the outgoing
	interface that include the target IP address. If no suitable
	local address is found we select the first local address
	we have on the outgoing interface or on all other interfaces,
	with the hope we will receive reply for our request and
	even sometimes no matter the source IP address we announce.

	The max value from conf/{all,interface}/arp_announce is used.

	Increasing the restriction level gives more chance for
	receiving answer from the resolved target while decreasing
	the level announces more valid sender's information.

arp_ignore - INTEGER
	Define different modes for sending replies in response to
	received ARP requests that resolve local target IP addresses:
	0 - (default): reply for any local target IP address, configured
	on any interface
	1 - reply only if the target IP address is local address
	configured on the incoming interface
	2 - reply only if the target IP address is local address
	configured on the incoming interface and both with the
	sender's IP address are part from same subnet on this interface
	3 - do not reply for local addresses configured with scope host,
	only resolutions for global and link addresses are replied
	4-7 - reserved
	8 - do not reply for all local addresses

	The max value from conf/{all,interface}/arp_ignore is used
	when ARP request is received on the {interface}

app_solicit - INTEGER
	The maximum number of probes to send to the user space ARP daemon
	via netlink before dropping back to multicast probes (see
	mcast_solicit).  Defaults to 0.

disable_policy - BOOLEAN
	Disable IPSEC policy (SPD) for this interface

disable_xfrm - BOOLEAN
	Disable IPSEC encryption on this interface, whatever the policy



tag - INTEGER
	Allows you to write a number, which can be used as required.
	Default value is 0.

(1) Jiffie: internal timeunit for the kernel. On the i386 1/100s, on the
Alpha 1/1024s. See the HZ define in /usr/include/asm/param.h for the exact
value on your system. 

Alexey Kuznetsov.
kuznet@ms2.inr.ac.ru

Updated by:
Andi Kleen
ak@muc.de
Nicolas Delon
delon.nicolas@wanadoo.fr




/proc/sys/net/ipv6/* Variables:

IPv6 has no global variables such as tcp_*.  tcp_* settings under ipv4/ also
apply to IPv6 [XXX?].

bindv6only - BOOLEAN
	Default value for IPV6_V6ONLY socket option,
	which restricts use of the IPv6 socket to IPv6 communication 
	only.
		TRUE: disable IPv4-mapped address feature
		FALSE: enable IPv4-mapped address feature

	Default: FALSE (as specified in RFC2553bis)

IPv6 Fragmentation:

ip6frag_high_thresh - INTEGER
	Maximum memory used to reassemble IPv6 fragments. When 
	ip6frag_high_thresh bytes of memory is allocated for this purpose,
	the fragment handler will toss packets until ip6frag_low_thresh
	is reached.
	
ip6frag_low_thresh - INTEGER
	See ip6frag_high_thresh	

ip6frag_time - INTEGER
	Time in seconds to keep an IPv6 fragment in memory.

ip6frag_secret_interval - INTEGER
	Regeneration interval (in seconds) of the hash secret (or lifetime 
	for the hash secret) for IPv6 fragments.
	Default: 600

conf/default/*:
	Change the interface-specific default settings.


conf/all/*:
	Change all the interface-specific settings.  

	[XXX:  Other special features than forwarding?]

conf/all/forwarding - BOOLEAN
	Enable global IPv6 forwarding between all interfaces.  

	IPv4 and IPv6 work differently here; e.g. netfilter must be used 
	to control which interfaces may forward packets and which not.

	This also sets all interfaces' Host/Router setting 
	'forwarding' to the specified value.  See below for details.

	This referred to as global forwarding.

conf/interface/*:
	Change special settings per interface.

	The functional behaviour for certain settings is different 
	depending on whether local forwarding is enabled or not.

accept_ra - BOOLEAN
	Accept Router Advertisements; autoconfigure using them.
	
	Functional default: enabled if local forwarding is disabled.
			    disabled if local forwarding is enabled.

accept_redirects - BOOLEAN
	Accept Redirects.

	Functional default: enabled if local forwarding is disabled.
			    disabled if local forwarding is enabled.

autoconf - BOOLEAN
	Autoconfigure addresses using Prefix Information in Router 
	Advertisements.

	Functional default: enabled if accept_ra is enabled.
			    disabled if accept_ra is disabled.

dad_transmits - INTEGER
	The amount of Duplicate Address Detection probes to send.
	Default: 1
	
forwarding - BOOLEAN
	Configure interface-specific Host/Router behaviour.  

	Note: It is recommended to have the same setting on all 
	interfaces; mixed router/host scenarios are rather uncommon.

	FALSE:

	By default, Host behaviour is assumed.  This means:

	1. IsRouter flag is not set in Neighbour Advertisements.
	2. Router Solicitations are being sent when necessary.
	3. If accept_ra is TRUE (default), accept Router 
	   Advertisements (and do autoconfiguration).
	4. If accept_redirects is TRUE (default), accept Redirects.

	TRUE:

	If local forwarding is enabled, Router behaviour is assumed. 
	This means exactly the reverse from the above:

	1. IsRouter flag is set in Neighbour Advertisements.
	2. Router Solicitations are not sent.
	3. Router Advertisements are ignored.
	4. Redirects are ignored.

	Default: FALSE if global forwarding is disabled (default),
		 otherwise TRUE.

hop_limit - INTEGER
	Default Hop Limit to set.
	Default: 64

mtu - INTEGER
	Default Maximum Transfer Unit
	Default: 1280 (IPv6 required minimum)

router_solicitation_delay - INTEGER
	Number of seconds to wait after interface is brought up
	before sending Router Solicitations.
	Default: 1

router_solicitation_interval - INTEGER
	Number of seconds to wait between Router Solicitations.
	Default: 4

router_solicitations - INTEGER
	Number of Router Solicitations to send until assuming no 
	routers are present.
	Default: 3

use_tempaddr - INTEGER
	Preference for Privacy Extensions (RFC3041).
	  <= 0 : disable Privacy Extensions
	  == 1 : enable Privacy Extensions, but prefer public
	         addresses over temporary addresses.
	  >  1 : enable Privacy Extensions and prefer temporary
	         addresses over public addresses.
	Default:  0 (for most devices)
		 -1 (for point-to-point devices and loopback devices)

temp_valid_lft - INTEGER
	valid lifetime (in seconds) for temporary addresses.
	Default: 604800 (7 days)

temp_prefered_lft - INTEGER
	Preferred lifetime (in seconds) for temporary addresses.
	Default: 86400 (1 day)

max_desync_factor - INTEGER
	Maximum value for DESYNC_FACTOR, which is a random value
	that ensures that clients don't synchronize with each 
	other and generate new addresses at exactly the same time.
	value is in seconds.
	Default: 600
	
regen_max_retry - INTEGER
	Number of attempts before give up attempting to generate
	valid temporary addresses.
	Default: 5

max_addresses - INTEGER
	Number of maximum addresses per interface.  0 disables limitation.
	It is recommended not set too large value (or 0) because it would 
	be too easy way to crash kernel to allow to create too much of 
	autoconfigured addresses.
	Default: 16

icmp/*:
ratelimit - INTEGER
	Limit the maximal rates for sending ICMPv6 packets.
	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
	Default: 100


IPv6 Update by:
Pekka Savola <pekkas@netcore.fi>
YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>


/proc/sys/net/bridge/* Variables:

bridge-nf-call-arptables - BOOLEAN
	1 : pass bridged ARP traffic to arptables' FORWARD chain.
	0 : disable this.
	Default: 1

bridge-nf-call-iptables - BOOLEAN
	1 : pass bridged IPv4 traffic to iptables' chains.
	0 : disable this.
	Default: 1

bridge-nf-call-ip6tables - BOOLEAN
	1 : pass bridged IPv6 traffic to ip6tables' chains.
	0 : disable this.
	Default: 1

bridge-nf-filter-vlan-tagged - BOOLEAN
	1 : pass bridged vlan-tagged ARP/IP traffic to arptables/iptables.
	0 : disable this.
	Default: 1


UNDOCUMENTED:

dev_weight FIXME
discovery_slots FIXME
discovery_timeout FIXME
fast_poll_increase FIXME
ip6_queue_maxlen FIXME
lap_keepalive_time FIXME
lo_cong FIXME
max_baud_rate FIXME
max_dgram_qlen FIXME
max_noreply_time FIXME
max_tx_data_size FIXME
max_tx_window FIXME
min_tx_turn_time FIXME
mod_cong FIXME
no_cong FIXME
no_cong_thresh FIXME
slot_timeout FIXME
warn_noreply_time FIXME

$Id: ip-sysctl.txt,v 1.20 2001/12/13 09:00:18 davem Exp $