ip-sysctl.txt

linux 内核源代码

	request we will check all our subnets that include the
	target IP and will preserve the source address if it is from
	such subnet. If there is no such subnet we select source
	address according to the rules for level 2.
	2 - Always use the best local address for this target.
	In this mode we ignore the source address in the IP packet
	and try to select local address that we prefer for talks with
	the target host. Such local address is selected by looking
	for primary IP addresses on all our subnets on the outgoing
	interface that include the target IP address. If no suitable
	local address is found we select the first local address
	we have on the outgoing interface or on all other interfaces,
	with the hope we will receive reply for our request and
	even sometimes no matter the source IP address we announce.

	The max value from conf/{all,interface}/arp_announce is used.

	Increasing the restriction level gives more chance for
	receiving answer from the resolved target while decreasing
	the level announces more valid sender's information.

arp_ignore - INTEGER
	Define different modes for sending replies in response to
	received ARP requests that resolve local target IP addresses:
	0 - (default): reply for any local target IP address, configured
	on any interface
	1 - reply only if the target IP address is local address
	configured on the incoming interface
	2 - reply only if the target IP address is local address
	configured on the incoming interface and both with the
	sender's IP address are part from same subnet on this interface
	3 - do not reply for local addresses configured with scope host,
	only resolutions for global and link addresses are replied
	4-7 - reserved
	8 - do not reply for all local addresses

	The max value from conf/{all,interface}/arp_ignore is used
	when ARP request is received on the {interface}

arp_accept - BOOLEAN
	Define behavior when gratuitous arp replies are received:
	0 - drop gratuitous arp frames
	1 - accept gratuitous arp frames

app_solicit - INTEGER
	The maximum number of probes to send to the user space ARP daemon
	via netlink before dropping back to multicast probes (see
	mcast_solicit).  Defaults to 0.

disable_policy - BOOLEAN
	Disable IPSEC policy (SPD) for this interface

disable_xfrm - BOOLEAN
	Disable IPSEC encryption on this interface, whatever the policy



tag - INTEGER
	Allows you to write a number, which can be used as required.
	Default value is 0.

(1) Jiffie: internal timeunit for the kernel. On the i386 1/100s, on the
Alpha 1/1024s. See the HZ define in /usr/include/asm/param.h for the exact
value on your system. 

Alexey Kuznetsov.
kuznet@ms2.inr.ac.ru

Updated by:
Andi Kleen
ak@muc.de
Nicolas Delon
delon.nicolas@wanadoo.fr




/proc/sys/net/ipv6/* Variables:

IPv6 has no global variables such as tcp_*.  tcp_* settings under ipv4/ also
apply to IPv6 [XXX?].

bindv6only - BOOLEAN
	Default value for IPV6_V6ONLY socket option,
	which restricts use of the IPv6 socket to IPv6 communication 
	only.
		TRUE: disable IPv4-mapped address feature
		FALSE: enable IPv4-mapped address feature

	Default: FALSE (as specified in RFC2553bis)

IPv6 Fragmentation:

ip6frag_high_thresh - INTEGER
	Maximum memory used to reassemble IPv6 fragments. When 
	ip6frag_high_thresh bytes of memory is allocated for this purpose,
	the fragment handler will toss packets until ip6frag_low_thresh
	is reached.
	
ip6frag_low_thresh - INTEGER
	See ip6frag_high_thresh	

ip6frag_time - INTEGER
	Time in seconds to keep an IPv6 fragment in memory.

ip6frag_secret_interval - INTEGER
	Regeneration interval (in seconds) of the hash secret (or lifetime 
	for the hash secret) for IPv6 fragments.
	Default: 600

conf/default/*:
	Change the interface-specific default settings.


conf/all/*:
	Change all the interface-specific settings.  

	[XXX:  Other special features than forwarding?]

conf/all/forwarding - BOOLEAN
	Enable global IPv6 forwarding between all interfaces.  

	IPv4 and IPv6 work differently here; e.g. netfilter must be used 
	to control which interfaces may forward packets and which not.

	This also sets all interfaces' Host/Router setting 
	'forwarding' to the specified value.  See below for details.

	This referred to as global forwarding.

proxy_ndp - BOOLEAN
	Do proxy ndp.

conf/interface/*:
	Change special settings per interface.

	The functional behaviour for certain settings is different 
	depending on whether local forwarding is enabled or not.

accept_ra - BOOLEAN
	Accept Router Advertisements; autoconfigure using them.
	
	Functional default: enabled if local forwarding is disabled.
			    disabled if local forwarding is enabled.

accept_ra_defrtr - BOOLEAN
	Learn default router in Router Advertisement.

	Functional default: enabled if accept_ra is enabled.
			    disabled if accept_ra is disabled.

accept_ra_pinfo - BOOLEAN
	Learn Prefix Information in Router Advertisement.

	Functional default: enabled if accept_ra is enabled.
			    disabled if accept_ra is disabled.

accept_ra_rt_info_max_plen - INTEGER
	Maximum prefix length of Route Information in RA.

	Route Information w/ prefix larger than or equal to this
	variable shall be ignored.

	Functional default: 0 if accept_ra_rtr_pref is enabled.
			    -1 if accept_ra_rtr_pref is disabled.

accept_ra_rtr_pref - BOOLEAN
	Accept Router Preference in RA.

	Functional default: enabled if accept_ra is enabled.
			    disabled if accept_ra is disabled.

accept_redirects - BOOLEAN
	Accept Redirects.

	Functional default: enabled if local forwarding is disabled.
			    disabled if local forwarding is enabled.

accept_source_route - INTEGER
	Accept source routing (routing extension header).

	>= 0: Accept only routing header type 2.
	< 0: Do not accept routing header.

	Default: 0

autoconf - BOOLEAN
	Autoconfigure addresses using Prefix Information in Router 
	Advertisements.

	Functional default: enabled if accept_ra_pinfo is enabled.
			    disabled if accept_ra_pinfo is disabled.

dad_transmits - INTEGER
	The amount of Duplicate Address Detection probes to send.
	Default: 1
	
forwarding - BOOLEAN
	Configure interface-specific Host/Router behaviour.  

	Note: It is recommended to have the same setting on all 
	interfaces; mixed router/host scenarios are rather uncommon.

	FALSE:

	By default, Host behaviour is assumed.  This means:

	1. IsRouter flag is not set in Neighbour Advertisements.
	2. Router Solicitations are being sent when necessary.
	3. If accept_ra is TRUE (default), accept Router 
	   Advertisements (and do autoconfiguration).
	4. If accept_redirects is TRUE (default), accept Redirects.

	TRUE:

	If local forwarding is enabled, Router behaviour is assumed. 
	This means exactly the reverse from the above:

	1. IsRouter flag is set in Neighbour Advertisements.
	2. Router Solicitations are not sent.
	3. Router Advertisements are ignored.
	4. Redirects are ignored.

	Default: FALSE if global forwarding is disabled (default),
		 otherwise TRUE.

hop_limit - INTEGER
	Default Hop Limit to set.
	Default: 64

mtu - INTEGER
	Default Maximum Transfer Unit
	Default: 1280 (IPv6 required minimum)

router_probe_interval - INTEGER
	Minimum interval (in seconds) between Router Probing described
	in RFC4191.

	Default: 60

router_solicitation_delay - INTEGER
	Number of seconds to wait after interface is brought up
	before sending Router Solicitations.
	Default: 1

router_solicitation_interval - INTEGER
	Number of seconds to wait between Router Solicitations.
	Default: 4

router_solicitations - INTEGER
	Number of Router Solicitations to send until assuming no 
	routers are present.
	Default: 3

use_tempaddr - INTEGER
	Preference for Privacy Extensions (RFC3041).
	  <= 0 : disable Privacy Extensions
	  == 1 : enable Privacy Extensions, but prefer public
	         addresses over temporary addresses.
	  >  1 : enable Privacy Extensions and prefer temporary
	         addresses over public addresses.
	Default:  0 (for most devices)
		 -1 (for point-to-point devices and loopback devices)

temp_valid_lft - INTEGER
	valid lifetime (in seconds) for temporary addresses.
	Default: 604800 (7 days)

temp_prefered_lft - INTEGER
	Preferred lifetime (in seconds) for temporary addresses.
	Default: 86400 (1 day)

max_desync_factor - INTEGER
	Maximum value for DESYNC_FACTOR, which is a random value
	that ensures that clients don't synchronize with each 
	other and generate new addresses at exactly the same time.
	value is in seconds.
	Default: 600
	
regen_max_retry - INTEGER
	Number of attempts before give up attempting to generate
	valid temporary addresses.
	Default: 5

max_addresses - INTEGER
	Number of maximum addresses per interface.  0 disables limitation.
	It is recommended not set too large value (or 0) because it would 
	be too easy way to crash kernel to allow to create too much of 
	autoconfigured addresses.
	Default: 16

icmp/*:
ratelimit - INTEGER
	Limit the maximal rates for sending ICMPv6 packets.
	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
	Default: 100


IPv6 Update by:
Pekka Savola <pekkas@netcore.fi>
YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>


/proc/sys/net/bridge/* Variables:

bridge-nf-call-arptables - BOOLEAN
	1 : pass bridged ARP traffic to arptables' FORWARD chain.
	0 : disable this.
	Default: 1

bridge-nf-call-iptables - BOOLEAN
	1 : pass bridged IPv4 traffic to iptables' chains.
	0 : disable this.
	Default: 1

bridge-nf-call-ip6tables - BOOLEAN
	1 : pass bridged IPv6 traffic to ip6tables' chains.
	0 : disable this.
	Default: 1

bridge-nf-filter-vlan-tagged - BOOLEAN
	1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
	0 : disable this.
	Default: 1

bridge-nf-filter-pppoe-tagged - BOOLEAN
	1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
	0 : disable this.
	Default: 1


UNDOCUMENTED:

dev_weight FIXME
discovery_slots FIXME
discovery_timeout FIXME
fast_poll_increase FIXME
ip6_queue_maxlen FIXME
lap_keepalive_time FIXME
lo_cong FIXME
max_baud_rate FIXME
max_dgram_qlen FIXME
max_noreply_time FIXME
max_tx_data_size FIXME
max_tx_window FIXME
min_tx_turn_time FIXME
mod_cong FIXME
no_cong FIXME
no_cong_thresh FIXME
slot_timeout FIXME
warn_noreply_time FIXME