Linux Audio

Check our new training course

Embedded Linux Audio

Check our new training course
with Creative Commons CC-BY-SA
lecture materials

Bootlin logo

Elixir Cross Referencer

Open Menu / Documentation / networking / ip-sysctl.txt
Loading...
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
/proc/sys/net/ipv4/* Variables:

ip_forward - BOOLEAN
	0 - disabled (default)
	not 0 - enabled 

	Forward Packets between interfaces.

	This variable is special, its change resets all configuration
	parameters to their default state (RFC1122 for hosts, RFC1812
	for routers)

ip_default_ttl - INTEGER
	default 64

ip_addrmask_agent - BOOLEAN
	Reply to ICMP ADDRESS MASK requests.
	default TRUE (router)
		FALSE (host)

ip_bootp_agent - BOOLEAN
	Accept packets with source address of sort 0.b.c.d
	and destined to this host, broadcast or multicast.
	Such packets are silently ignored otherwise.

	default FALSE

ip_no_pmtu_disc - BOOLEAN
	Disable Path MTU Discovery.
	default FALSE

ip_fib_model - INTEGER
	0 - (DEFAULT) Standard model. All routes are in class MAIN.
	1 - default routes go to class DEFAULT. This mode should
	    be very convenient for small ISPs making policy routing.
	2 - RFC1812 compliant model.
	    Interface routes are in class MAIN.
	    Gateway routes are in class DEFAULT.

IP Fragmentation:

ipfrag_high_thresh - INTEGER
	Maximum memory used to reassemble IP fragments. When 
	ipfrag_high_thresh bytes of memory is allocated for this purpose,
	the fragment handler will toss packets until ipfrag_low_thresh
	is reached.
	
ipfrag_low_thresh - INTEGER
	See ipfrag_high_thresh	

ipfrag_time - INTEGER
	Time in seconds to keep an IP fragment in memory.	

TCP variables: 

tcp_syn_retries - INTEGER
	Number of times initial SYNs for an TCP connection attempt will
	be retransmitted. Should not be higher than 255.

tcp_keepalive_time - INTEGER
	How often TCP sends out keepalive messages when keepalive is enabled.
	Default: 2hours.

tcp_keepalive_probes - INTEGER
	How many keepalive probes TCP sends out, until it decides that the
	connection is broken.

tcp_retries1 - INTEGER
tcp_retries2 - INTEGER
tcp_max_delay_acks - INTEGER
tcp_fin_timeout - INTEGER
tcp_max_ka_probes - INTEGER
tcp_hoe_retransmits - INTEGER
	Undocumented for now.

tcp_syncookies - BOOLEAN
	Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
	Send out syncookies when the syn backlog queue of a socket 
	overflows. This is to prevent against the common 'syn flood attack'
	Default: FALSE

tcp_stdurg - BOOLEAN
	Use the Host requirements interpretation of the TCP urg pointer field.
	Most hosts use the older BSD interpretation, so if you turn this on
	Linux might not communicate correctly with them.	
	Default: FALSE 
	
tcp_syn_taildrop  - BOOLEAN
tcp_max_syn_backlog - INTEGER
	Undocumented (work in progress)

tcp_window_scaling - BOOLEAN
	Enable window scaling as defined in RFC1323.

tcp_timestamps - BOOLEAN
	Enable timestamps as defined in RFC1323.

tcp_sack - BOOLEAN
	Enable select acknowledgments.

tcp_retrans_collapse - BOOLEAN
	Bug-to-bug compatibility with some broken printers.
	On retransmit try to send bigger packets to work around bugs in
	certain TCP stacks.

ip_local_port_range - 2 INTEGERS
	Defines the local port range that is used by TCP and UDP to
	choose the local port. The first number is the first, the 
	second the last local port number. For high-usage systems
	change this to 32768-61000.

icmp_echo_ignore_all - BOOLEAN
icmp_echo_ignore_broadcasts - BOOLEAN
	If either is set to true, then the kernel will ignore either all
	ICMP ECHO requests sent to it or just those to broadcast/multicast
	addresses, respectively.

icmp_destunreach_rate - INTEGER
icmp_paramprob_rate - INTEGER
icmp_timeexceed_rate - INTEGER
icmp_echoreply_rate - INTEGER (not enabled per default)
	Limit the maximal rates for sending ICMP packets to specific targets.
	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
	See the source for more information.

icmp_ignore_bogus_error_responses - BOOLEAN
	Some routers violate RFC 1122 by sending bogus responses to broadcast
	frames.  Such violations are normally logged via a kernel warning.
	If this is set to TRUE, the kernel will not give such warnings, which
	will avoid log file clutter.
	Default: FALSE

(1) Jiffie: internal timeunit for the kernel. On the i386 1/100s, on the
Alpha 1/1024s. See the HZ define in /usr/include/asm/param.h for the exact
value on your system. 

conf/interface/*: 
conf/all/* is special and changes the settings for all interfaces.
	Change special settings per interface.

log_martians - BOOLEAN
	Log packets with impossible addresses to kernel log.

accept_redirects - BOOLEAN
	Accept ICMP redirect messages.
	default TRUE (host)
		FALSE (router)

forwarding - BOOLEAN
	Enable IP forwarding on this interface.

mc_forwarding - BOOLEAN
	Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
	and a multicast routing daemon is required.

proxy_arp - BOOLEAN
	Do proxy arp.

hidden - BOOLEAN
	Hide addresses attached to this device from another devices.
	Such addresses will never be selected by source address autoselection
	mechanism, host does not answer broadcast ARP requests for them,
	does not announce it as source address of ARP requests,	but they
	are still reachable via IP. This flag is activated only if it is
	enabled both in specific device section and in "all" section.

shared_media - BOOLEAN
	undocumented.

secure_redirects - BOOLEAN
	Accept ICMP redirect messages only for gateways,
	listed in default gateway list.
	default TRUE

redirects - BOOLEAN
	Send(router) or accept(host) RFC1620 shared media redirects.
	Overrides ip_secure_redirects.
	default TRUE (should be FALSE for distributed version,
		      but I use it...)

bootp_relay - BOOLEAN
	Accept packets with source address 0.b.c.d destined
	not to this host as local ones. It is supposed, that
	BOOTP relay daemon will catch and forward such packets.

	default FALSE
	Not Implemented Yet.

accept_source_route - BOOLEAN
	Accept packets with SRR option.
	default TRUE (router)
		FALSE (host)

rp_filter - INTEGER
	2 - do source validation by reversed path, as specified in RFC1812
	    Recommended option for single homed hosts and stub network
	    routers. Could cause troubles for complicated (not loop free)
	    networks running a slow unreliable protocol (sort of RIP),
	    or using static routes.

	1 - (DEFAULT) Weaker form of RP filtering: drop all the packets
	    that look as sourced at a directly connected interface, but
	    were input from another interface.
	    
	0 - No source validation. 

	NOTE: do not disable this option! All BSD derived routing software
	(sort of gated, routed etc. etc.) is confused by such packets,
	even if they are valid. When enabled it also prevents ip spoofing
	in some limited fashion.

	NOTE: this option is turned on per default only when ip_forwarding
	is on. For non-forwarding hosts it doesn't make much sense and 
	makes some legal multihoming configurations impossible.

Alexey Kuznetsov.
kuznet@ms2.inr.ac.ru

Updated by:
Andi Kleen
ak@muc.de
$Id: ip-sysctl.txt,v 1.9 1999/05/08 02:58:44 davem Exp $