Orange Pi5 kernel

^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    1) .. SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    2) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    3) =========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    4) IP Sysctl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    5) =========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    6) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    7) /proc/sys/net/ipv4/* Variables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    8) ==============================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    9) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   10) ip_forward - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   11) 	- 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   12) 	- not 0 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   13) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   14) 	Forward Packets between interfaces.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   15) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   16) 	This variable is special, its change resets all configuration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   17) 	parameters to their default state (RFC1122 for hosts, RFC1812
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   18) 	for routers)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   19) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   20) ip_default_ttl - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   21) 	Default value of TTL field (Time To Live) for outgoing (but not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   22) 	forwarded) IP packets. Should be between 1 and 255 inclusive.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   23) 	Default: 64 (as recommended by RFC1700)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   24) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   25) ip_no_pmtu_disc - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   26) 	Disable Path MTU Discovery. If enabled in mode 1 and a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   27) 	fragmentation-required ICMP is received, the PMTU to this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   28) 	destination will be set to min_pmtu (see below). You will need
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   29) 	to raise min_pmtu to the smallest interface MTU on your system
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   30) 	manually if you want to avoid locally generated fragments.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   31) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   32) 	In mode 2 incoming Path MTU Discovery messages will be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   33) 	discarded. Outgoing frames are handled the same as in mode 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   34) 	implicitly setting IP_PMTUDISC_DONT on every created socket.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   36) 	Mode 3 is a hardened pmtu discover mode. The kernel will only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   37) 	accept fragmentation-needed errors if the underlying protocol
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   38) 	can verify them besides a plain socket lookup. Current
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   39) 	protocols for which pmtu events will be honored are TCP, SCTP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   40) 	and DCCP as they verify e.g. the sequence number or the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   41) 	association. This mode should not be enabled globally but is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   42) 	only intended to secure e.g. name servers in namespaces where
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   43) 	TCP path mtu must still work but path MTU information of other
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   44) 	protocols should be discarded. If enabled globally this mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   45) 	could break other protocols.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   47) 	Possible values: 0-3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   49) 	Default: FALSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   50) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   51) min_pmtu - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   52) 	default 552 - minimum discovered Path MTU
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   53) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   54) ip_forward_use_pmtu - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   55) 	By default we don't trust protocol path MTUs while forwarding
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   56) 	because they could be easily forged and can lead to unwanted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   57) 	fragmentation by the router.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   58) 	You only need to enable this if you have user-space software
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   59) 	which tries to discover path mtus by itself and depends on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   60) 	kernel honoring this information. This is normally not the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   61) 	case.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   62) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   63) 	Default: 0 (disabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   64) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   65) 	Possible values:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   66) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   67) 	- 0 - disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   68) 	- 1 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   69) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   70) fwmark_reflect - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   71) 	Controls the fwmark of kernel-generated IPv4 reply packets that are not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   72) 	associated with a socket for example, TCP RSTs or ICMP echo replies).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   73) 	If unset, these packets have a fwmark of zero. If set, they have the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   74) 	fwmark of the packet they are replying to.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   75) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   76) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   77) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   78) fib_multipath_use_neigh - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   79) 	Use status of existing neighbor entry when determining nexthop for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   80) 	multipath routes. If disabled, neighbor information is not used and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   81) 	packets could be directed to a failed nexthop. Only valid for kernels
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   82) 	built with CONFIG_IP_ROUTE_MULTIPATH enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   83) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   84) 	Default: 0 (disabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   85) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   86) 	Possible values:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   87) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   88) 	- 0 - disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   89) 	- 1 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   90) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   91) fib_multipath_hash_policy - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   92) 	Controls which hash policy to use for multipath routes. Only valid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   93) 	for kernels built with CONFIG_IP_ROUTE_MULTIPATH enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   94) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   95) 	Default: 0 (Layer 3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   96) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   97) 	Possible values:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   98) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   99) 	- 0 - Layer 3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  100) 	- 1 - Layer 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  101) 	- 2 - Layer 3 or inner Layer 3 if present
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  102) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  103) fib_sync_mem - UNSIGNED INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  104) 	Amount of dirty memory from fib entries that can be backlogged before
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  105) 	synchronize_rcu is forced.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  106) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  107) 	Default: 512kB   Minimum: 64kB   Maximum: 64MB
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  108) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  109) ip_forward_update_priority - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  110) 	Whether to update SKB priority from "TOS" field in IPv4 header after it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  111) 	is forwarded. The new SKB priority is mapped from TOS field value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  112) 	according to an rt_tos2priority table (see e.g. man tc-prio).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  114) 	Default: 1 (Update priority.)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  115) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  116) 	Possible values:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  117) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  118) 	- 0 - Do not update priority.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  119) 	- 1 - Update priority.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  121) route/max_size - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  122) 	Maximum number of routes allowed in the kernel.  Increase
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  123) 	this when using large numbers of interfaces and/or routes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  124) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  125) 	From linux kernel 3.6 onwards, this is deprecated for ipv4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  126) 	as route cache is no longer used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  127) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  128) neigh/default/gc_thresh1 - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  129) 	Minimum number of entries to keep.  Garbage collector will not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  130) 	purge entries if there are fewer than this number.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  131) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  132) 	Default: 128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  133) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  134) neigh/default/gc_thresh2 - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  135) 	Threshold when garbage collector becomes more aggressive about
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  136) 	purging entries. Entries older than 5 seconds will be cleared
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  137) 	when over this number.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  138) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  139) 	Default: 512
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  140) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  141) neigh/default/gc_thresh3 - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  142) 	Maximum number of non-PERMANENT neighbor entries allowed.  Increase
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  143) 	this when using large numbers of interfaces and when communicating
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  144) 	with large numbers of directly-connected peers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  145) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  146) 	Default: 1024
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  147) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  148) neigh/default/unres_qlen_bytes - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  149) 	The maximum number of bytes which may be used by packets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  150) 	queued for each	unresolved address by other network layers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  151) 	(added in linux 3.3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  152) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  153) 	Setting negative value is meaningless and will return error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  154) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  155) 	Default: SK_WMEM_MAX, (same as net.core.wmem_default).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  156) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  157) 		Exact value depends on architecture and kernel options,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  158) 		but should be enough to allow queuing 256 packets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  159) 		of medium size.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  160) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  161) neigh/default/unres_qlen - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  162) 	The maximum number of packets which may be queued for each
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  163) 	unresolved address by other network layers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  164) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  165) 	(deprecated in linux 3.3) : use unres_qlen_bytes instead.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  166) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  167) 	Prior to linux 3.3, the default value is 3 which may cause
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  168) 	unexpected packet loss. The current default value is calculated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  169) 	according to default value of unres_qlen_bytes and true size of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  170) 	packet.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  171) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  172) 	Default: 101
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  173) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  174) mtu_expires - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  175) 	Time, in seconds, that cached PMTU information is kept.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  176) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  177) min_adv_mss - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  178) 	The advertised MSS depends on the first hop route MTU, but will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  179) 	never be lower than this setting.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  180) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  181) IP Fragmentation:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  183) ipfrag_high_thresh - LONG INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  184) 	Maximum memory used to reassemble IP fragments.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  185) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  186) ipfrag_low_thresh - LONG INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  187) 	(Obsolete since linux-4.17)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  188) 	Maximum memory used to reassemble IP fragments before the kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  189) 	begins to remove incomplete fragment queues to free up resources.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  190) 	The kernel still accepts new fragments for defragmentation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  191) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  192) ipfrag_time - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  193) 	Time in seconds to keep an IP fragment in memory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  194) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  195) ipfrag_max_dist - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  196) 	ipfrag_max_dist is a non-negative integer value which defines the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  197) 	maximum "disorder" which is allowed among fragments which share a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  198) 	common IP source address. Note that reordering of packets is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  199) 	not unusual, but if a large number of fragments arrive from a source
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  200) 	IP address while a particular fragment queue remains incomplete, it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  201) 	probably indicates that one or more fragments belonging to that queue
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  202) 	have been lost. When ipfrag_max_dist is positive, an additional check
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  203) 	is done on fragments before they are added to a reassembly queue - if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  204) 	ipfrag_max_dist (or more) fragments have arrived from a particular IP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  205) 	address between additions to any IP fragment queue using that source
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  206) 	address, it's presumed that one or more fragments in the queue are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  207) 	lost. The existing fragment queue will be dropped, and a new one
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  208) 	started. An ipfrag_max_dist value of zero disables this check.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  209) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  210) 	Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  211) 	result in unnecessarily dropping fragment queues when normal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  212) 	reordering of packets occurs, which could lead to poor application
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  213) 	performance. Using a very large value, e.g. 50000, increases the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  214) 	likelihood of incorrectly reassembling IP fragments that originate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  215) 	from different IP datagrams, which could result in data corruption.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  216) 	Default: 64
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  217) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  218) INET peer storage
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  219) =================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  220) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  221) inet_peer_threshold - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  222) 	The approximate size of the storage.  Starting from this threshold
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  223) 	entries will be thrown aggressively.  This threshold also determines
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  224) 	entries' time-to-live and time intervals between garbage collection
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  225) 	passes.  More entries, less time-to-live, less GC interval.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  226) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  227) inet_peer_minttl - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  228) 	Minimum time-to-live of entries.  Should be enough to cover fragment
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  229) 	time-to-live on the reassembling side.  This minimum time-to-live  is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  230) 	guaranteed if the pool size is less than inet_peer_threshold.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  231) 	Measured in seconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  232) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  233) inet_peer_maxttl - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  234) 	Maximum time-to-live of entries.  Unused entries will expire after
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  235) 	this period of time if there is no memory pressure on the pool (i.e.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  236) 	when the number of entries in the pool is very small).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  237) 	Measured in seconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  238) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  239) TCP variables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  240) =============
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  241) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  242) somaxconn - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  243) 	Limit of socket listen() backlog, known in userspace as SOMAXCONN.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  244) 	Defaults to 4096. (Was 128 before linux-5.4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  245) 	See also tcp_max_syn_backlog for additional tuning for TCP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  246) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  247) tcp_abort_on_overflow - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  248) 	If listening service is too slow to accept new connections,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  249) 	reset them. Default state is FALSE. It means that if overflow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  250) 	occurred due to a burst, connection will recover. Enable this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  251) 	option _only_ if you are really sure that listening daemon
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  252) 	cannot be tuned to accept connections faster. Enabling this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  253) 	option can harm clients of your server.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  254) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  255) tcp_adv_win_scale - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  256) 	Count buffering overhead as bytes/2^tcp_adv_win_scale
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  257) 	(if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  258) 	if it is <= 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  259) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  260) 	Possible values are [-31, 31], inclusive.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  261) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  262) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  263) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  264) tcp_allowed_congestion_control - STRING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  265) 	Show/set the congestion control choices available to non-privileged
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  266) 	processes. The list is a subset of those listed in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  267) 	tcp_available_congestion_control.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  268) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  269) 	Default is "reno" and the default setting (tcp_congestion_control).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  270) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  271) tcp_app_win - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  272) 	Reserve max(window/2^tcp_app_win, mss) of window for application
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  273) 	buffer. Value 0 is special, it means that nothing is reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  274) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  275) 	Default: 31
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  276) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  277) tcp_autocorking - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  278) 	Enable TCP auto corking :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  279) 	When applications do consecutive small write()/sendmsg() system calls,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  280) 	we try to coalesce these small writes as much as possible, to lower
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  281) 	total amount of sent packets. This is done if at least one prior
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  282) 	packet for the flow is waiting in Qdisc queues or device transmit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  283) 	queue. Applications can still use TCP_CORK for optimal behavior
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  284) 	when they know how/when to uncork their sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  285) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  286) 	Default : 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  287) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  288) tcp_available_congestion_control - STRING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  289) 	Shows the available congestion control choices that are registered.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  290) 	More congestion control algorithms may be available as modules,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  291) 	but not loaded.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  292) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  293) tcp_base_mss - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  294) 	The initial value of search_low to be used by the packetization layer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  295) 	Path MTU discovery (MTU probing).  If MTU probing is enabled,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  296) 	this is the initial MSS used by the connection.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  297) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  298) tcp_mtu_probe_floor - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  299) 	If MTU probing is enabled this caps the minimum MSS used for search_low
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  300) 	for the connection.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  301) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  302) 	Default : 48
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  303) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  304) tcp_min_snd_mss - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  305) 	TCP SYN and SYNACK messages usually advertise an ADVMSS option,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  306) 	as described in RFC 1122 and RFC 6691.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  307) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  308) 	If this ADVMSS option is smaller than tcp_min_snd_mss,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  309) 	it is silently capped to tcp_min_snd_mss.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  310) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  311) 	Default : 48 (at least 8 bytes of payload per segment)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  312) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  313) tcp_congestion_control - STRING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  314) 	Set the congestion control algorithm to be used for new
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  315) 	connections. The algorithm "reno" is always available, but
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  316) 	additional choices may be available based on kernel configuration.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  317) 	Default is set as part of kernel configuration.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  318) 	For passive connections, the listener congestion control choice
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  319) 	is inherited.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  320) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  321) 	[see setsockopt(listenfd, SOL_TCP, TCP_CONGESTION, "name" ...) ]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  322) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  323) tcp_dsack - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  324) 	Allows TCP to send "duplicate" SACKs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  325) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  326) tcp_early_retrans - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  327) 	Tail loss probe (TLP) converts RTOs occurring due to tail
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  328) 	losses into fast recovery (draft-ietf-tcpm-rack). Note that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  329) 	TLP requires RACK to function properly (see tcp_recovery below)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  330) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  331) 	Possible values:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  332) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  333) 		- 0 disables TLP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  334) 		- 3 or 4 enables TLP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  335) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  336) 	Default: 3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  337) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  338) tcp_ecn - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  339) 	Control use of Explicit Congestion Notification (ECN) by TCP.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  340) 	ECN is used only when both ends of the TCP connection indicate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  341) 	support for it.  This feature is useful in avoiding losses due
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  342) 	to congestion by allowing supporting routers to signal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  343) 	congestion before having to drop packets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  344) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  345) 	Possible values are:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  346) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  347) 		=  =====================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  348) 		0  Disable ECN.  Neither initiate nor accept ECN.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  349) 		1  Enable ECN when requested by incoming connections and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  350) 		   also request ECN on outgoing connection attempts.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  351) 		2  Enable ECN when requested by incoming connections
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  352) 		   but do not request ECN on outgoing connections.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  353) 		=  =====================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  354) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  355) 	Default: 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  356) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  357) tcp_ecn_fallback - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  358) 	If the kernel detects that ECN connection misbehaves, enable fall
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  359) 	back to non-ECN. Currently, this knob implements the fallback
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  360) 	from RFC3168, section 6.1.1.1., but we reserve that in future,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  361) 	additional detection mechanisms could be implemented under this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  362) 	knob. The value	is not used, if tcp_ecn or per route (or congestion
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  363) 	control) ECN settings are disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  364) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  365) 	Default: 1 (fallback enabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  366) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  367) tcp_fack - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  368) 	This is a legacy option, it has no effect anymore.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  369) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  370) tcp_fin_timeout - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  371) 	The length of time an orphaned (no longer referenced by any
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  372) 	application) connection will remain in the FIN_WAIT_2 state
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  373) 	before it is aborted at the local end.  While a perfectly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  374) 	valid "receive only" state for an un-orphaned connection, an
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  375) 	orphaned connection in FIN_WAIT_2 state could otherwise wait
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  376) 	forever for the remote to close its end of the connection.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  377) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  378) 	Cf. tcp_max_orphans
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  379) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  380) 	Default: 60 seconds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  381) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  382) tcp_frto - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  383) 	Enables Forward RTO-Recovery (F-RTO) defined in RFC5682.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  384) 	F-RTO is an enhanced recovery algorithm for TCP retransmission
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  385) 	timeouts.  It is particularly beneficial in networks where the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  386) 	RTT fluctuates (e.g., wireless). F-RTO is sender-side only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  387) 	modification. It does not require any support from the peer.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  388) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  389) 	By default it's enabled with a non-zero value. 0 disables F-RTO.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  390) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  391) tcp_fwmark_accept - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  392) 	If set, incoming connections to listening sockets that do not have a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  393) 	socket mark will set the mark of the accepting socket to the fwmark of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  394) 	the incoming SYN packet. This will cause all packets on that connection
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  395) 	(starting from the first SYNACK) to be sent with that fwmark. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  396) 	listening socket's mark is unchanged. Listening sockets that already
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  397) 	have a fwmark set via setsockopt(SOL_SOCKET, SO_MARK, ...) are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  398) 	unaffected.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  399) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  400) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  401) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  402) tcp_invalid_ratelimit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  403) 	Limit the maximal rate for sending duplicate acknowledgments
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  404) 	in response to incoming TCP packets that are for an existing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  405) 	connection but that are invalid due to any of these reasons:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  406) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  407) 	  (a) out-of-window sequence number,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  408) 	  (b) out-of-window acknowledgment number, or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  409) 	  (c) PAWS (Protection Against Wrapped Sequence numbers) check failure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  410) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  411) 	This can help mitigate simple "ack loop" DoS attacks, wherein
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  412) 	a buggy or malicious middlebox or man-in-the-middle can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  413) 	rewrite TCP header fields in manner that causes each endpoint
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  414) 	to think that the other is sending invalid TCP segments, thus
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  415) 	causing each side to send an unterminating stream of duplicate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  416) 	acknowledgments for invalid segments.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  417) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  418) 	Using 0 disables rate-limiting of dupacks in response to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  419) 	invalid segments; otherwise this value specifies the minimal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  420) 	space between sending such dupacks, in milliseconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  421) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  422) 	Default: 500 (milliseconds).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  423) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  424) tcp_keepalive_time - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  425) 	How often TCP sends out keepalive messages when keepalive is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  426) 	Default: 2hours.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  427) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  428) tcp_keepalive_probes - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  429) 	How many keepalive probes TCP sends out, until it decides that the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  430) 	connection is broken. Default value: 9.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  431) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  432) tcp_keepalive_intvl - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  433) 	How frequently the probes are send out. Multiplied by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  434) 	tcp_keepalive_probes it is time to kill not responding connection,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  435) 	after probes started. Default value: 75sec i.e. connection
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  436) 	will be aborted after ~11 minutes of retries.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  437) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  438) tcp_l3mdev_accept - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  439) 	Enables child sockets to inherit the L3 master device index.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  440) 	Enabling this option allows a "global" listen socket to work
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  441) 	across L3 master domains (e.g., VRFs) with connected sockets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  442) 	derived from the listen socket to be bound to the L3 domain in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  443) 	which the packets originated. Only valid when the kernel was
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  444) 	compiled with CONFIG_NET_L3_MASTER_DEV.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  445) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  446) 	Default: 0 (disabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  447) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  448) tcp_low_latency - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  449) 	This is a legacy option, it has no effect anymore.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  450) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  451) tcp_max_orphans - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  452) 	Maximal number of TCP sockets not attached to any user file handle,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  453) 	held by system.	If this number is exceeded orphaned connections are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  454) 	reset immediately and warning is printed. This limit exists
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  455) 	only to prevent simple DoS attacks, you _must_ not rely on this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  456) 	or lower the limit artificially, but rather increase it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  457) 	(probably, after increasing installed memory),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  458) 	if network conditions require more than default value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  459) 	and tune network services to linger and kill such states
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  460) 	more aggressively. Let me to remind again: each orphan eats
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  461) 	up to ~64K of unswappable memory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  462) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  463) tcp_max_syn_backlog - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  464) 	Maximal number of remembered connection requests (SYN_RECV),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  465) 	which have not received an acknowledgment from connecting client.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  466) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  467) 	This is a per-listener limit.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  468) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  469) 	The minimal value is 128 for low memory machines, and it will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  470) 	increase in proportion to the memory of machine.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  471) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  472) 	If server suffers from overload, try increasing this number.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  473) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  474) 	Remember to also check /proc/sys/net/core/somaxconn
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  475) 	A SYN_RECV request socket consumes about 304 bytes of memory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  476) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  477) tcp_max_tw_buckets - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  478) 	Maximal number of timewait sockets held by system simultaneously.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  479) 	If this number is exceeded time-wait socket is immediately destroyed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  480) 	and warning is printed. This limit exists only to prevent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  481) 	simple DoS attacks, you _must_ not lower the limit artificially,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  482) 	but rather increase it (probably, after increasing installed memory),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  483) 	if network conditions require more than default value.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  484) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  485) tcp_mem - vector of 3 INTEGERs: min, pressure, max
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  486) 	min: below this number of pages TCP is not bothered about its
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  487) 	memory appetite.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  488) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  489) 	pressure: when amount of memory allocated by TCP exceeds this number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  490) 	of pages, TCP moderates its memory consumption and enters memory
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  491) 	pressure mode, which is exited when memory consumption falls
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  492) 	under "min".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  493) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  494) 	max: number of pages allowed for queueing by all TCP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  495) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  496) 	Defaults are calculated at boot time from amount of available
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  497) 	memory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  498) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  499) tcp_min_rtt_wlen - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  500) 	The window length of the windowed min filter to track the minimum RTT.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  501) 	A shorter window lets a flow more quickly pick up new (higher)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  502) 	minimum RTT when it is moved to a longer path (e.g., due to traffic
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  503) 	engineering). A longer window makes the filter more resistant to RTT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  504) 	inflations such as transient congestion. The unit is seconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  505) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  506) 	Possible values: 0 - 86400 (1 day)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  507) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  508) 	Default: 300
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  509) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  510) tcp_moderate_rcvbuf - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  511) 	If set, TCP performs receive buffer auto-tuning, attempting to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  512) 	automatically size the buffer (no greater than tcp_rmem[2]) to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  513) 	match the size required by the path for full throughput.  Enabled by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  514) 	default.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  515) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  516) tcp_mtu_probing - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  517) 	Controls TCP Packetization-Layer Path MTU Discovery.  Takes three
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  518) 	values:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  519) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  520) 	- 0 - Disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  521) 	- 1 - Disabled by default, enabled when an ICMP black hole detected
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  522) 	- 2 - Always enabled, use initial MSS of tcp_base_mss.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  523) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  524) tcp_probe_interval - UNSIGNED INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  525) 	Controls how often to start TCP Packetization-Layer Path MTU
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  526) 	Discovery reprobe. The default is reprobing every 10 minutes as
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  527) 	per RFC4821.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  528) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  529) tcp_probe_threshold - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  530) 	Controls when TCP Packetization-Layer Path MTU Discovery probing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  531) 	will stop in respect to the width of search range in bytes. Default
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  532) 	is 8 bytes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  533) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  534) tcp_no_metrics_save - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  535) 	By default, TCP saves various connection metrics in the route cache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  536) 	when the connection closes, so that connections established in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  537) 	near future can use these to set initial conditions.  Usually, this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  538) 	increases overall performance, but may sometimes cause performance
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  539) 	degradation.  If set, TCP will not cache metrics on closing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  540) 	connections.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  541) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  542) tcp_no_ssthresh_metrics_save - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  543) 	Controls whether TCP saves ssthresh metrics in the route cache.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  544) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  545) 	Default is 1, which disables ssthresh metrics.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  546) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  547) tcp_orphan_retries - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  548) 	This value influences the timeout of a locally closed TCP connection,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  549) 	when RTO retransmissions remain unacknowledged.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  550) 	See tcp_retries2 for more details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  551) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  552) 	The default value is 8.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  553) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  554) 	If your machine is a loaded WEB server,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  555) 	you should think about lowering this value, such sockets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  556) 	may consume significant resources. Cf. tcp_max_orphans.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  557) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  558) tcp_recovery - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  559) 	This value is a bitmap to enable various experimental loss recovery
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  560) 	features.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  561) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  562) 	=========   =============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  563) 	RACK: 0x1   enables the RACK loss detection for fast detection of lost
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  564) 		    retransmissions and tail drops. It also subsumes and disables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  565) 		    RFC6675 recovery for SACK connections.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  566) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  567) 	RACK: 0x2   makes RACK's reordering window static (min_rtt/4).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  568) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  569) 	RACK: 0x4   disables RACK's DUPACK threshold heuristic
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  570) 	=========   =============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  571) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  572) 	Default: 0x1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  573) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  574) tcp_reordering - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  575) 	Initial reordering level of packets in a TCP stream.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  576) 	TCP stack can then dynamically adjust flow reordering level
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  577) 	between this initial value and tcp_max_reordering
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  578) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  579) 	Default: 3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  580) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  581) tcp_max_reordering - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  582) 	Maximal reordering level of packets in a TCP stream.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  583) 	300 is a fairly conservative value, but you might increase it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  584) 	if paths are using per packet load balancing (like bonding rr mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  585) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  586) 	Default: 300
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  587) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  588) tcp_retrans_collapse - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  589) 	Bug-to-bug compatibility with some broken printers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  590) 	On retransmit try to send bigger packets to work around bugs in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  591) 	certain TCP stacks.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  592) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  593) tcp_retries1 - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  594) 	This value influences the time, after which TCP decides, that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  595) 	something is wrong due to unacknowledged RTO retransmissions,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  596) 	and reports this suspicion to the network layer.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  597) 	See tcp_retries2 for more details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  598) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  599) 	RFC 1122 recommends at least 3 retransmissions, which is the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  600) 	default.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  601) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  602) tcp_retries2 - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  603) 	This value influences the timeout of an alive TCP connection,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  604) 	when RTO retransmissions remain unacknowledged.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  605) 	Given a value of N, a hypothetical TCP connection following
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  606) 	exponential backoff with an initial RTO of TCP_RTO_MIN would
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  607) 	retransmit N times before killing the connection at the (N+1)th RTO.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  608) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  609) 	The default value of 15 yields a hypothetical timeout of 924.6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  610) 	seconds and is a lower bound for the effective timeout.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  611) 	TCP will effectively time out at the first RTO which exceeds the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  612) 	hypothetical timeout.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  613) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  614) 	RFC 1122 recommends at least 100 seconds for the timeout,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  615) 	which corresponds to a value of at least 8.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  616) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  617) tcp_rfc1337 - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  618) 	If set, the TCP stack behaves conforming to RFC1337. If unset,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  619) 	we are not conforming to RFC, but prevent TCP TIME_WAIT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  620) 	assassination.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  621) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  622) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  623) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  624) tcp_rmem - vector of 3 INTEGERs: min, default, max
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  625) 	min: Minimal size of receive buffer used by TCP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  626) 	It is guaranteed to each TCP socket, even under moderate memory
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  627) 	pressure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  628) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  629) 	Default: 4K
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  630) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  631) 	default: initial size of receive buffer used by TCP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  632) 	This value overrides net.core.rmem_default used by other protocols.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  633) 	Default: 131072 bytes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  634) 	This value results in initial window of 65535.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  635) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  636) 	max: maximal size of receive buffer allowed for automatically
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  637) 	selected receiver buffers for TCP socket. This value does not override
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  638) 	net.core.rmem_max.  Calling setsockopt() with SO_RCVBUF disables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  639) 	automatic tuning of that socket's receive buffer size, in which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  640) 	case this value is ignored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  641) 	Default: between 131072 and 6MB, depending on RAM size.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  642) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  643) tcp_sack - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  644) 	Enable select acknowledgments (SACKS).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  645) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  646) tcp_comp_sack_delay_ns - LONG INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  647) 	TCP tries to reduce number of SACK sent, using a timer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  648) 	based on 5% of SRTT, capped by this sysctl, in nano seconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  649) 	The default is 1ms, based on TSO autosizing period.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  650) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  651) 	Default : 1,000,000 ns (1 ms)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  652) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  653) tcp_comp_sack_slack_ns - LONG INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  654) 	This sysctl control the slack used when arming the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  655) 	timer used by SACK compression. This gives extra time
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  656) 	for small RTT flows, and reduces system overhead by allowing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  657) 	opportunistic reduction of timer interrupts.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  658) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  659) 	Default : 100,000 ns (100 us)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  660) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  661) tcp_comp_sack_nr - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  662) 	Max number of SACK that can be compressed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  663) 	Using 0 disables SACK compression.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  664) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  665) 	Default : 44
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  666) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  667) tcp_slow_start_after_idle - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  668) 	If set, provide RFC2861 behavior and time out the congestion
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  669) 	window after an idle period.  An idle period is defined at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  670) 	the current RTO.  If unset, the congestion window will not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  671) 	be timed out after an idle period.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  672) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  673) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  674) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  675) tcp_stdurg - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  676) 	Use the Host requirements interpretation of the TCP urgent pointer field.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  677) 	Most hosts use the older BSD interpretation, so if you turn this on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  678) 	Linux might not communicate correctly with them.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  679) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  680) 	Default: FALSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  681) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  682) tcp_synack_retries - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  683) 	Number of times SYNACKs for a passive TCP connection attempt will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  684) 	be retransmitted. Should not be higher than 255. Default value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  685) 	is 5, which corresponds to 31seconds till the last retransmission
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  686) 	with the current initial RTO of 1second. With this the final timeout
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  687) 	for a passive TCP connection will happen after 63seconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  688) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  689) tcp_syncookies - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  690) 	Only valid when the kernel was compiled with CONFIG_SYN_COOKIES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  691) 	Send out syncookies when the syn backlog queue of a socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  692) 	overflows. This is to prevent against the common 'SYN flood attack'
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  693) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  694) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  695) 	Note, that syncookies is fallback facility.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  696) 	It MUST NOT be used to help highly loaded servers to stand
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  697) 	against legal connection rate. If you see SYN flood warnings
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  698) 	in your logs, but investigation	shows that they occur
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  699) 	because of overload with legal connections, you should tune
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  700) 	another parameters until this warning disappear.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  701) 	See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  702) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  703) 	syncookies seriously violate TCP protocol, do not allow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  704) 	to use TCP extensions, can result in serious degradation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  705) 	of some services (f.e. SMTP relaying), visible not by you,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  706) 	but your clients and relays, contacting you. While you see
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  707) 	SYN flood warnings in logs not being really flooded, your server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  708) 	is seriously misconfigured.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  709) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  710) 	If you want to test which effects syncookies have to your
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  711) 	network connections you can set this knob to 2 to enable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  712) 	unconditionally generation of syncookies.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  713) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  714) tcp_fastopen - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  715) 	Enable TCP Fast Open (RFC7413) to send and accept data in the opening
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  716) 	SYN packet.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  717) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  718) 	The client support is enabled by flag 0x1 (on by default). The client
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  719) 	then must use sendmsg() or sendto() with the MSG_FASTOPEN flag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  720) 	rather than connect() to send data in SYN.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  721) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  722) 	The server support is enabled by flag 0x2 (off by default). Then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  723) 	either enable for all listeners with another flag (0x400) or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  724) 	enable individual listeners via TCP_FASTOPEN socket option with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  725) 	the option value being the length of the syn-data backlog.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  726) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  727) 	The values (bitmap) are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  728) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  729) 	=====  ======== ======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  730) 	  0x1  (client) enables sending data in the opening SYN on the client.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  731) 	  0x2  (server) enables the server support, i.e., allowing data in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  732) 			a SYN packet to be accepted and passed to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  733) 			application before 3-way handshake finishes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  734) 	  0x4  (client) send data in the opening SYN regardless of cookie
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  735) 			availability and without a cookie option.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  736) 	0x200  (server) accept data-in-SYN w/o any cookie option present.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  737) 	0x400  (server) enable all listeners to support Fast Open by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  738) 			default without explicit TCP_FASTOPEN socket option.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  739) 	=====  ======== ======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  740) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  741) 	Default: 0x1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  742) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  743) 	Note that additional client or server features are only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  744) 	effective if the basic support (0x1 and 0x2) are enabled respectively.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  745) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  746) tcp_fastopen_blackhole_timeout_sec - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  747) 	Initial time period in second to disable Fastopen on active TCP sockets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  748) 	when a TFO firewall blackhole issue happens.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  749) 	This time period will grow exponentially when more blackhole issues
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  750) 	get detected right after Fastopen is re-enabled and will reset to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  751) 	initial value when the blackhole issue goes away.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  752) 	0 to disable the blackhole detection.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  753) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  754) 	By default, it is set to 0 (feature is disabled).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  755) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  756) tcp_fastopen_key - list of comma separated 32-digit hexadecimal INTEGERs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  757) 	The list consists of a primary key and an optional backup key. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  758) 	primary key is used for both creating and validating cookies, while the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  759) 	optional backup key is only used for validating cookies. The purpose of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  760) 	the backup key is to maximize TFO validation when keys are rotated.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  761) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  762) 	A randomly chosen primary key may be configured by the kernel if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  763) 	the tcp_fastopen sysctl is set to 0x400 (see above), or if the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  764) 	TCP_FASTOPEN setsockopt() optname is set and a key has not been
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  765) 	previously configured via sysctl. If keys are configured via
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  766) 	setsockopt() by using the TCP_FASTOPEN_KEY optname, then those
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  767) 	per-socket keys will be used instead of any keys that are specified via
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  768) 	sysctl.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  769) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  770) 	A key is specified as 4 8-digit hexadecimal integers which are separated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  771) 	by a '-' as: xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx. Leading zeros may be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  772) 	omitted. A primary and a backup key may be specified by separating them
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  773) 	by a comma. If only one key is specified, it becomes the primary key and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  774) 	any previously configured backup keys are removed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  775) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  776) tcp_syn_retries - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  777) 	Number of times initial SYNs for an active TCP connection attempt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  778) 	will be retransmitted. Should not be higher than 127. Default value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  779) 	is 6, which corresponds to 63seconds till the last retransmission
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  780) 	with the current initial RTO of 1second. With this the final timeout
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  781) 	for an active TCP connection attempt will happen after 127seconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  782) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  783) tcp_timestamps - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  784) 	Enable timestamps as defined in RFC1323.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  785) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  786) 	- 0: Disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  787) 	- 1: Enable timestamps as defined in RFC1323 and use random offset for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  788) 	  each connection rather than only using the current time.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  789) 	- 2: Like 1, but without random offsets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  790) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  791) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  792) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  793) tcp_min_tso_segs - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  794) 	Minimal number of segments per TSO frame.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  795) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  796) 	Since linux-3.12, TCP does an automatic sizing of TSO frames,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  797) 	depending on flow rate, instead of filling 64Kbytes packets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  798) 	For specific usages, it's possible to force TCP to build big
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  799) 	TSO frames. Note that TCP stack might split too big TSO packets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  800) 	if available window is too small.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  801) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  802) 	Default: 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  803) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  804) tcp_pacing_ss_ratio - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  805) 	sk->sk_pacing_rate is set by TCP stack using a ratio applied
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  806) 	to current rate. (current_rate = cwnd * mss / srtt)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  807) 	If TCP is in slow start, tcp_pacing_ss_ratio is applied
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  808) 	to let TCP probe for bigger speeds, assuming cwnd can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  809) 	doubled every other RTT.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  810) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  811) 	Default: 200
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  812) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  813) tcp_pacing_ca_ratio - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  814) 	sk->sk_pacing_rate is set by TCP stack using a ratio applied
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  815) 	to current rate. (current_rate = cwnd * mss / srtt)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  816) 	If TCP is in congestion avoidance phase, tcp_pacing_ca_ratio
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  817) 	is applied to conservatively probe for bigger throughput.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  818) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  819) 	Default: 120
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  820) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  821) tcp_tso_win_divisor - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  822) 	This allows control over what percentage of the congestion window
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  823) 	can be consumed by a single TSO frame.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  824) 	The setting of this parameter is a choice between burstiness and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  825) 	building larger TSO frames.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  826) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  827) 	Default: 3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  828) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  829) tcp_tw_reuse - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  830) 	Enable reuse of TIME-WAIT sockets for new connections when it is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  831) 	safe from protocol viewpoint.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  832) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  833) 	- 0 - disable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  834) 	- 1 - global enable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  835) 	- 2 - enable for loopback traffic only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  836) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  837) 	It should not be changed without advice/request of technical
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  838) 	experts.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  839) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  840) 	Default: 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  841) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  842) tcp_window_scaling - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  843) 	Enable window scaling as defined in RFC1323.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  844) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  845) tcp_wmem - vector of 3 INTEGERs: min, default, max
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  846) 	min: Amount of memory reserved for send buffers for TCP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  847) 	Each TCP socket has rights to use it due to fact of its birth.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  848) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  849) 	Default: 4K
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  850) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  851) 	default: initial size of send buffer used by TCP sockets.  This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  852) 	value overrides net.core.wmem_default used by other protocols.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  853) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  854) 	It is usually lower than net.core.wmem_default.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  855) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  856) 	Default: 16K
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  857) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  858) 	max: Maximal amount of memory allowed for automatically tuned
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  859) 	send buffers for TCP sockets. This value does not override
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  860) 	net.core.wmem_max.  Calling setsockopt() with SO_SNDBUF disables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  861) 	automatic tuning of that socket's send buffer size, in which case
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  862) 	this value is ignored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  863) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  864) 	Default: between 64K and 4MB, depending on RAM size.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  865) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  866) tcp_notsent_lowat - UNSIGNED INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  867) 	A TCP socket can control the amount of unsent bytes in its write queue,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  868) 	thanks to TCP_NOTSENT_LOWAT socket option. poll()/select()/epoll()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  869) 	reports POLLOUT events if the amount of unsent bytes is below a per
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  870) 	socket value, and if the write queue is not full. sendmsg() will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  871) 	also not add new buffers if the limit is hit.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  872) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  873) 	This global variable controls the amount of unsent data for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  874) 	sockets not using TCP_NOTSENT_LOWAT. For these sockets, a change
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  875) 	to the global variable has immediate effect.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  876) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  877) 	Default: UINT_MAX (0xFFFFFFFF)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  878) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  879) tcp_workaround_signed_windows - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  880) 	If set, assume no receipt of a window scaling option means the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  881) 	remote TCP is broken and treats the window as a signed quantity.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  882) 	If unset, assume the remote TCP is not broken even if we do
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  883) 	not receive a window scaling option from them.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  884) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  885) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  886) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  887) tcp_thin_linear_timeouts - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  888) 	Enable dynamic triggering of linear timeouts for thin streams.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  889) 	If set, a check is performed upon retransmission by timeout to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  890) 	determine if the stream is thin (less than 4 packets in flight).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  891) 	As long as the stream is found to be thin, up to 6 linear
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  892) 	timeouts may be performed before exponential backoff mode is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  893) 	initiated. This improves retransmission latency for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  894) 	non-aggressive thin streams, often found to be time-dependent.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  895) 	For more information on thin streams, see
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  896) 	Documentation/networking/tcp-thin.rst
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  897) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  898) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  899) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  900) tcp_limit_output_bytes - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  901) 	Controls TCP Small Queue limit per tcp socket.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  902) 	TCP bulk sender tends to increase packets in flight until it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  903) 	gets losses notifications. With SNDBUF autotuning, this can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  904) 	result in a large amount of packets queued on the local machine
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  905) 	(e.g.: qdiscs, CPU backlog, or device) hurting latency of other
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  906) 	flows, for typical pfifo_fast qdiscs.  tcp_limit_output_bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  907) 	limits the number of bytes on qdisc or device to reduce artificial
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  908) 	RTT/cwnd and reduce bufferbloat.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  909) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  910) 	Default: 1048576 (16 * 65536)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  911) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  912) tcp_challenge_ack_limit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  913) 	Limits number of Challenge ACK sent per second, as recommended
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  914) 	in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  915) 	Default: 1000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  916) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  917) tcp_rx_skb_cache - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  918) 	Controls a per TCP socket cache of one skb, that might help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  919) 	performance of some workloads. This might be dangerous
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  920) 	on systems with a lot of TCP sockets, since it increases
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  921) 	memory usage.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  922) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  923) 	Default: 0 (disabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  924) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  925) UDP variables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  926) =============
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  927) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  928) udp_l3mdev_accept - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  929) 	Enabling this option allows a "global" bound socket to work
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  930) 	across L3 master domains (e.g., VRFs) with packets capable of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  931) 	being received regardless of the L3 domain in which they
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  932) 	originated. Only valid when the kernel was compiled with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  933) 	CONFIG_NET_L3_MASTER_DEV.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  934) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  935) 	Default: 0 (disabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  936) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  937) udp_mem - vector of 3 INTEGERs: min, pressure, max
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  938) 	Number of pages allowed for queueing by all UDP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  939) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  940) 	min: Below this number of pages UDP is not bothered about its
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  941) 	memory appetite. When amount of memory allocated by UDP exceeds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  942) 	this number, UDP starts to moderate memory usage.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  943) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  944) 	pressure: This value was introduced to follow format of tcp_mem.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  945) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  946) 	max: Number of pages allowed for queueing by all UDP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  947) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  948) 	Default is calculated at boot time from amount of available memory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  949) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  950) udp_rmem_min - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  951) 	Minimal size of receive buffer used by UDP sockets in moderation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  952) 	Each UDP socket is able to use the size for receiving data, even if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  953) 	total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  954) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  955) 	Default: 4K
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  956) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  957) udp_wmem_min - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  958) 	Minimal size of send buffer used by UDP sockets in moderation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  959) 	Each UDP socket is able to use the size for sending data, even if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  960) 	total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  961) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  962) 	Default: 4K
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  963) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  964) RAW variables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  965) =============
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  966) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  967) raw_l3mdev_accept - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  968) 	Enabling this option allows a "global" bound socket to work
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  969) 	across L3 master domains (e.g., VRFs) with packets capable of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  970) 	being received regardless of the L3 domain in which they
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  971) 	originated. Only valid when the kernel was compiled with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  972) 	CONFIG_NET_L3_MASTER_DEV.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  973) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  974) 	Default: 1 (enabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  975) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  976) CIPSOv4 Variables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  977) =================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  978) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  979) cipso_cache_enable - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  980) 	If set, enable additions to and lookups from the CIPSO label mapping
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  981) 	cache.  If unset, additions are ignored and lookups always result in a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  982) 	miss.  However, regardless of the setting the cache is still
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  983) 	invalidated when required when means you can safely toggle this on and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  984) 	off and the cache will always be "safe".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  985) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  986) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  987) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  988) cipso_cache_bucket_size - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  989) 	The CIPSO label cache consists of a fixed size hash table with each
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  990) 	hash bucket containing a number of cache entries.  This variable limits
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  991) 	the number of entries in each hash bucket; the larger the value the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  992) 	more CIPSO label mappings that can be cached.  When the number of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  993) 	entries in a given hash bucket reaches this limit adding new entries
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  994) 	causes the oldest entry in the bucket to be removed to make room.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  995) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  996) 	Default: 10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  997) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  998) cipso_rbm_optfmt - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  999) 	Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1000) 	the CIPSO draft specification (see Documentation/netlabel for details).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1001) 	This means that when set the CIPSO tag will be padded with empty
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1002) 	categories in order to make the packet data 32-bit aligned.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1003) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1004) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1005) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1006) cipso_rbm_structvalid - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1007) 	If set, do a very strict check of the CIPSO option when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1008) 	ip_options_compile() is called.  If unset, relax the checks done during
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1009) 	ip_options_compile().  Either way is "safe" as errors are caught else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1010) 	where in the CIPSO processing code but setting this to 0 (False) should
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1011) 	result in less work (i.e. it should be faster) but could cause problems
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1012) 	with other implementations that require strict checking.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1013) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1014) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1015) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1016) IP Variables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1017) ============
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1018) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1019) ip_local_port_range - 2 INTEGERS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1020) 	Defines the local port range that is used by TCP and UDP to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1021) 	choose the local port. The first number is the first, the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1022) 	second the last local port number.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1023) 	If possible, it is better these numbers have different parity
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1024) 	(one even and one odd value).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1025) 	Must be greater than or equal to ip_unprivileged_port_start.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1026) 	The default values are 32768 and 60999 respectively.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1027) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1028) ip_local_reserved_ports - list of comma separated ranges
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1029) 	Specify the ports which are reserved for known third-party
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1030) 	applications. These ports will not be used by automatic port
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1031) 	assignments (e.g. when calling connect() or bind() with port
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1032) 	number 0). Explicit port allocation behavior is unchanged.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1033) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1034) 	The format used for both input and output is a comma separated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1035) 	list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1036) 	10). Writing to the file will clear all previously reserved
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1037) 	ports and update the current list with the one given in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1038) 	input.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1039) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1040) 	Note that ip_local_port_range and ip_local_reserved_ports
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1041) 	settings are independent and both are considered by the kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1042) 	when determining which ports are available for automatic port
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1043) 	assignments.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1044) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1045) 	You can reserve ports which are not in the current
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1046) 	ip_local_port_range, e.g.::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1047) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1048) 	    $ cat /proc/sys/net/ipv4/ip_local_port_range
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1049) 	    32000	60999
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1050) 	    $ cat /proc/sys/net/ipv4/ip_local_reserved_ports
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1051) 	    8080,9148
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1052) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1053) 	although this is redundant. However such a setting is useful
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1054) 	if later the port range is changed to a value that will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1055) 	include the reserved ports.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1056) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1057) 	Default: Empty
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1058) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1059) ip_local_unbindable_ports - list of comma separated ranges
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1060) 	Specify the ports which are not directly bind()able.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1061) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1062) 	Usually you would use this to block the use of ports which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1063) 	are invalid due to something outside of the control of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1064) 	kernel.  For example a port stolen by the nic for serial
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1065) 	console, remote power management or debugging.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1066) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1067) 	There's a relatively high chance you will also want to list
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1068) 	these ports in 'ip_local_reserved_ports' to prevent autobinding.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1069) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1070) 	Default: Empty
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1071) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1072) ip_unprivileged_port_start - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1073) 	This is a per-namespace sysctl.  It defines the first
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1074) 	unprivileged port in the network namespace.  Privileged ports
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1075) 	require root or CAP_NET_BIND_SERVICE in order to bind to them.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1076) 	To disable all privileged ports, set this to 0.  They must not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1077) 	overlap with the ip_local_port_range.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1078) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1079) 	Default: 1024
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1080) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1081) ip_nonlocal_bind - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1082) 	If set, allows processes to bind() to non-local IP addresses,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1083) 	which can be quite useful - but may break some applications.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1084) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1085) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1086) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1087) ip_autobind_reuse - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1088) 	By default, bind() does not select the ports automatically even if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1089) 	the new socket and all sockets bound to the port have SO_REUSEADDR.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1090) 	ip_autobind_reuse allows bind() to reuse the port and this is useful
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1091) 	when you use bind()+connect(), but may break some applications.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1092) 	The preferred solution is to use IP_BIND_ADDRESS_NO_PORT and this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1093) 	option should only be set by experts.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1094) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1095) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1096) ip_dynaddr - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1097) 	If set non-zero, enables support for dynamic addresses.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1098) 	If set to a non-zero value larger than 1, a kernel log
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1099) 	message will be printed when dynamic address rewriting
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1100) 	occurs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1101) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1102) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1103) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1104) ip_early_demux - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1105) 	Optimize input packet processing down to one demux for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1106) 	certain kinds of local sockets.  Currently we only do this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1107) 	for established TCP and connected UDP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1108) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1109) 	It may add an additional cost for pure routing workloads that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1110) 	reduces overall throughput, in such case you should disable it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1111) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1112) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1114) ping_group_range - 2 INTEGERS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1115) 	Restrict ICMP_PROTO datagram sockets to users in the group range.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1116) 	The default is "1 0", meaning, that nobody (not even root) may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1117) 	create ping sockets.  Setting it to "100 100" would grant permissions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1118) 	to the single group. "0 4294967295" would enable it for the world, "100
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1119) 	4294967295" would enable it for the users, but not daemons.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1121) tcp_early_demux - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1122) 	Enable early demux for established TCP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1123) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1124) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1125) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1126) udp_early_demux - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1127) 	Enable early demux for connected UDP sockets. Disable this if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1128) 	your system could experience more unconnected load.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1129) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1130) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1131) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1132) icmp_echo_ignore_all - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1133) 	If set non-zero, then the kernel will ignore all ICMP ECHO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1134) 	requests sent to it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1135) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1136) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1137) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1138) icmp_echo_ignore_broadcasts - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1139) 	If set non-zero, then the kernel will ignore all ICMP ECHO and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1140) 	TIMESTAMP requests sent to it via broadcast/multicast.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1141) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1142) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1143) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1144) icmp_ratelimit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1145) 	Limit the maximal rates for sending ICMP packets whose type matches
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1146) 	icmp_ratemask (see below) to specific targets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1147) 	0 to disable any limiting,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1148) 	otherwise the minimal space between responses in milliseconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1149) 	Note that another sysctl, icmp_msgs_per_sec limits the number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1150) 	of ICMP packets	sent on all targets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1151) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1152) 	Default: 1000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1153) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1154) icmp_msgs_per_sec - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1155) 	Limit maximal number of ICMP packets sent per second from this host.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1156) 	Only messages whose type matches icmp_ratemask (see below) are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1157) 	controlled by this limit. For security reasons, the precise count
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1158) 	of messages per second is randomized.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1159) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1160) 	Default: 1000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1161) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1162) icmp_msgs_burst - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1163) 	icmp_msgs_per_sec controls number of ICMP packets sent per second,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1164) 	while icmp_msgs_burst controls the burst size of these packets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1165) 	For security reasons, the precise burst size is randomized.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1166) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1167) 	Default: 50
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1168) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1169) icmp_ratemask - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1170) 	Mask made of ICMP types for which rates are being limited.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1171) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1172) 	Significant bits: IHGFEDCBA9876543210
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1173) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1174) 	Default mask:     0000001100000011000 (6168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1175) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1176) 	Bit definitions (see include/linux/icmp.h):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1177) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1178) 		= =========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1179) 		0 Echo Reply
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1180) 		3 Destination Unreachable [1]_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1181) 		4 Source Quench [1]_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1182) 		5 Redirect
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1183) 		8 Echo Request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1184) 		B Time Exceeded [1]_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1185) 		C Parameter Problem [1]_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1186) 		D Timestamp Request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1187) 		E Timestamp Reply
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1188) 		F Info Request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1189) 		G Info Reply
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1190) 		H Address Mask Request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1191) 		I Address Mask Reply
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1192) 		= =========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1193) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1194) 	.. [1] These are rate limited by default (see default mask above)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1195) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1196) icmp_ignore_bogus_error_responses - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1197) 	Some routers violate RFC1122 by sending bogus responses to broadcast
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1198) 	frames.  Such violations are normally logged via a kernel warning.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1199) 	If this is set to TRUE, the kernel will not give such warnings, which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1200) 	will avoid log file clutter.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1201) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1202) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1203) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1204) icmp_errors_use_inbound_ifaddr - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1205) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1206) 	If zero, icmp error messages are sent with the primary address of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1207) 	the exiting interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1208) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1209) 	If non-zero, the message will be sent with the primary address of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1210) 	the interface that received the packet that caused the icmp error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1211) 	This is the behaviour network many administrators will expect from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1212) 	a router. And it can make debugging complicated network layouts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1213) 	much easier.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1214) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1215) 	Note that if no primary address exists for the interface selected,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1216) 	then the primary address of the first non-loopback interface that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1217) 	has one will be used regardless of this setting.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1218) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1219) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1220) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1221) igmp_max_memberships - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1222) 	Change the maximum number of multicast groups we can subscribe to.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1223) 	Default: 20
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1224) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1225) 	Theoretical maximum value is bounded by having to send a membership
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1226) 	report in a single datagram (i.e. the report can't span multiple
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1227) 	datagrams, or risk confusing the switch and leaving groups you don't
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1228) 	intend to).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1229) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1230) 	The number of supported groups 'M' is bounded by the number of group
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1231) 	report entries you can fit into a single datagram of 65535 bytes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1232) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1233) 	M = 65536-sizeof (ip header)/(sizeof(Group record))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1234) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1235) 	Group records are variable length, with a minimum of 12 bytes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1236) 	So net.ipv4.igmp_max_memberships should not be set higher than:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1237) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1238) 	(65536-24) / 12 = 5459
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1239) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1240) 	The value 5459 assumes no IP header options, so in practice
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1241) 	this number may be lower.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1242) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1243) igmp_max_msf - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1244) 	Maximum number of addresses allowed in the source filter list for a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1245) 	multicast group.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1246) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1247) 	Default: 10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1248) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1249) igmp_qrv - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1250) 	Controls the IGMP query robustness variable (see RFC2236 8.1).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1251) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1252) 	Default: 2 (as specified by RFC2236 8.1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1253) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1254) 	Minimum: 1 (as specified by RFC6636 4.5)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1255) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1256) force_igmp_version - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1257) 	- 0 - (default) No enforcement of a IGMP version, IGMPv1/v2 fallback
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1258) 	  allowed. Will back to IGMPv3 mode again if all IGMPv1/v2 Querier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1259) 	  Present timer expires.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1260) 	- 1 - Enforce to use IGMP version 1. Will also reply IGMPv1 report if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1261) 	  receive IGMPv2/v3 query.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1262) 	- 2 - Enforce to use IGMP version 2. Will fallback to IGMPv1 if receive
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1263) 	  IGMPv1 query message. Will reply report if receive IGMPv3 query.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1264) 	- 3 - Enforce to use IGMP version 3. The same react with default 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1265) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1266) 	.. note::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1267) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1268) 	   this is not the same with force_mld_version because IGMPv3 RFC3376
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1269) 	   Security Considerations does not have clear description that we could
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1270) 	   ignore other version messages completely as MLDv2 RFC3810. So make
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1271) 	   this value as default 0 is recommended.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1272) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1273) ``conf/interface/*``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1274) 	changes special settings per interface (where
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1275) 	interface" is the name of your network interface)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1276) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1277) ``conf/all/*``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1278) 	  is special, changes the settings for all interfaces
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1279) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1280) log_martians - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1281) 	Log packets with impossible addresses to kernel log.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1282) 	log_martians for the interface will be enabled if at least one of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1283) 	conf/{all,interface}/log_martians is set to TRUE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1284) 	it will be disabled otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1285) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1286) accept_redirects - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1287) 	Accept ICMP redirect messages.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1288) 	accept_redirects for the interface will be enabled if:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1289) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1290) 	- both conf/{all,interface}/accept_redirects are TRUE in the case
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1291) 	  forwarding for the interface is enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1292) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1293) 	or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1294) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1295) 	- at least one of conf/{all,interface}/accept_redirects is TRUE in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1296) 	  case forwarding for the interface is disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1297) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1298) 	accept_redirects for the interface will be disabled otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1299) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1300) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1301) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1302) 		- TRUE (host)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1303) 		- FALSE (router)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1304) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1305) forwarding - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1306) 	Enable IP forwarding on this interface.  This controls whether packets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1307) 	received _on_ this interface can be forwarded.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1308) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1309) mc_forwarding - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1310) 	Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1311) 	and a multicast routing daemon is required.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1312) 	conf/all/mc_forwarding must also be set to TRUE to enable multicast
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1313) 	routing	for the interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1314) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1315) medium_id - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1316) 	Integer value used to differentiate the devices by the medium they
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1317) 	are attached to. Two devices can have different id values when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1318) 	the broadcast packets are received only on one of them.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1319) 	The default value 0 means that the device is the only interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1320) 	to its medium, value of -1 means that medium is not known.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1321) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1322) 	Currently, it is used to change the proxy_arp behavior:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1323) 	the proxy_arp feature is enabled for packets forwarded between
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1324) 	two devices attached to different media.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1325) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1326) proxy_arp - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1327) 	Do proxy arp.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1328) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1329) 	proxy_arp for the interface will be enabled if at least one of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1330) 	conf/{all,interface}/proxy_arp is set to TRUE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1331) 	it will be disabled otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1332) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1333) proxy_arp_pvlan - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1334) 	Private VLAN proxy arp.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1335) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1336) 	Basically allow proxy arp replies back to the same interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1337) 	(from which the ARP request/solicitation was received).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1338) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1339) 	This is done to support (ethernet) switch features, like RFC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1340) 	3069, where the individual ports are NOT allowed to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1341) 	communicate with each other, but they are allowed to talk to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1342) 	the upstream router.  As described in RFC 3069, it is possible
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1343) 	to allow these hosts to communicate through the upstream
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1344) 	router by proxy_arp'ing. Don't need to be used together with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1345) 	proxy_arp.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1346) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1347) 	This technology is known by different names:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1348) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1349) 	  In RFC 3069 it is called VLAN Aggregation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1350) 	  Cisco and Allied Telesyn call it Private VLAN.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1351) 	  Hewlett-Packard call it Source-Port filtering or port-isolation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1352) 	  Ericsson call it MAC-Forced Forwarding (RFC Draft).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1353) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1354) shared_media - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1355) 	Send(router) or accept(host) RFC1620 shared media redirects.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1356) 	Overrides secure_redirects.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1357) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1358) 	shared_media for the interface will be enabled if at least one of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1359) 	conf/{all,interface}/shared_media is set to TRUE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1360) 	it will be disabled otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1361) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1362) 	default TRUE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1363) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1364) secure_redirects - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1365) 	Accept ICMP redirect messages only to gateways listed in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1366) 	interface's current gateway list. Even if disabled, RFC1122 redirect
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1367) 	rules still apply.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1368) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1369) 	Overridden by shared_media.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1370) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1371) 	secure_redirects for the interface will be enabled if at least one of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1372) 	conf/{all,interface}/secure_redirects is set to TRUE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1373) 	it will be disabled otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1374) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1375) 	default TRUE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1376) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1377) send_redirects - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1378) 	Send redirects, if router.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1379) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1380) 	send_redirects for the interface will be enabled if at least one of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1381) 	conf/{all,interface}/send_redirects is set to TRUE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1382) 	it will be disabled otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1383) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1384) 	Default: TRUE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1385) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1386) bootp_relay - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1387) 	Accept packets with source address 0.b.c.d destined
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1388) 	not to this host as local ones. It is supposed, that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1389) 	BOOTP relay daemon will catch and forward such packets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1390) 	conf/all/bootp_relay must also be set to TRUE to enable BOOTP relay
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1391) 	for the interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1392) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1393) 	default FALSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1394) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1395) 	Not Implemented Yet.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1396) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1397) accept_source_route - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1398) 	Accept packets with SRR option.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1399) 	conf/all/accept_source_route must also be set to TRUE to accept packets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1400) 	with SRR option on the interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1401) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1402) 	default
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1403) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1404) 		- TRUE (router)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1405) 		- FALSE (host)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1406) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1407) accept_local - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1408) 	Accept packets with local source addresses. In combination with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1409) 	suitable routing, this can be used to direct packets between two
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1410) 	local interfaces over the wire and have them accepted properly.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1411) 	default FALSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1412) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1413) route_localnet - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1414) 	Do not consider loopback addresses as martian source or destination
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1415) 	while routing. This enables the use of 127/8 for local routing purposes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1416) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1417) 	default FALSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1418) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1419) rp_filter - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1420) 	- 0 - No source validation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1421) 	- 1 - Strict mode as defined in RFC3704 Strict Reverse Path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1422) 	  Each incoming packet is tested against the FIB and if the interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1423) 	  is not the best reverse path the packet check will fail.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1424) 	  By default failed packets are discarded.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1425) 	- 2 - Loose mode as defined in RFC3704 Loose Reverse Path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1426) 	  Each incoming packet's source address is also tested against the FIB
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1427) 	  and if the source address is not reachable via any interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1428) 	  the packet check will fail.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1429) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1430) 	Current recommended practice in RFC3704 is to enable strict mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1431) 	to prevent IP spoofing from DDos attacks. If using asymmetric routing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1432) 	or other complicated routing, then loose mode is recommended.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1433) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1434) 	The max value from conf/{all,interface}/rp_filter is used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1435) 	when doing source validation on the {interface}.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1436) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1437) 	Default value is 0. Note that some distributions enable it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1438) 	in startup scripts.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1439) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1440) arp_filter - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1441) 	- 1 - Allows you to have multiple network interfaces on the same
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1442) 	  subnet, and have the ARPs for each interface be answered
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1443) 	  based on whether or not the kernel would route a packet from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1444) 	  the ARP'd IP out that interface (therefore you must use source
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1445) 	  based routing for this to work). In other words it allows control
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1446) 	  of which cards (usually 1) will respond to an arp request.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1447) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1448) 	- 0 - (default) The kernel can respond to arp requests with addresses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1449) 	  from other interfaces. This may seem wrong but it usually makes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1450) 	  sense, because it increases the chance of successful communication.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1451) 	  IP addresses are owned by the complete host on Linux, not by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1452) 	  particular interfaces. Only for more complex setups like load-
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1453) 	  balancing, does this behaviour cause problems.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1454) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1455) 	arp_filter for the interface will be enabled if at least one of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1456) 	conf/{all,interface}/arp_filter is set to TRUE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1457) 	it will be disabled otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1458) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1459) arp_announce - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1460) 	Define different restriction levels for announcing the local
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1461) 	source IP address from IP packets in ARP requests sent on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1462) 	interface:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1463) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1464) 	- 0 - (default) Use any local address, configured on any interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1465) 	- 1 - Try to avoid local addresses that are not in the target's
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1466) 	  subnet for this interface. This mode is useful when target
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1467) 	  hosts reachable via this interface require the source IP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1468) 	  address in ARP requests to be part of their logical network
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1469) 	  configured on the receiving interface. When we generate the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1470) 	  request we will check all our subnets that include the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1471) 	  target IP and will preserve the source address if it is from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1472) 	  such subnet. If there is no such subnet we select source
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1473) 	  address according to the rules for level 2.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1474) 	- 2 - Always use the best local address for this target.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1475) 	  In this mode we ignore the source address in the IP packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1476) 	  and try to select local address that we prefer for talks with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1477) 	  the target host. Such local address is selected by looking
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1478) 	  for primary IP addresses on all our subnets on the outgoing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1479) 	  interface that include the target IP address. If no suitable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1480) 	  local address is found we select the first local address
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1481) 	  we have on the outgoing interface or on all other interfaces,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1482) 	  with the hope we will receive reply for our request and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1483) 	  even sometimes no matter the source IP address we announce.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1484) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1485) 	The max value from conf/{all,interface}/arp_announce is used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1486) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1487) 	Increasing the restriction level gives more chance for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1488) 	receiving answer from the resolved target while decreasing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1489) 	the level announces more valid sender's information.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1490) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1491) arp_ignore - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1492) 	Define different modes for sending replies in response to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1493) 	received ARP requests that resolve local target IP addresses:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1494) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1495) 	- 0 - (default): reply for any local target IP address, configured
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1496) 	  on any interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1497) 	- 1 - reply only if the target IP address is local address
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1498) 	  configured on the incoming interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1499) 	- 2 - reply only if the target IP address is local address
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1500) 	  configured on the incoming interface and both with the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1501) 	  sender's IP address are part from same subnet on this interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1502) 	- 3 - do not reply for local addresses configured with scope host,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1503) 	  only resolutions for global and link addresses are replied
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1504) 	- 4-7 - reserved
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1505) 	- 8 - do not reply for all local addresses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1506) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1507) 	The max value from conf/{all,interface}/arp_ignore is used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1508) 	when ARP request is received on the {interface}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1509) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1510) arp_notify - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1511) 	Define mode for notification of address and device changes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1512) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1513) 	 ==  ==========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1514) 	  0  (default): do nothing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1515) 	  1  Generate gratuitous arp requests when device is brought up
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1516) 	     or hardware address changes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1517) 	 ==  ==========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1518) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1519) arp_accept - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1520) 	Define behavior for gratuitous ARP frames who's IP is not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1521) 	already present in the ARP table:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1522) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1523) 	- 0 - don't create new entries in the ARP table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1524) 	- 1 - create new entries in the ARP table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1525) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1526) 	Both replies and requests type gratuitous arp will trigger the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1527) 	ARP table to be updated, if this setting is on.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1528) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1529) 	If the ARP table already contains the IP address of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1530) 	gratuitous arp frame, the arp table will be updated regardless
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1531) 	if this setting is on or off.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1532) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1533) mcast_solicit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1534) 	The maximum number of multicast probes in INCOMPLETE state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1535) 	when the associated hardware address is unknown.  Defaults
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1536) 	to 3.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1537) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1538) ucast_solicit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1539) 	The maximum number of unicast probes in PROBE state, when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1540) 	the hardware address is being reconfirmed.  Defaults to 3.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1541) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1542) app_solicit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1543) 	The maximum number of probes to send to the user space ARP daemon
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1544) 	via netlink before dropping back to multicast probes (see
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1545) 	mcast_resolicit).  Defaults to 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1546) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1547) mcast_resolicit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1548) 	The maximum number of multicast probes after unicast and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1549) 	app probes in PROBE state.  Defaults to 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1550) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1551) disable_policy - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1552) 	Disable IPSEC policy (SPD) for this interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1553) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1554) disable_xfrm - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1555) 	Disable IPSEC encryption on this interface, whatever the policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1556) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1557) igmpv2_unsolicited_report_interval - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1558) 	The interval in milliseconds in which the next unsolicited
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1559) 	IGMPv1 or IGMPv2 report retransmit will take place.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1560) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1561) 	Default: 10000 (10 seconds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1562) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1563) igmpv3_unsolicited_report_interval - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1564) 	The interval in milliseconds in which the next unsolicited
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1565) 	IGMPv3 report retransmit will take place.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1566) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1567) 	Default: 1000 (1 seconds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1568) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1569) promote_secondaries - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1570) 	When a primary IP address is removed from this interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1571) 	promote a corresponding secondary IP address instead of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1572) 	removing all the corresponding secondary IP addresses.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1573) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1574) drop_unicast_in_l2_multicast - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1575) 	Drop any unicast IP packets that are received in link-layer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1576) 	multicast (or broadcast) frames.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1577) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1578) 	This behavior (for multicast) is actually a SHOULD in RFC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1579) 	1122, but is disabled by default for compatibility reasons.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1580) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1581) 	Default: off (0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1582) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1583) drop_gratuitous_arp - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1584) 	Drop all gratuitous ARP frames, for example if there's a known
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1585) 	good ARP proxy on the network and such frames need not be used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1586) 	(or in the case of 802.11, must not be used to prevent attacks.)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1587) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1588) 	Default: off (0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1589) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1590) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1591) tag - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1592) 	Allows you to write a number, which can be used as required.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1593) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1594) 	Default value is 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1595) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1596) xfrm4_gc_thresh - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1597) 	(Obsolete since linux-4.14)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1598) 	The threshold at which we will start garbage collecting for IPv4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1599) 	destination cache entries.  At twice this value the system will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1600) 	refuse new allocations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1601) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1602) igmp_link_local_mcast_reports - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1603) 	Enable IGMP reports for link local multicast groups in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1604) 	224.0.0.X range.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1605) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1606) 	Default TRUE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1607) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1608) Alexey Kuznetsov.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1609) kuznet@ms2.inr.ac.ru
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1610) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1611) Updated by:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1612) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1613) - Andi Kleen
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1614)   ak@muc.de
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1615) - Nicolas Delon
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1616)   delon.nicolas@wanadoo.fr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1617) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1618) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1619) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1620) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1621) /proc/sys/net/ipv6/* Variables
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1622) ==============================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1623) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1624) IPv6 has no global variables such as tcp_*.  tcp_* settings under ipv4/ also
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1625) apply to IPv6 [XXX?].
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1626) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1627) bindv6only - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1628) 	Default value for IPV6_V6ONLY socket option,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1629) 	which restricts use of the IPv6 socket to IPv6 communication
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1630) 	only.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1631) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1632) 		- TRUE: disable IPv4-mapped address feature
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1633) 		- FALSE: enable IPv4-mapped address feature
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1634) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1635) 	Default: FALSE (as specified in RFC3493)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1636) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1637) flowlabel_consistency - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1638) 	Protect the consistency (and unicity) of flow label.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1639) 	You have to disable it to use IPV6_FL_F_REFLECT flag on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1640) 	flow label manager.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1641) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1642) 	- TRUE: enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1643) 	- FALSE: disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1644) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1645) 	Default: TRUE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1646) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1647) auto_flowlabels - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1648) 	Automatically generate flow labels based on a flow hash of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1649) 	packet. This allows intermediate devices, such as routers, to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1650) 	identify packet flows for mechanisms like Equal Cost Multipath
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1651) 	Routing (see RFC 6438).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1652) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1653) 	=  ===========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1654) 	0  automatic flow labels are completely disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1655) 	1  automatic flow labels are enabled by default, they can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1656) 	   disabled on a per socket basis using the IPV6_AUTOFLOWLABEL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1657) 	   socket option
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1658) 	2  automatic flow labels are allowed, they may be enabled on a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1659) 	   per socket basis using the IPV6_AUTOFLOWLABEL socket option
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1660) 	3  automatic flow labels are enabled and enforced, they cannot
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1661) 	   be disabled by the socket option
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1662) 	=  ===========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1663) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1664) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1665) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1666) flowlabel_state_ranges - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1667) 	Split the flow label number space into two ranges. 0-0x7FFFF is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1668) 	reserved for the IPv6 flow manager facility, 0x80000-0xFFFFF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1669) 	is reserved for stateless flow labels as described in RFC6437.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1670) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1671) 	- TRUE: enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1672) 	- FALSE: disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1673) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1674) 	Default: true
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1675) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1676) flowlabel_reflect - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1677) 	Control flow label reflection. Needed for Path MTU
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1678) 	Discovery to work with Equal Cost Multipath Routing in anycast
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1679) 	environments. See RFC 7690 and:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1680) 	https://tools.ietf.org/html/draft-wang-6man-flow-label-reflection-01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1681) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1682) 	This is a bitmask.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1683) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1684) 	- 1: enabled for established flows
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1685) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1686) 	  Note that this prevents automatic flowlabel changes, as done
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1687) 	  in "tcp: change IPv6 flow-label upon receiving spurious retransmission"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1688) 	  and "tcp: Change txhash on every SYN and RTO retransmit"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1689) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1690) 	- 2: enabled for TCP RESET packets (no active listener)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1691) 	  If set, a RST packet sent in response to a SYN packet on a closed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1692) 	  port will reflect the incoming flow label.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1693) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1694) 	- 4: enabled for ICMPv6 echo reply messages.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1695) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1696) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1697) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1698) fib_multipath_hash_policy - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1699) 	Controls which hash policy to use for multipath routes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1700) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1701) 	Default: 0 (Layer 3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1702) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1703) 	Possible values:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1704) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1705) 	- 0 - Layer 3 (source and destination addresses plus flow label)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1706) 	- 1 - Layer 4 (standard 5-tuple)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1707) 	- 2 - Layer 3 or inner Layer 3 if present
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1708) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1709) anycast_src_echo_reply - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1710) 	Controls the use of anycast addresses as source addresses for ICMPv6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1711) 	echo reply
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1712) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1713) 	- TRUE:  enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1714) 	- FALSE: disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1715) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1716) 	Default: FALSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1717) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1718) idgen_delay - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1719) 	Controls the delay in seconds after which time to retry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1720) 	privacy stable address generation if a DAD conflict is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1721) 	detected.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1722) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1723) 	Default: 1 (as specified in RFC7217)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1724) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1725) idgen_retries - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1726) 	Controls the number of retries to generate a stable privacy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1727) 	address if a DAD conflict is detected.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1728) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1729) 	Default: 3 (as specified in RFC7217)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1730) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1731) mld_qrv - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1732) 	Controls the MLD query robustness variable (see RFC3810 9.1).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1733) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1734) 	Default: 2 (as specified by RFC3810 9.1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1735) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1736) 	Minimum: 1 (as specified by RFC6636 4.5)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1737) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1738) max_dst_opts_number - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1739) 	Maximum number of non-padding TLVs allowed in a Destination
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1740) 	options extension header. If this value is less than zero
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1741) 	then unknown options are disallowed and the number of known
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1742) 	TLVs allowed is the absolute value of this number.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1743) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1744) 	Default: 8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1745) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1746) max_hbh_opts_number - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1747) 	Maximum number of non-padding TLVs allowed in a Hop-by-Hop
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1748) 	options extension header. If this value is less than zero
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1749) 	then unknown options are disallowed and the number of known
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1750) 	TLVs allowed is the absolute value of this number.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1751) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1752) 	Default: 8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1753) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1754) max_dst_opts_length - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1755) 	Maximum length allowed for a Destination options extension
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1756) 	header.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1757) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1758) 	Default: INT_MAX (unlimited)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1759) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1760) max_hbh_length - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1761) 	Maximum length allowed for a Hop-by-Hop options extension
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1762) 	header.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1763) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1764) 	Default: INT_MAX (unlimited)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1765) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1766) skip_notify_on_dev_down - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1767) 	Controls whether an RTM_DELROUTE message is generated for routes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1768) 	removed when a device is taken down or deleted. IPv4 does not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1769) 	generate this message; IPv6 does by default. Setting this sysctl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1770) 	to true skips the message, making IPv4 and IPv6 on par in relying
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1771) 	on userspace caches to track link events and evict routes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1772) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1773) 	Default: false (generate message)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1774) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1775) nexthop_compat_mode - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1776) 	New nexthop API provides a means for managing nexthops independent of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1777) 	prefixes. Backwards compatibilty with old route format is enabled by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1778) 	default which means route dumps and notifications contain the new
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1779) 	nexthop attribute but also the full, expanded nexthop definition.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1780) 	Further, updates or deletes of a nexthop configuration generate route
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1781) 	notifications for each fib entry using the nexthop. Once a system
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1782) 	understands the new API, this sysctl can be disabled to achieve full
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1783) 	performance benefits of the new API by disabling the nexthop expansion
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1784) 	and extraneous notifications.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1785) 	Default: true (backward compat mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1786) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1787) IPv6 Fragmentation:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1788) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1789) ip6frag_high_thresh - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1790) 	Maximum memory used to reassemble IPv6 fragments. When
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1791) 	ip6frag_high_thresh bytes of memory is allocated for this purpose,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1792) 	the fragment handler will toss packets until ip6frag_low_thresh
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1793) 	is reached.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1794) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1795) ip6frag_low_thresh - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1796) 	See ip6frag_high_thresh
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1797) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1798) ip6frag_time - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1799) 	Time in seconds to keep an IPv6 fragment in memory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1800) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1801) IPv6 Segment Routing:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1802) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1803) seg6_flowlabel - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1804) 	Controls the behaviour of computing the flowlabel of outer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1805) 	IPv6 header in case of SR T.encaps
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1806) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1807) 	 == =======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1808) 	 -1  set flowlabel to zero.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1809) 	  0  copy flowlabel from Inner packet in case of Inner IPv6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1810) 	     (Set flowlabel to 0 in case IPv4/L2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1811) 	  1  Compute the flowlabel using seg6_make_flowlabel()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1812) 	 == =======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1813) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1814) 	Default is 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1815) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1816) ``conf/default/*``:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1817) 	Change the interface-specific default settings.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1818) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1819) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1820) ``conf/all/*``:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1821) 	Change all the interface-specific settings.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1822) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1823) 	[XXX:  Other special features than forwarding?]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1824) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1825) conf/all/forwarding - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1826) 	Enable global IPv6 forwarding between all interfaces.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1827) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1828) 	IPv4 and IPv6 work differently here; e.g. netfilter must be used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1829) 	to control which interfaces may forward packets and which not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1830) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1831) 	This also sets all interfaces' Host/Router setting
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1832) 	'forwarding' to the specified value.  See below for details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1833) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1834) 	This referred to as global forwarding.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1835) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1836) proxy_ndp - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1837) 	Do proxy ndp.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1838) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1839) fwmark_reflect - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1840) 	Controls the fwmark of kernel-generated IPv6 reply packets that are not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1841) 	associated with a socket for example, TCP RSTs or ICMPv6 echo replies).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1842) 	If unset, these packets have a fwmark of zero. If set, they have the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1843) 	fwmark of the packet they are replying to.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1844) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1845) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1846) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1847) ``conf/interface/*``:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1848) 	Change special settings per interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1849) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1850) 	The functional behaviour for certain settings is different
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1851) 	depending on whether local forwarding is enabled or not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1852) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1853) accept_ra - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1854) 	Accept Router Advertisements; autoconfigure using them.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1855) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1856) 	It also determines whether or not to transmit Router
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1857) 	Solicitations. If and only if the functional setting is to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1858) 	accept Router Advertisements, Router Solicitations will be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1859) 	transmitted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1860) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1861) 	Possible values are:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1862) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1863) 		==  ===========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1864) 		 0  Do not accept Router Advertisements.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1865) 		 1  Accept Router Advertisements if forwarding is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1866) 		 2  Overrule forwarding behaviour. Accept Router Advertisements
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1867) 		    even if forwarding is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1868) 		==  ===========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1869) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1870) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1871) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1872) 		- enabled if local forwarding is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1873) 		- disabled if local forwarding is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1874) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1875) accept_ra_defrtr - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1876) 	Learn default router in Router Advertisement.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1877) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1878) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1879) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1880) 		- enabled if accept_ra is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1881) 		- disabled if accept_ra is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1882) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1883) accept_ra_from_local - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1884) 	Accept RA with source-address that is found on local machine
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1885) 	if the RA is otherwise proper and able to be accepted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1886) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1887) 	Default is to NOT accept these as it may be an un-intended
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1888) 	network loop.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1889) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1890) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1891) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1892) 	   - enabled if accept_ra_from_local is enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1893) 	     on a specific interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1894) 	   - disabled if accept_ra_from_local is disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1895) 	     on a specific interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1896) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1897) accept_ra_min_hop_limit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1898) 	Minimum hop limit Information in Router Advertisement.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1899) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1900) 	Hop limit Information in Router Advertisement less than this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1901) 	variable shall be ignored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1902) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1903) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1904) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1905) accept_ra_pinfo - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1906) 	Learn Prefix Information in Router Advertisement.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1907) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1908) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1909) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1910) 		- enabled if accept_ra is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1911) 		- disabled if accept_ra is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1912) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1913) accept_ra_rt_info_min_plen - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1914) 	Minimum prefix length of Route Information in RA.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1915) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1916) 	Route Information w/ prefix smaller than this variable shall
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1917) 	be ignored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1918) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1919) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1920) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1921) 		* 0 if accept_ra_rtr_pref is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1922) 		* -1 if accept_ra_rtr_pref is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1923) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1924) accept_ra_rt_info_max_plen - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1925) 	Maximum prefix length of Route Information in RA.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1926) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1927) 	Route Information w/ prefix larger than this variable shall
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1928) 	be ignored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1929) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1930) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1931) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1932) 		* 0 if accept_ra_rtr_pref is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1933) 		* -1 if accept_ra_rtr_pref is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1934) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1935) accept_ra_rtr_pref - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1936) 	Accept Router Preference in RA.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1937) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1938) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1939) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1940) 		- enabled if accept_ra is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1941) 		- disabled if accept_ra is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1942) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1943) accept_ra_mtu - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1944) 	Apply the MTU value specified in RA option 5 (RFC4861). If
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1945) 	disabled, the MTU specified in the RA will be ignored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1946) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1947) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1948) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1949) 		- enabled if accept_ra is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1950) 		- disabled if accept_ra is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1951) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1952) accept_redirects - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1953) 	Accept Redirects.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1954) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1955) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1956) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1957) 		- enabled if local forwarding is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1958) 		- disabled if local forwarding is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1959) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1960) accept_source_route - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1961) 	Accept source routing (routing extension header).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1962) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1963) 	- >= 0: Accept only routing header type 2.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1964) 	- < 0: Do not accept routing header.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1965) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1966) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1967) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1968) autoconf - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1969) 	Autoconfigure addresses using Prefix Information in Router
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1970) 	Advertisements.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1971) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1972) 	Functional default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1973) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1974) 		- enabled if accept_ra_pinfo is enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1975) 		- disabled if accept_ra_pinfo is disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1976) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1977) dad_transmits - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1978) 	The amount of Duplicate Address Detection probes to send.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1979) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1980) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1981) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1982) forwarding - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1983) 	Configure interface-specific Host/Router behaviour.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1984) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1985) 	.. note::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1986) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1987) 	   It is recommended to have the same setting on all
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1988) 	   interfaces; mixed router/host scenarios are rather uncommon.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1989) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1990) 	Possible values are:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1991) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1992) 		- 0 Forwarding disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1993) 		- 1 Forwarding enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1994) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1995) 	**FALSE (0)**:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1996) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1997) 	By default, Host behaviour is assumed.  This means:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1998) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1999) 	1. IsRouter flag is not set in Neighbour Advertisements.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2000) 	2. If accept_ra is TRUE (default), transmit Router
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2001) 	   Solicitations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2002) 	3. If accept_ra is TRUE (default), accept Router
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2003) 	   Advertisements (and do autoconfiguration).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2004) 	4. If accept_redirects is TRUE (default), accept Redirects.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2005) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2006) 	**TRUE (1)**:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2007) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2008) 	If local forwarding is enabled, Router behaviour is assumed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2009) 	This means exactly the reverse from the above:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2010) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2011) 	1. IsRouter flag is set in Neighbour Advertisements.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2012) 	2. Router Solicitations are not sent unless accept_ra is 2.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2013) 	3. Router Advertisements are ignored unless accept_ra is 2.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2014) 	4. Redirects are ignored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2015) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2016) 	Default: 0 (disabled) if global forwarding is disabled (default),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2017) 	otherwise 1 (enabled).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2018) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2019) hop_limit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2020) 	Default Hop Limit to set.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2021) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2022) 	Default: 64
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2023) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2024) mtu - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2025) 	Default Maximum Transfer Unit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2026) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2027) 	Default: 1280 (IPv6 required minimum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2028) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2029) ip_nonlocal_bind - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2030) 	If set, allows processes to bind() to non-local IPv6 addresses,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2031) 	which can be quite useful - but may break some applications.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2032) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2033) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2034) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2035) router_probe_interval - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2036) 	Minimum interval (in seconds) between Router Probing described
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2037) 	in RFC4191.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2038) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2039) 	Default: 60
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2040) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2041) router_solicitation_delay - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2042) 	Number of seconds to wait after interface is brought up
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2043) 	before sending Router Solicitations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2044) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2045) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2046) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2047) router_solicitation_interval - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2048) 	Number of seconds to wait between Router Solicitations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2049) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2050) 	Default: 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2051) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2052) router_solicitations - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2053) 	Number of Router Solicitations to send until assuming no
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2054) 	routers are present.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2055) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2056) 	Default: 3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2057) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2058) use_oif_addrs_only - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2059) 	When enabled, the candidate source addresses for destinations
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2060) 	routed via this interface are restricted to the set of addresses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2061) 	configured on this interface (vis. RFC 6724, section 4).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2062) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2063) 	Default: false
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2064) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2065) use_tempaddr - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2066) 	Preference for Privacy Extensions (RFC3041).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2067) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2068) 	  * <= 0 : disable Privacy Extensions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2069) 	  * == 1 : enable Privacy Extensions, but prefer public
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2070) 	    addresses over temporary addresses.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2071) 	  * >  1 : enable Privacy Extensions and prefer temporary
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2072) 	    addresses over public addresses.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2073) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2074) 	Default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2075) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2076) 		* 0 (for most devices)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2077) 		* -1 (for point-to-point devices and loopback devices)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2078) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2079) temp_valid_lft - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2080) 	valid lifetime (in seconds) for temporary addresses.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2081) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2082) 	Default: 172800 (2 days)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2083) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2084) temp_prefered_lft - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2085) 	Preferred lifetime (in seconds) for temporary addresses.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2086) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2087) 	Default: 86400 (1 day)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2088) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2089) keep_addr_on_down - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2090) 	Keep all IPv6 addresses on an interface down event. If set static
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2091) 	global addresses with no expiration time are not flushed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2092) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2093) 	*   >0 : enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2094) 	*    0 : system default
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2095) 	*   <0 : disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2096) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2097) 	Default: 0 (addresses are removed)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2098) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2099) max_desync_factor - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2100) 	Maximum value for DESYNC_FACTOR, which is a random value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2101) 	that ensures that clients don't synchronize with each
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2102) 	other and generate new addresses at exactly the same time.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2103) 	value is in seconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2104) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2105) 	Default: 600
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2106) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2107) regen_max_retry - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2108) 	Number of attempts before give up attempting to generate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2109) 	valid temporary addresses.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2110) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2111) 	Default: 5
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2112) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2113) max_addresses - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2114) 	Maximum number of autoconfigured addresses per interface.  Setting
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2115) 	to zero disables the limitation.  It is not recommended to set this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2116) 	value too large (or to zero) because it would be an easy way to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2117) 	crash the kernel by allowing too many addresses to be created.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2118) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2119) 	Default: 16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2121) disable_ipv6 - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2122) 	Disable IPv6 operation.  If accept_dad is set to 2, this value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2123) 	will be dynamically set to TRUE if DAD fails for the link-local
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2124) 	address.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2125) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2126) 	Default: FALSE (enable IPv6 operation)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2127) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2128) 	When this value is changed from 1 to 0 (IPv6 is being enabled),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2129) 	it will dynamically create a link-local address on the given
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2130) 	interface and start Duplicate Address Detection, if necessary.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2131) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2132) 	When this value is changed from 0 to 1 (IPv6 is being disabled),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2133) 	it will dynamically delete all addresses and routes on the given
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2134) 	interface. From now on it will not possible to add addresses/routes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2135) 	to the selected interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2136) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2137) accept_dad - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2138) 	Whether to accept DAD (Duplicate Address Detection).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2139) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2140) 	 == ==============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2141) 	  0  Disable DAD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2142) 	  1  Enable DAD (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2143) 	  2  Enable DAD, and disable IPv6 operation if MAC-based duplicate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2144) 	     link-local address has been found.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2145) 	 == ==============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2146) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2147) 	DAD operation and mode on a given interface will be selected according
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2148) 	to the maximum value of conf/{all,interface}/accept_dad.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2149) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2150) force_tllao - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2151) 	Enable sending the target link-layer address option even when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2152) 	responding to a unicast neighbor solicitation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2153) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2154) 	Default: FALSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2155) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2156) 	Quoting from RFC 2461, section 4.4, Target link-layer address:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2157) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2158) 	"The option MUST be included for multicast solicitations in order to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2159) 	avoid infinite Neighbor Solicitation "recursion" when the peer node
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2160) 	does not have a cache entry to return a Neighbor Advertisements
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2161) 	message.  When responding to unicast solicitations, the option can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2162) 	omitted since the sender of the solicitation has the correct link-
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2163) 	layer address; otherwise it would not have be able to send the unicast
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2164) 	solicitation in the first place. However, including the link-layer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2165) 	address in this case adds little overhead and eliminates a potential
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2166) 	race condition where the sender deletes the cached link-layer address
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2167) 	prior to receiving a response to a previous solicitation."
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2168) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2169) ndisc_notify - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2170) 	Define mode for notification of address and device changes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2171) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2172) 	* 0 - (default): do nothing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2173) 	* 1 - Generate unsolicited neighbour advertisements when device is brought
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2174) 	  up or hardware address changes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2175) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2176) ndisc_tclass - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2177) 	The IPv6 Traffic Class to use by default when sending IPv6 Neighbor
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2178) 	Discovery (Router Solicitation, Router Advertisement, Neighbor
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2179) 	Solicitation, Neighbor Advertisement, Redirect) messages.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2180) 	These 8 bits can be interpreted as 6 high order bits holding the DSCP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2181) 	value and 2 low order bits representing ECN (which you probably want
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2182) 	to leave cleared).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2183) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2184) 	* 0 - (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2185) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2186) mldv1_unsolicited_report_interval - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2187) 	The interval in milliseconds in which the next unsolicited
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2188) 	MLDv1 report retransmit will take place.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2189) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2190) 	Default: 10000 (10 seconds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2191) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2192) mldv2_unsolicited_report_interval - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2193) 	The interval in milliseconds in which the next unsolicited
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2194) 	MLDv2 report retransmit will take place.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2195) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2196) 	Default: 1000 (1 second)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2197) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2198) force_mld_version - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2199) 	* 0 - (default) No enforcement of a MLD version, MLDv1 fallback allowed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2200) 	* 1 - Enforce to use MLD version 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2201) 	* 2 - Enforce to use MLD version 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2202) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2203) suppress_frag_ndisc - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2204) 	Control RFC 6980 (Security Implications of IPv6 Fragmentation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2205) 	with IPv6 Neighbor Discovery) behavior:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2206) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2207) 	* 1 - (default) discard fragmented neighbor discovery packets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2208) 	* 0 - allow fragmented neighbor discovery packets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2209) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2210) optimistic_dad - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2211) 	Whether to perform Optimistic Duplicate Address Detection (RFC 4429).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2212) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2213) 	* 0: disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2214) 	* 1: enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2215) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2216) 	Optimistic Duplicate Address Detection for the interface will be enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2217) 	if at least one of conf/{all,interface}/optimistic_dad is set to 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2218) 	it will be disabled otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2219) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2220) use_optimistic - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2221) 	If enabled, do not classify optimistic addresses as deprecated during
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2222) 	source address selection.  Preferred addresses will still be chosen
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2223) 	before optimistic addresses, subject to other ranking in the source
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2224) 	address selection algorithm.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2225) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2226) 	* 0: disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2227) 	* 1: enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2228) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2229) 	This will be enabled if at least one of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2230) 	conf/{all,interface}/use_optimistic is set to 1, disabled otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2231) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2232) stable_secret - IPv6 address
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2233) 	This IPv6 address will be used as a secret to generate IPv6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2234) 	addresses for link-local addresses and autoconfigured
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2235) 	ones. All addresses generated after setting this secret will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2236) 	be stable privacy ones by default. This can be changed via the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2237) 	addrgenmode ip-link. conf/default/stable_secret is used as the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2238) 	secret for the namespace, the interface specific ones can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2239) 	overwrite that. Writes to conf/all/stable_secret are refused.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2240) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2241) 	It is recommended to generate this secret during installation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2242) 	of a system and keep it stable after that.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2243) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2244) 	By default the stable secret is unset.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2245) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2246) addr_gen_mode - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2247) 	Defines how link-local and autoconf addresses are generated.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2248) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2249) 	=  =================================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2250) 	0  generate address based on EUI64 (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2251) 	1  do no generate a link-local address, use EUI64 for addresses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2252) 	   generated from autoconf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2253) 	2  generate stable privacy addresses, using the secret from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2254) 	   stable_secret (RFC7217)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2255) 	3  generate stable privacy addresses, using a random secret if unset
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2256) 	=  =================================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2257) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2258) drop_unicast_in_l2_multicast - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2259) 	Drop any unicast IPv6 packets that are received in link-layer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2260) 	multicast (or broadcast) frames.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2261) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2262) 	By default this is turned off.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2263) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2264) drop_unsolicited_na - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2265) 	Drop all unsolicited neighbor advertisements, for example if there's
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2266) 	a known good NA proxy on the network and such frames need not be used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2267) 	(or in the case of 802.11, must not be used to prevent attacks.)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2268) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2269) 	By default this is turned off.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2270) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2271) enhanced_dad - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2272) 	Include a nonce option in the IPv6 neighbor solicitation messages used for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2273) 	duplicate address detection per RFC7527. A received DAD NS will only signal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2274) 	a duplicate address if the nonce is different. This avoids any false
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2275) 	detection of duplicates due to loopback of the NS messages that we send.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2276) 	The nonce option will be sent on an interface unless both of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2277) 	conf/{all,interface}/enhanced_dad are set to FALSE.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2278) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2279) 	Default: TRUE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2280) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2281) ``icmp/*``:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2282) ===========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2283) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2284) ratelimit - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2285) 	Limit the maximal rates for sending ICMPv6 messages.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2286) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2287) 	0 to disable any limiting,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2288) 	otherwise the minimal space between responses in milliseconds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2289) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2290) 	Default: 1000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2291) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2292) ratemask - list of comma separated ranges
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2293) 	For ICMPv6 message types matching the ranges in the ratemask, limit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2294) 	the sending of the message according to ratelimit parameter.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2295) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2296) 	The format used for both input and output is a comma separated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2297) 	list of ranges (e.g. "0-127,129" for ICMPv6 message type 0 to 127 and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2298) 	129). Writing to the file will clear all previous ranges of ICMPv6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2299) 	message types and update the current list with the input.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2300) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2301) 	Refer to: https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2302) 	for numerical values of ICMPv6 message types, e.g. echo request is 128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2303) 	and echo reply is 129.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2304) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2305) 	Default: 0-1,3-127 (rate limit ICMPv6 errors except Packet Too Big)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2306) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2307) echo_ignore_all - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2308) 	If set non-zero, then the kernel will ignore all ICMP ECHO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2309) 	requests sent to it over the IPv6 protocol.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2310) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2311) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2312) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2313) echo_ignore_multicast - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2314) 	If set non-zero, then the kernel will ignore all ICMP ECHO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2315) 	requests sent to it over the IPv6 protocol via multicast.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2316) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2317) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2318) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2319) echo_ignore_anycast - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2320) 	If set non-zero, then the kernel will ignore all ICMP ECHO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2321) 	requests sent to it over the IPv6 protocol destined to anycast address.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2322) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2323) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2324) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2325) xfrm6_gc_thresh - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2326) 	(Obsolete since linux-4.14)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2327) 	The threshold at which we will start garbage collecting for IPv6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2328) 	destination cache entries.  At twice this value the system will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2329) 	refuse new allocations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2330) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2331) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2332) IPv6 Update by:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2333) Pekka Savola <pekkas@netcore.fi>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2334) YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2335) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2336) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2337) /proc/sys/net/bridge/* Variables:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2338) =================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2339) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2340) bridge-nf-call-arptables - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2341) 	- 1 : pass bridged ARP traffic to arptables' FORWARD chain.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2342) 	- 0 : disable this.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2343) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2344) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2345) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2346) bridge-nf-call-iptables - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2347) 	- 1 : pass bridged IPv4 traffic to iptables' chains.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2348) 	- 0 : disable this.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2349) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2350) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2351) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2352) bridge-nf-call-ip6tables - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2353) 	- 1 : pass bridged IPv6 traffic to ip6tables' chains.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2354) 	- 0 : disable this.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2355) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2356) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2357) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2358) bridge-nf-filter-vlan-tagged - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2359) 	- 1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2360) 	- 0 : disable this.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2361) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2362) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2363) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2364) bridge-nf-filter-pppoe-tagged - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2365) 	- 1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2366) 	- 0 : disable this.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2367) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2368) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2369) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2370) bridge-nf-pass-vlan-input-dev - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2371) 	- 1: if bridge-nf-filter-vlan-tagged is enabled, try to find a vlan
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2372) 	  interface on the bridge and set the netfilter input device to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2373) 	  vlan. This allows use of e.g. "iptables -i br0.1" and makes the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2374) 	  REDIRECT target work with vlan-on-top-of-bridge interfaces.  When no
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2375) 	  matching vlan interface is found, or this switch is off, the input
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2376) 	  device is set to the bridge interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2377) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2378) 	- 0: disable bridge netfilter vlan interface lookup.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2379) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2380) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2381) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2382) ``proc/sys/net/sctp/*`` Variables:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2383) ==================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2384) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2385) addip_enable - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2386) 	Enable or disable extension of  Dynamic Address Reconfiguration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2387) 	(ADD-IP) functionality specified in RFC5061.  This extension provides
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2388) 	the ability to dynamically add and remove new addresses for the SCTP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2389) 	associations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2390) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2391) 	1: Enable extension.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2392) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2393) 	0: Disable extension.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2394) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2395) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2396) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2397) pf_enable - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2398) 	Enable or disable pf (pf is short for potentially failed) state. A value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2399) 	of pf_retrans > path_max_retrans also disables pf state. That is, one of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2400) 	both pf_enable and pf_retrans > path_max_retrans can disable pf state.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2401) 	Since pf_retrans and path_max_retrans can be changed by userspace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2402) 	application, sometimes user expects to disable pf state by the value of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2403) 	pf_retrans > path_max_retrans, but occasionally the value of pf_retrans
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2404) 	or path_max_retrans is changed by the user application, this pf state is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2405) 	enabled. As such, it is necessary to add this to dynamically enable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2406) 	and disable pf state. See:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2407) 	https://datatracker.ietf.org/doc/draft-ietf-tsvwg-sctp-failover for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2408) 	details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2409) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2410) 	1: Enable pf.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2411) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2412) 	0: Disable pf.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2413) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2414) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2415) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2416) pf_expose - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2417) 	Unset or enable/disable pf (pf is short for potentially failed) state
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2418) 	exposure.  Applications can control the exposure of the PF path state
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2419) 	in the SCTP_PEER_ADDR_CHANGE event and the SCTP_GET_PEER_ADDR_INFO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2420) 	sockopt.   When it's unset, no SCTP_PEER_ADDR_CHANGE event with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2421) 	SCTP_ADDR_PF state will be sent and a SCTP_PF-state transport info
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2422) 	can be got via SCTP_GET_PEER_ADDR_INFO sockopt;  When it's enabled,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2423) 	a SCTP_PEER_ADDR_CHANGE event will be sent for a transport becoming
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2424) 	SCTP_PF state and a SCTP_PF-state transport info can be got via
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2425) 	SCTP_GET_PEER_ADDR_INFO sockopt;  When it's diabled, no
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2426) 	SCTP_PEER_ADDR_CHANGE event will be sent and it returns -EACCES when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2427) 	trying to get a SCTP_PF-state transport info via SCTP_GET_PEER_ADDR_INFO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2428) 	sockopt.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2429) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2430) 	0: Unset pf state exposure, Compatible with old applications.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2431) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2432) 	1: Disable pf state exposure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2433) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2434) 	2: Enable pf state exposure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2435) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2436) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2437) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2438) addip_noauth_enable - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2439) 	Dynamic Address Reconfiguration (ADD-IP) requires the use of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2440) 	authentication to protect the operations of adding or removing new
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2441) 	addresses.  This requirement is mandated so that unauthorized hosts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2442) 	would not be able to hijack associations.  However, older
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2443) 	implementations may not have implemented this requirement while
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2444) 	allowing the ADD-IP extension.  For reasons of interoperability,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2445) 	we provide this variable to control the enforcement of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2446) 	authentication requirement.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2447) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2448) 	== ===============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2449) 	1  Allow ADD-IP extension to be used without authentication.  This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2450) 	   should only be set in a closed environment for interoperability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2451) 	   with older implementations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2452) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2453) 	0  Enforce the authentication requirement
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2454) 	== ===============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2455) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2456) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2457) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2458) auth_enable - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2459) 	Enable or disable Authenticated Chunks extension.  This extension
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2460) 	provides the ability to send and receive authenticated chunks and is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2461) 	required for secure operation of Dynamic Address Reconfiguration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2462) 	(ADD-IP) extension.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2463) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2464) 	- 1: Enable this extension.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2465) 	- 0: Disable this extension.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2466) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2467) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2468) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2469) prsctp_enable - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2470) 	Enable or disable the Partial Reliability extension (RFC3758) which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2471) 	is used to notify peers that a given DATA should no longer be expected.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2472) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2473) 	- 1: Enable extension
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2474) 	- 0: Disable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2475) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2476) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2477) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2478) max_burst - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2479) 	The limit of the number of new packets that can be initially sent.  It
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2480) 	controls how bursty the generated traffic can be.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2481) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2482) 	Default: 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2483) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2484) association_max_retrans - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2485) 	Set the maximum number for retransmissions that an association can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2486) 	attempt deciding that the remote end is unreachable.  If this value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2487) 	is exceeded, the association is terminated.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2488) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2489) 	Default: 10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2490) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2491) max_init_retransmits - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2492) 	The maximum number of retransmissions of INIT and COOKIE-ECHO chunks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2493) 	that an association will attempt before declaring the destination
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2494) 	unreachable and terminating.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2495) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2496) 	Default: 8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2497) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2498) path_max_retrans - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2499) 	The maximum number of retransmissions that will be attempted on a given
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2500) 	path.  Once this threshold is exceeded, the path is considered
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2501) 	unreachable, and new traffic will use a different path when the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2502) 	association is multihomed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2503) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2504) 	Default: 5
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2505) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2506) pf_retrans - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2507) 	The number of retransmissions that will be attempted on a given path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2508) 	before traffic is redirected to an alternate transport (should one
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2509) 	exist).  Note this is distinct from path_max_retrans, as a path that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2510) 	passes the pf_retrans threshold can still be used.  Its only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2511) 	deprioritized when a transmission path is selected by the stack.  This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2512) 	setting is primarily used to enable fast failover mechanisms without
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2513) 	having to reduce path_max_retrans to a very low value.  See:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2514) 	http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2515) 	for details.  Note also that a value of pf_retrans > path_max_retrans
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2516) 	disables this feature. Since both pf_retrans and path_max_retrans can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2517) 	be changed by userspace application, a variable pf_enable is used to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2518) 	disable pf state.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2519) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2520) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2521) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2522) ps_retrans - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2523) 	Primary.Switchover.Max.Retrans (PSMR), it's a tunable parameter coming
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2524) 	from section-5 "Primary Path Switchover" in rfc7829.  The primary path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2525) 	will be changed to another active path when the path error counter on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2526) 	the old primary path exceeds PSMR, so that "the SCTP sender is allowed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2527) 	to continue data transmission on a new working path even when the old
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2528) 	primary destination address becomes active again".   Note this feature
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2529) 	is disabled by initializing 'ps_retrans' per netns as 0xffff by default,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2530) 	and its value can't be less than 'pf_retrans' when changing by sysctl.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2531) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2532) 	Default: 0xffff
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2533) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2534) rto_initial - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2535) 	The initial round trip timeout value in milliseconds that will be used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2536) 	in calculating round trip times.  This is the initial time interval
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2537) 	for retransmissions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2538) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2539) 	Default: 3000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2540) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2541) rto_max - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2542) 	The maximum value (in milliseconds) of the round trip timeout.  This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2543) 	is the largest time interval that can elapse between retransmissions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2544) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2545) 	Default: 60000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2546) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2547) rto_min - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2548) 	The minimum value (in milliseconds) of the round trip timeout.  This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2549) 	is the smallest time interval the can elapse between retransmissions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2550) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2551) 	Default: 1000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2552) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2553) hb_interval - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2554) 	The interval (in milliseconds) between HEARTBEAT chunks.  These chunks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2555) 	are sent at the specified interval on idle paths to probe the state of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2556) 	a given path between 2 associations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2557) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2558) 	Default: 30000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2559) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2560) sack_timeout - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2561) 	The amount of time (in milliseconds) that the implementation will wait
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2562) 	to send a SACK.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2563) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2564) 	Default: 200
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2565) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2566) valid_cookie_life - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2567) 	The default lifetime of the SCTP cookie (in milliseconds).  The cookie
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2568) 	is used during association establishment.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2569) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2570) 	Default: 60000
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2571) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2572) cookie_preserve_enable - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2573) 	Enable or disable the ability to extend the lifetime of the SCTP cookie
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2574) 	that is used during the establishment phase of SCTP association
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2575) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2576) 	- 1: Enable cookie lifetime extension.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2577) 	- 0: Disable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2578) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2579) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2580) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2581) cookie_hmac_alg - STRING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2582) 	Select the hmac algorithm used when generating the cookie value sent by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2583) 	a listening sctp socket to a connecting client in the INIT-ACK chunk.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2584) 	Valid values are:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2585) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2586) 	* md5
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2587) 	* sha1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2588) 	* none
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2589) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2590) 	Ability to assign md5 or sha1 as the selected alg is predicated on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2591) 	configuration of those algorithms at build time (CONFIG_CRYPTO_MD5 and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2592) 	CONFIG_CRYPTO_SHA1).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2593) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2594) 	Default: Dependent on configuration.  MD5 if available, else SHA1 if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2595) 	available, else none.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2596) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2597) rcvbuf_policy - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2598) 	Determines if the receive buffer is attributed to the socket or to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2599) 	association.   SCTP supports the capability to create multiple
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2600) 	associations on a single socket.  When using this capability, it is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2601) 	possible that a single stalled association that's buffering a lot
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2602) 	of data may block other associations from delivering their data by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2603) 	consuming all of the receive buffer space.  To work around this,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2604) 	the rcvbuf_policy could be set to attribute the receiver buffer space
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2605) 	to each association instead of the socket.  This prevents the described
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2606) 	blocking.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2607) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2608) 	- 1: rcvbuf space is per association
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2609) 	- 0: rcvbuf space is per socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2610) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2611) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2612) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2613) sndbuf_policy - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2614) 	Similar to rcvbuf_policy above, this applies to send buffer space.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2615) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2616) 	- 1: Send buffer is tracked per association
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2617) 	- 0: Send buffer is tracked per socket.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2618) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2619) 	Default: 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2620) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2621) sctp_mem - vector of 3 INTEGERs: min, pressure, max
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2622) 	Number of pages allowed for queueing by all SCTP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2623) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2624) 	min: Below this number of pages SCTP is not bothered about its
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2625) 	memory appetite. When amount of memory allocated by SCTP exceeds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2626) 	this number, SCTP starts to moderate memory usage.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2627) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2628) 	pressure: This value was introduced to follow format of tcp_mem.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2629) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2630) 	max: Number of pages allowed for queueing by all SCTP sockets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2631) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2632) 	Default is calculated at boot time from amount of available memory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2633) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2634) sctp_rmem - vector of 3 INTEGERs: min, default, max
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2635) 	Only the first value ("min") is used, "default" and "max" are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2636) 	ignored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2637) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2638) 	min: Minimal size of receive buffer used by SCTP socket.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2639) 	It is guaranteed to each SCTP socket (but not association) even
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2640) 	under moderate memory pressure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2641) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2642) 	Default: 4K
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2643) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2644) sctp_wmem  - vector of 3 INTEGERs: min, default, max
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2645) 	Currently this tunable has no effect.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2646) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2647) addr_scope_policy - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2648) 	Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2649) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2650) 	- 0   - Disable IPv4 address scoping
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2651) 	- 1   - Enable IPv4 address scoping
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2652) 	- 2   - Follow draft but allow IPv4 private addresses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2653) 	- 3   - Follow draft but allow IPv4 link local addresses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2654) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2655) 	Default: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2656) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2657) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2658) ``/proc/sys/net/core/*``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2659) ========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2660) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2661) 	Please see: Documentation/admin-guide/sysctl/net.rst for descriptions of these entries.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2662) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2663) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2664) ``/proc/sys/net/unix/*``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2665) ========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2666) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2667) max_dgram_qlen - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2668) 	The maximum length of dgram socket receive queue
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2669) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2670) 	Default: 10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2671)