[NET] ip-sysctl.txt: Alphabetize.
Rearrange TCP entries in alpha order. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
35bfbc9407
commit
ef56e622c6
@ -101,6 +101,11 @@ inet_peer_gc_maxtime - INTEGER
|
||||
|
||||
TCP variables:
|
||||
|
||||
somaxconn - INTEGER
|
||||
Limit of socket listen() backlog, known in userspace as SOMAXCONN.
|
||||
Defaults to 128. See also tcp_max_syn_backlog for additional tuning
|
||||
for TCP sockets.
|
||||
|
||||
tcp_abc - INTEGER
|
||||
Controls Appropriate Byte Count (ABC) defined in RFC3465.
|
||||
ABC is a way of increasing congestion window (cwnd) more slowly
|
||||
@ -112,15 +117,68 @@ tcp_abc - INTEGER
|
||||
of two segments to compensate for delayed acknowledgments.
|
||||
Default: 0 (off)
|
||||
|
||||
tcp_syn_retries - INTEGER
|
||||
Number of times initial SYNs for an active TCP connection attempt
|
||||
will be retransmitted. Should not be higher than 255. Default value
|
||||
is 5, which corresponds to ~180seconds.
|
||||
tcp_abort_on_overflow - BOOLEAN
|
||||
If listening service is too slow to accept new connections,
|
||||
reset them. Default state is FALSE. It means that if overflow
|
||||
occurred due to a burst, connection will recover. Enable this
|
||||
option _only_ if you are really sure that listening daemon
|
||||
cannot be tuned to accept connections faster. Enabling this
|
||||
option can harm clients of your server.
|
||||
|
||||
tcp_synack_retries - INTEGER
|
||||
Number of times SYNACKs for a passive TCP connection attempt will
|
||||
be retransmitted. Should not be higher than 255. Default value
|
||||
is 5, which corresponds to ~180seconds.
|
||||
tcp_adv_win_scale - INTEGER
|
||||
Count buffering overhead as bytes/2^tcp_adv_win_scale
|
||||
(if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
|
||||
if it is <= 0.
|
||||
Default: 2
|
||||
|
||||
tcp_allowed_congestion_control - STRING
|
||||
Show/set the congestion control choices available to non-privileged
|
||||
processes. The list is a subset of those listed in
|
||||
tcp_available_congestion_control.
|
||||
Default is "reno" and the default setting (tcp_congestion_control).
|
||||
|
||||
tcp_app_win - INTEGER
|
||||
Reserve max(window/2^tcp_app_win, mss) of window for application
|
||||
buffer. Value 0 is special, it means that nothing is reserved.
|
||||
Default: 31
|
||||
|
||||
tcp_available_congestion_control - STRING
|
||||
Shows the available congestion control choices that are registered.
|
||||
More congestion control algorithms may be available as modules,
|
||||
but not loaded.
|
||||
|
||||
tcp_congestion_control - STRING
|
||||
Set the congestion control algorithm to be used for new
|
||||
connections. The algorithm "reno" is always available, but
|
||||
additional choices may be available based on kernel configuration.
|
||||
Default is set as part of kernel configuration.
|
||||
|
||||
tcp_dsack - BOOLEAN
|
||||
Allows TCP to send "duplicate" SACKs.
|
||||
|
||||
tcp_ecn - BOOLEAN
|
||||
Enable Explicit Congestion Notification in TCP.
|
||||
|
||||
tcp_fack - BOOLEAN
|
||||
Enable FACK congestion avoidance and fast retransmission.
|
||||
The value is not used, if tcp_sack is not enabled.
|
||||
|
||||
tcp_fin_timeout - INTEGER
|
||||
Time to hold socket in state FIN-WAIT-2, if it was closed
|
||||
by our side. Peer can be broken and never close its side,
|
||||
or even died unexpectedly. Default value is 60sec.
|
||||
Usual value used in 2.2 was 180 seconds, you may restore
|
||||
it, but remember that if your machine is even underloaded WEB server,
|
||||
you risk to overflow memory with kilotons of dead sockets,
|
||||
FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1,
|
||||
because they eat maximum 1.5K of memory, but they tend
|
||||
to live longer. Cf. tcp_max_orphans.
|
||||
|
||||
tcp_frto - BOOLEAN
|
||||
Enables F-RTO, an enhanced recovery algorithm for TCP retransmission
|
||||
timeouts. It is particularly beneficial in wireless environments
|
||||
where packet loss is typically due to random radio interference
|
||||
rather than intermediate router congestion.
|
||||
|
||||
tcp_keepalive_time - INTEGER
|
||||
How often TCP sends out keepalive messages when keepalive is enabled.
|
||||
@ -136,54 +194,13 @@ tcp_keepalive_intvl - INTEGER
|
||||
after probes started. Default value: 75sec i.e. connection
|
||||
will be aborted after ~11 minutes of retries.
|
||||
|
||||
tcp_retries1 - INTEGER
|
||||
How many times to retry before deciding that something is wrong
|
||||
and it is necessary to report this suspicion to network layer.
|
||||
Minimal RFC value is 3, it is default, which corresponds
|
||||
to ~3sec-8min depending on RTO.
|
||||
|
||||
tcp_retries2 - INTEGER
|
||||
How may times to retry before killing alive TCP connection.
|
||||
RFC1122 says that the limit should be longer than 100 sec.
|
||||
It is too small number. Default value 15 corresponds to ~13-30min
|
||||
depending on RTO.
|
||||
|
||||
tcp_orphan_retries - INTEGER
|
||||
How may times to retry before killing TCP connection, closed
|
||||
by our side. Default value 7 corresponds to ~50sec-16min
|
||||
depending on RTO. If you machine is loaded WEB server,
|
||||
you should think about lowering this value, such sockets
|
||||
may consume significant resources. Cf. tcp_max_orphans.
|
||||
|
||||
tcp_fin_timeout - INTEGER
|
||||
Time to hold socket in state FIN-WAIT-2, if it was closed
|
||||
by our side. Peer can be broken and never close its side,
|
||||
or even died unexpectedly. Default value is 60sec.
|
||||
Usual value used in 2.2 was 180 seconds, you may restore
|
||||
it, but remember that if your machine is even underloaded WEB server,
|
||||
you risk to overflow memory with kilotons of dead sockets,
|
||||
FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1,
|
||||
because they eat maximum 1.5K of memory, but they tend
|
||||
to live longer. Cf. tcp_max_orphans.
|
||||
|
||||
tcp_max_tw_buckets - INTEGER
|
||||
Maximal number of timewait sockets held by system simultaneously.
|
||||
If this number is exceeded time-wait socket is immediately destroyed
|
||||
and warning is printed. This limit exists only to prevent
|
||||
simple DoS attacks, you _must_ not lower the limit artificially,
|
||||
but rather increase it (probably, after increasing installed memory),
|
||||
if network conditions require more than default value.
|
||||
|
||||
tcp_tw_recycle - BOOLEAN
|
||||
Enable fast recycling TIME-WAIT sockets. Default value is 0.
|
||||
It should not be changed without advice/request of technical
|
||||
experts.
|
||||
|
||||
tcp_tw_reuse - BOOLEAN
|
||||
Allow to reuse TIME-WAIT sockets for new connections when it is
|
||||
safe from protocol viewpoint. Default value is 0.
|
||||
It should not be changed without advice/request of technical
|
||||
experts.
|
||||
tcp_low_latency - BOOLEAN
|
||||
If set, the TCP stack makes decisions that prefer lower
|
||||
latency as opposed to higher throughput. By default, this
|
||||
option is not set meaning that higher throughput is preferred.
|
||||
An example of an application where this default should be
|
||||
changed would be a Beowulf compute cluster.
|
||||
Default: 0
|
||||
|
||||
tcp_max_orphans - INTEGER
|
||||
Maximal number of TCP sockets not attached to any user file handle,
|
||||
@ -197,41 +214,6 @@ tcp_max_orphans - INTEGER
|
||||
more aggressively. Let me to remind again: each orphan eats
|
||||
up to ~64K of unswappable memory.
|
||||
|
||||
tcp_abort_on_overflow - BOOLEAN
|
||||
If listening service is too slow to accept new connections,
|
||||
reset them. Default state is FALSE. It means that if overflow
|
||||
occurred due to a burst, connection will recover. Enable this
|
||||
option _only_ if you are really sure that listening daemon
|
||||
cannot be tuned to accept connections faster. Enabling this
|
||||
option can harm clients of your server.
|
||||
|
||||
tcp_syncookies - BOOLEAN
|
||||
Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
|
||||
Send out syncookies when the syn backlog queue of a socket
|
||||
overflows. This is to prevent against the common 'syn flood attack'
|
||||
Default: FALSE
|
||||
|
||||
Note, that syncookies is fallback facility.
|
||||
It MUST NOT be used to help highly loaded servers to stand
|
||||
against legal connection rate. If you see synflood warnings
|
||||
in your logs, but investigation shows that they occur
|
||||
because of overload with legal connections, you should tune
|
||||
another parameters until this warning disappear.
|
||||
See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.
|
||||
|
||||
syncookies seriously violate TCP protocol, do not allow
|
||||
to use TCP extensions, can result in serious degradation
|
||||
of some services (f.e. SMTP relaying), visible not by you,
|
||||
but your clients and relays, contacting you. While you see
|
||||
synflood warnings in logs not being really flooded, your server
|
||||
is seriously misconfigured.
|
||||
|
||||
tcp_stdurg - BOOLEAN
|
||||
Use the Host requirements interpretation of the TCP urg pointer field.
|
||||
Most hosts use the older BSD interpretation, so if you turn this on
|
||||
Linux might not communicate correctly with them.
|
||||
Default: FALSE
|
||||
|
||||
tcp_max_syn_backlog - INTEGER
|
||||
Maximal number of remembered connection requests, which are
|
||||
still did not receive an acknowledgment from connecting client.
|
||||
@ -239,24 +221,34 @@ tcp_max_syn_backlog - INTEGER
|
||||
and 128 for low memory machines. If server suffers of overload,
|
||||
try to increase this number.
|
||||
|
||||
tcp_window_scaling - BOOLEAN
|
||||
Enable window scaling as defined in RFC1323.
|
||||
tcp_max_tw_buckets - INTEGER
|
||||
Maximal number of timewait sockets held by system simultaneously.
|
||||
If this number is exceeded time-wait socket is immediately destroyed
|
||||
and warning is printed. This limit exists only to prevent
|
||||
simple DoS attacks, you _must_ not lower the limit artificially,
|
||||
but rather increase it (probably, after increasing installed memory),
|
||||
if network conditions require more than default value.
|
||||
|
||||
tcp_timestamps - BOOLEAN
|
||||
Enable timestamps as defined in RFC1323.
|
||||
tcp_mem - vector of 3 INTEGERs: min, pressure, max
|
||||
min: below this number of pages TCP is not bothered about its
|
||||
memory appetite.
|
||||
|
||||
tcp_sack - BOOLEAN
|
||||
Enable select acknowledgments (SACKS).
|
||||
pressure: when amount of memory allocated by TCP exceeds this number
|
||||
of pages, TCP moderates its memory consumption and enters memory
|
||||
pressure mode, which is exited when memory consumption falls
|
||||
under "min".
|
||||
|
||||
tcp_fack - BOOLEAN
|
||||
Enable FACK congestion avoidance and fast retransmission.
|
||||
The value is not used, if tcp_sack is not enabled.
|
||||
max: number of pages allowed for queueing by all TCP sockets.
|
||||
|
||||
tcp_dsack - BOOLEAN
|
||||
Allows TCP to send "duplicate" SACKs.
|
||||
Defaults are calculated at boot time from amount of available
|
||||
memory.
|
||||
|
||||
tcp_ecn - BOOLEAN
|
||||
Enable Explicit Congestion Notification in TCP.
|
||||
tcp_orphan_retries - INTEGER
|
||||
How may times to retry before killing TCP connection, closed
|
||||
by our side. Default value 7 corresponds to ~50sec-16min
|
||||
depending on RTO. If you machine is loaded WEB server,
|
||||
you should think about lowering this value, such sockets
|
||||
may consume significant resources. Cf. tcp_max_orphans.
|
||||
|
||||
tcp_reordering - INTEGER
|
||||
Maximal reordering of packets in a TCP stream.
|
||||
@ -267,20 +259,23 @@ tcp_retrans_collapse - BOOLEAN
|
||||
On retransmit try to send bigger packets to work around bugs in
|
||||
certain TCP stacks.
|
||||
|
||||
tcp_wmem - vector of 3 INTEGERs: min, default, max
|
||||
min: Amount of memory reserved for send buffers for TCP socket.
|
||||
Each TCP socket has rights to use it due to fact of its birth.
|
||||
Default: 4K
|
||||
tcp_retries1 - INTEGER
|
||||
How many times to retry before deciding that something is wrong
|
||||
and it is necessary to report this suspicion to network layer.
|
||||
Minimal RFC value is 3, it is default, which corresponds
|
||||
to ~3sec-8min depending on RTO.
|
||||
|
||||
default: Amount of memory allowed for send buffers for TCP socket
|
||||
by default. This value overrides net.core.wmem_default used
|
||||
by other protocols, it is usually lower than net.core.wmem_default.
|
||||
Default: 16K
|
||||
tcp_retries2 - INTEGER
|
||||
How may times to retry before killing alive TCP connection.
|
||||
RFC1122 says that the limit should be longer than 100 sec.
|
||||
It is too small number. Default value 15 corresponds to ~13-30min
|
||||
depending on RTO.
|
||||
|
||||
max: Maximal amount of memory allowed for automatically selected
|
||||
send buffers for TCP socket. This value does not override
|
||||
net.core.wmem_max, "static" selection via SO_SNDBUF does not use this.
|
||||
Default: 128K
|
||||
tcp_rfc1337 - BOOLEAN
|
||||
If set, the TCP stack behaves conforming to RFC1337. If unset,
|
||||
we are not conforming to RFC, but prevent TCP TIME_WAIT
|
||||
assassination.
|
||||
Default: 0
|
||||
|
||||
tcp_rmem - vector of 3 INTEGERs: min, default, max
|
||||
min: Minimal size of receive buffer used by TCP sockets.
|
||||
@ -299,86 +294,8 @@ tcp_rmem - vector of 3 INTEGERs: min, default, max
|
||||
net.core.rmem_max, "static" selection via SO_RCVBUF does not use this.
|
||||
Default: 87380*2 bytes.
|
||||
|
||||
tcp_mem - vector of 3 INTEGERs: min, pressure, max
|
||||
min: below this number of pages TCP is not bothered about its
|
||||
memory appetite.
|
||||
|
||||
pressure: when amount of memory allocated by TCP exceeds this number
|
||||
of pages, TCP moderates its memory consumption and enters memory
|
||||
pressure mode, which is exited when memory consumption falls
|
||||
under "min".
|
||||
|
||||
max: number of pages allowed for queueing by all TCP sockets.
|
||||
|
||||
Defaults are calculated at boot time from amount of available
|
||||
memory.
|
||||
|
||||
tcp_app_win - INTEGER
|
||||
Reserve max(window/2^tcp_app_win, mss) of window for application
|
||||
buffer. Value 0 is special, it means that nothing is reserved.
|
||||
Default: 31
|
||||
|
||||
tcp_adv_win_scale - INTEGER
|
||||
Count buffering overhead as bytes/2^tcp_adv_win_scale
|
||||
(if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
|
||||
if it is <= 0.
|
||||
Default: 2
|
||||
|
||||
tcp_rfc1337 - BOOLEAN
|
||||
If set, the TCP stack behaves conforming to RFC1337. If unset,
|
||||
we are not conforming to RFC, but prevent TCP TIME_WAIT
|
||||
assassination.
|
||||
Default: 0
|
||||
|
||||
tcp_low_latency - BOOLEAN
|
||||
If set, the TCP stack makes decisions that prefer lower
|
||||
latency as opposed to higher throughput. By default, this
|
||||
option is not set meaning that higher throughput is preferred.
|
||||
An example of an application where this default should be
|
||||
changed would be a Beowulf compute cluster.
|
||||
Default: 0
|
||||
|
||||
tcp_tso_win_divisor - INTEGER
|
||||
This allows control over what percentage of the congestion window
|
||||
can be consumed by a single TSO frame.
|
||||
The setting of this parameter is a choice between burstiness and
|
||||
building larger TSO frames.
|
||||
Default: 3
|
||||
|
||||
tcp_frto - BOOLEAN
|
||||
Enables F-RTO, an enhanced recovery algorithm for TCP retransmission
|
||||
timeouts. It is particularly beneficial in wireless environments
|
||||
where packet loss is typically due to random radio interference
|
||||
rather than intermediate router congestion.
|
||||
|
||||
tcp_allowed_congestion_control - STRING
|
||||
Show/set the congestion control choices available to non-privileged
|
||||
processes. The list is a subset of those listed in
|
||||
tcp_available_congestion_control.
|
||||
Default is "reno" and the default setting (tcp_congestion_control).
|
||||
|
||||
tcp_available_congestion_control - STRING
|
||||
Shows the available congestion control choices that are registered.
|
||||
More congestion control algorithms may be available as modules,
|
||||
but not loaded.
|
||||
|
||||
tcp_congestion_control - STRING
|
||||
Set the congestion control algorithm to be used for new
|
||||
connections. The algorithm "reno" is always available, but
|
||||
additional choices may be available based on kernel configuration.
|
||||
Default is set as part of kernel configuration.
|
||||
|
||||
somaxconn - INTEGER
|
||||
Limit of socket listen() backlog, known in userspace as SOMAXCONN.
|
||||
Defaults to 128. See also tcp_max_syn_backlog for additional tuning
|
||||
for TCP sockets.
|
||||
|
||||
tcp_workaround_signed_windows - BOOLEAN
|
||||
If set, assume no receipt of a window scaling option means the
|
||||
remote TCP is broken and treats the window as a signed quantity.
|
||||
If unset, assume the remote TCP is not broken even if we do
|
||||
not receive a window scaling option from them.
|
||||
Default: 0
|
||||
tcp_sack - BOOLEAN
|
||||
Enable select acknowledgments (SACKS).
|
||||
|
||||
tcp_slow_start_after_idle - BOOLEAN
|
||||
If set, provide RFC2861 behavior and time out the congestion
|
||||
@ -387,6 +304,89 @@ tcp_slow_start_after_idle - BOOLEAN
|
||||
be timed out after an idle period.
|
||||
Default: 1
|
||||
|
||||
tcp_stdurg - BOOLEAN
|
||||
Use the Host requirements interpretation of the TCP urg pointer field.
|
||||
Most hosts use the older BSD interpretation, so if you turn this on
|
||||
Linux might not communicate correctly with them.
|
||||
Default: FALSE
|
||||
|
||||
tcp_synack_retries - INTEGER
|
||||
Number of times SYNACKs for a passive TCP connection attempt will
|
||||
be retransmitted. Should not be higher than 255. Default value
|
||||
is 5, which corresponds to ~180seconds.
|
||||
|
||||
tcp_syncookies - BOOLEAN
|
||||
Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
|
||||
Send out syncookies when the syn backlog queue of a socket
|
||||
overflows. This is to prevent against the common 'syn flood attack'
|
||||
Default: FALSE
|
||||
|
||||
Note, that syncookies is fallback facility.
|
||||
It MUST NOT be used to help highly loaded servers to stand
|
||||
against legal connection rate. If you see synflood warnings
|
||||
in your logs, but investigation shows that they occur
|
||||
because of overload with legal connections, you should tune
|
||||
another parameters until this warning disappear.
|
||||
See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.
|
||||
|
||||
syncookies seriously violate TCP protocol, do not allow
|
||||
to use TCP extensions, can result in serious degradation
|
||||
of some services (f.e. SMTP relaying), visible not by you,
|
||||
but your clients and relays, contacting you. While you see
|
||||
synflood warnings in logs not being really flooded, your server
|
||||
is seriously misconfigured.
|
||||
|
||||
tcp_syn_retries - INTEGER
|
||||
Number of times initial SYNs for an active TCP connection attempt
|
||||
will be retransmitted. Should not be higher than 255. Default value
|
||||
is 5, which corresponds to ~180seconds.
|
||||
|
||||
tcp_timestamps - BOOLEAN
|
||||
Enable timestamps as defined in RFC1323.
|
||||
|
||||
tcp_tso_win_divisor - INTEGER
|
||||
This allows control over what percentage of the congestion window
|
||||
can be consumed by a single TSO frame.
|
||||
The setting of this parameter is a choice between burstiness and
|
||||
building larger TSO frames.
|
||||
Default: 3
|
||||
|
||||
tcp_tw_recycle - BOOLEAN
|
||||
Enable fast recycling TIME-WAIT sockets. Default value is 0.
|
||||
It should not be changed without advice/request of technical
|
||||
experts.
|
||||
|
||||
tcp_tw_reuse - BOOLEAN
|
||||
Allow to reuse TIME-WAIT sockets for new connections when it is
|
||||
safe from protocol viewpoint. Default value is 0.
|
||||
It should not be changed without advice/request of technical
|
||||
experts.
|
||||
|
||||
tcp_window_scaling - BOOLEAN
|
||||
Enable window scaling as defined in RFC1323.
|
||||
|
||||
tcp_wmem - vector of 3 INTEGERs: min, default, max
|
||||
min: Amount of memory reserved for send buffers for TCP socket.
|
||||
Each TCP socket has rights to use it due to fact of its birth.
|
||||
Default: 4K
|
||||
|
||||
default: Amount of memory allowed for send buffers for TCP socket
|
||||
by default. This value overrides net.core.wmem_default used
|
||||
by other protocols, it is usually lower than net.core.wmem_default.
|
||||
Default: 16K
|
||||
|
||||
max: Maximal amount of memory allowed for automatically selected
|
||||
send buffers for TCP socket. This value does not override
|
||||
net.core.wmem_max, "static" selection via SO_SNDBUF does not use this.
|
||||
Default: 128K
|
||||
|
||||
tcp_workaround_signed_windows - BOOLEAN
|
||||
If set, assume no receipt of a window scaling option means the
|
||||
remote TCP is broken and treats the window as a signed quantity.
|
||||
If unset, assume the remote TCP is not broken even if we do
|
||||
not receive a window scaling option from them.
|
||||
Default: 0
|
||||
|
||||
CIPSOv4 Variables:
|
||||
|
||||
cipso_cache_enable - BOOLEAN
|
||||
@ -986,4 +986,3 @@ no_cong_thresh FIXME
|
||||
slot_timeout FIXME
|
||||
warn_noreply_time FIXME
|
||||
|
||||
$Id: ip-sysctl.txt,v 1.20 2001/12/13 09:00:18 davem Exp $
|
||||
|
Loading…
Reference in New Issue
Block a user