view Documentation/networking/ip-sysctl.txt @ 897:329ea0ccb344

balloon: try harder to balloon up under memory pressure.

Currently if the balloon driver is unable to increase the guest's
reservation it assumes the failure was due to reaching its full
allocation, gives up on the ballooning operation and records the limit
it reached as the "hard limit". The driver will not try again until
the target is set again (even to the same value).

However it is possible that ballooning has in fact failed due to
memory pressure in the host and therefore it is desirable to keep
attempting to reach the target in case memory becomes available. The
most likely scenario is that some guests are ballooning down while
others are ballooning up and therefore there is temporary memory
pressure while things stabilise. You would not expect a well behaved
toolstack to ask a domain to balloon to more than its allocation nor
would you expect it to deliberately over-commit memory by setting
balloon targets which exceed the total host memory.

This patch drops the concept of a hard limit and causes the balloon
driver to retry increasing the reservation on a timer in the same
manner as when decreasing the reservation.

Also if we partially succeed in increasing the reservation
(i.e. receive less pages than we asked for) then we may as well keep
those pages rather than returning them to Xen.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Fri Jun 05 14:01:20 2009 +0100 (2009-06-05)
parents 831230e53067
line source
1 /proc/sys/net/ipv4/* Variables:
3 ip_forward - BOOLEAN
4 0 - disabled (default)
5 not 0 - enabled
7 Forward Packets between interfaces.
9 This variable is special, its change resets all configuration
10 parameters to their default state (RFC1122 for hosts, RFC1812
11 for routers)
13 ip_default_ttl - INTEGER
14 default 64
16 ip_no_pmtu_disc - BOOLEAN
17 Disable Path MTU Discovery.
18 default FALSE
20 min_pmtu - INTEGER
21 default 562 - minimum discovered Path MTU
23 mtu_expires - INTEGER
24 Time, in seconds, that cached PMTU information is kept.
26 min_adv_mss - INTEGER
27 The advertised MSS depends on the first hop route MTU, but will
28 never be lower than this setting.
30 IP Fragmentation:
32 ipfrag_high_thresh - INTEGER
33 Maximum memory used to reassemble IP fragments. When
34 ipfrag_high_thresh bytes of memory is allocated for this purpose,
35 the fragment handler will toss packets until ipfrag_low_thresh
36 is reached.
38 ipfrag_low_thresh - INTEGER
39 See ipfrag_high_thresh
41 ipfrag_time - INTEGER
42 Time in seconds to keep an IP fragment in memory.
44 ipfrag_secret_interval - INTEGER
45 Regeneration interval (in seconds) of the hash secret (or lifetime
46 for the hash secret) for IP fragments.
47 Default: 600
49 ipfrag_max_dist - INTEGER
50 ipfrag_max_dist is a non-negative integer value which defines the
51 maximum "disorder" which is allowed among fragments which share a
52 common IP source address. Note that reordering of packets is
53 not unusual, but if a large number of fragments arrive from a source
54 IP address while a particular fragment queue remains incomplete, it
55 probably indicates that one or more fragments belonging to that queue
56 have been lost. When ipfrag_max_dist is positive, an additional check
57 is done on fragments before they are added to a reassembly queue - if
58 ipfrag_max_dist (or more) fragments have arrived from a particular IP
59 address between additions to any IP fragment queue using that source
60 address, it's presumed that one or more fragments in the queue are
61 lost. The existing fragment queue will be dropped, and a new one
62 started. An ipfrag_max_dist value of zero disables this check.
64 Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can
65 result in unnecessarily dropping fragment queues when normal
66 reordering of packets occurs, which could lead to poor application
67 performance. Using a very large value, e.g. 50000, increases the
68 likelihood of incorrectly reassembling IP fragments that originate
69 from different IP datagrams, which could result in data corruption.
70 Default: 64
72 INET peer storage:
74 inet_peer_threshold - INTEGER
75 The approximate size of the storage. Starting from this threshold
76 entries will be thrown aggressively. This threshold also determines
77 entries' time-to-live and time intervals between garbage collection
78 passes. More entries, less time-to-live, less GC interval.
80 inet_peer_minttl - INTEGER
81 Minimum time-to-live of entries. Should be enough to cover fragment
82 time-to-live on the reassembling side. This minimum time-to-live is
83 guaranteed if the pool size is less than inet_peer_threshold.
84 Measured in jiffies(1).
86 inet_peer_maxttl - INTEGER
87 Maximum time-to-live of entries. Unused entries will expire after
88 this period of time if there is no memory pressure on the pool (i.e.
89 when the number of entries in the pool is very small).
90 Measured in jiffies(1).
92 inet_peer_gc_mintime - INTEGER
93 Minimum interval between garbage collection passes. This interval is
94 in effect under high memory pressure on the pool.
95 Measured in jiffies(1).
97 inet_peer_gc_maxtime - INTEGER
98 Minimum interval between garbage collection passes. This interval is
99 in effect under low (or absent) memory pressure on the pool.
100 Measured in jiffies(1).
102 TCP variables:
104 tcp_abc - INTEGER
105 Controls Appropriate Byte Count (ABC) defined in RFC3465.
106 ABC is a way of increasing congestion window (cwnd) more slowly
107 in response to partial acknowledgments.
108 Possible values are:
109 0 increase cwnd once per acknowledgment (no ABC)
110 1 increase cwnd once per acknowledgment of full sized segment
111 2 allow increase cwnd by two if acknowledgment is
112 of two segments to compensate for delayed acknowledgments.
113 Default: 0 (off)
115 tcp_syn_retries - INTEGER
116 Number of times initial SYNs for an active TCP connection attempt
117 will be retransmitted. Should not be higher than 255. Default value
118 is 5, which corresponds to ~180seconds.
120 tcp_synack_retries - INTEGER
121 Number of times SYNACKs for a passive TCP connection attempt will
122 be retransmitted. Should not be higher than 255. Default value
123 is 5, which corresponds to ~180seconds.
125 tcp_keepalive_time - INTEGER
126 How often TCP sends out keepalive messages when keepalive is enabled.
127 Default: 2hours.
129 tcp_keepalive_probes - INTEGER
130 How many keepalive probes TCP sends out, until it decides that the
131 connection is broken. Default value: 9.
133 tcp_keepalive_intvl - INTEGER
134 How frequently the probes are send out. Multiplied by
135 tcp_keepalive_probes it is time to kill not responding connection,
136 after probes started. Default value: 75sec i.e. connection
137 will be aborted after ~11 minutes of retries.
139 tcp_retries1 - INTEGER
140 How many times to retry before deciding that something is wrong
141 and it is necessary to report this suspicion to network layer.
142 Minimal RFC value is 3, it is default, which corresponds
143 to ~3sec-8min depending on RTO.
145 tcp_retries2 - INTEGER
146 How may times to retry before killing alive TCP connection.
147 RFC1122 says that the limit should be longer than 100 sec.
148 It is too small number. Default value 15 corresponds to ~13-30min
149 depending on RTO.
151 tcp_orphan_retries - INTEGER
152 How may times to retry before killing TCP connection, closed
153 by our side. Default value 7 corresponds to ~50sec-16min
154 depending on RTO. If you machine is loaded WEB server,
155 you should think about lowering this value, such sockets
156 may consume significant resources. Cf. tcp_max_orphans.
158 tcp_fin_timeout - INTEGER
159 Time to hold socket in state FIN-WAIT-2, if it was closed
160 by our side. Peer can be broken and never close its side,
161 or even died unexpectedly. Default value is 60sec.
162 Usual value used in 2.2 was 180 seconds, you may restore
163 it, but remember that if your machine is even underloaded WEB server,
164 you risk to overflow memory with kilotons of dead sockets,
165 FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1,
166 because they eat maximum 1.5K of memory, but they tend
167 to live longer. Cf. tcp_max_orphans.
169 tcp_max_tw_buckets - INTEGER
170 Maximal number of timewait sockets held by system simultaneously.
171 If this number is exceeded time-wait socket is immediately destroyed
172 and warning is printed. This limit exists only to prevent
173 simple DoS attacks, you _must_ not lower the limit artificially,
174 but rather increase it (probably, after increasing installed memory),
175 if network conditions require more than default value.
177 tcp_tw_recycle - BOOLEAN
178 Enable fast recycling TIME-WAIT sockets. Default value is 0.
179 It should not be changed without advice/request of technical
180 experts.
182 tcp_tw_reuse - BOOLEAN
183 Allow to reuse TIME-WAIT sockets for new connections when it is
184 safe from protocol viewpoint. Default value is 0.
185 It should not be changed without advice/request of technical
186 experts.
188 tcp_max_orphans - INTEGER
189 Maximal number of TCP sockets not attached to any user file handle,
190 held by system. If this number is exceeded orphaned connections are
191 reset immediately and warning is printed. This limit exists
192 only to prevent simple DoS attacks, you _must_ not rely on this
193 or lower the limit artificially, but rather increase it
194 (probably, after increasing installed memory),
195 if network conditions require more than default value,
196 and tune network services to linger and kill such states
197 more aggressively. Let me to remind again: each orphan eats
198 up to ~64K of unswappable memory.
200 tcp_abort_on_overflow - BOOLEAN
201 If listening service is too slow to accept new connections,
202 reset them. Default state is FALSE. It means that if overflow
203 occurred due to a burst, connection will recover. Enable this
204 option _only_ if you are really sure that listening daemon
205 cannot be tuned to accept connections faster. Enabling this
206 option can harm clients of your server.
208 tcp_syncookies - BOOLEAN
209 Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
210 Send out syncookies when the syn backlog queue of a socket
211 overflows. This is to prevent against the common 'syn flood attack'
212 Default: FALSE
214 Note, that syncookies is fallback facility.
215 It MUST NOT be used to help highly loaded servers to stand
216 against legal connection rate. If you see synflood warnings
217 in your logs, but investigation shows that they occur
218 because of overload with legal connections, you should tune
219 another parameters until this warning disappear.
220 See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.
222 syncookies seriously violate TCP protocol, do not allow
223 to use TCP extensions, can result in serious degradation
224 of some services (f.e. SMTP relaying), visible not by you,
225 but your clients and relays, contacting you. While you see
226 synflood warnings in logs not being really flooded, your server
227 is seriously misconfigured.
229 tcp_stdurg - BOOLEAN
230 Use the Host requirements interpretation of the TCP urg pointer field.
231 Most hosts use the older BSD interpretation, so if you turn this on
232 Linux might not communicate correctly with them.
233 Default: FALSE
235 tcp_max_syn_backlog - INTEGER
236 Maximal number of remembered connection requests, which are
237 still did not receive an acknowledgment from connecting client.
238 Default value is 1024 for systems with more than 128Mb of memory,
239 and 128 for low memory machines. If server suffers of overload,
240 try to increase this number.
242 tcp_window_scaling - BOOLEAN
243 Enable window scaling as defined in RFC1323.
245 tcp_timestamps - BOOLEAN
246 Enable timestamps as defined in RFC1323.
248 tcp_sack - BOOLEAN
249 Enable select acknowledgments (SACKS).
251 tcp_fack - BOOLEAN
252 Enable FACK congestion avoidance and fast retransmission.
253 The value is not used, if tcp_sack is not enabled.
255 tcp_dsack - BOOLEAN
256 Allows TCP to send "duplicate" SACKs.
258 tcp_ecn - BOOLEAN
259 Enable Explicit Congestion Notification in TCP.
261 tcp_reordering - INTEGER
262 Maximal reordering of packets in a TCP stream.
263 Default: 3
265 tcp_retrans_collapse - BOOLEAN
266 Bug-to-bug compatibility with some broken printers.
267 On retransmit try to send bigger packets to work around bugs in
268 certain TCP stacks.
270 tcp_wmem - vector of 3 INTEGERs: min, default, max
271 min: Amount of memory reserved for send buffers for TCP socket.
272 Each TCP socket has rights to use it due to fact of its birth.
273 Default: 4K
275 default: Amount of memory allowed for send buffers for TCP socket
276 by default. This value overrides net.core.wmem_default used
277 by other protocols, it is usually lower than net.core.wmem_default.
278 Default: 16K
280 max: Maximal amount of memory allowed for automatically selected
281 send buffers for TCP socket. This value does not override
282 net.core.wmem_max, "static" selection via SO_SNDBUF does not use this.
283 Default: 128K
285 tcp_rmem - vector of 3 INTEGERs: min, default, max
286 min: Minimal size of receive buffer used by TCP sockets.
287 It is guaranteed to each TCP socket, even under moderate memory
288 pressure.
289 Default: 8K
291 default: default size of receive buffer used by TCP sockets.
292 This value overrides net.core.rmem_default used by other protocols.
293 Default: 87380 bytes. This value results in window of 65535 with
294 default setting of tcp_adv_win_scale and tcp_app_win:0 and a bit
295 less for default tcp_app_win. See below about these variables.
297 max: maximal size of receive buffer allowed for automatically
298 selected receiver buffers for TCP socket. This value does not override
299 net.core.rmem_max, "static" selection via SO_RCVBUF does not use this.
300 Default: 87380*2 bytes.
302 tcp_mem - vector of 3 INTEGERs: min, pressure, max
303 min: below this number of pages TCP is not bothered about its
304 memory appetite.
306 pressure: when amount of memory allocated by TCP exceeds this number
307 of pages, TCP moderates its memory consumption and enters memory
308 pressure mode, which is exited when memory consumption falls
309 under "min".
311 max: number of pages allowed for queueing by all TCP sockets.
313 Defaults are calculated at boot time from amount of available
314 memory.
316 tcp_app_win - INTEGER
317 Reserve max(window/2^tcp_app_win, mss) of window for application
318 buffer. Value 0 is special, it means that nothing is reserved.
319 Default: 31
321 tcp_adv_win_scale - INTEGER
322 Count buffering overhead as bytes/2^tcp_adv_win_scale
323 (if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
324 if it is <= 0.
325 Default: 2
327 tcp_rfc1337 - BOOLEAN
328 If set, the TCP stack behaves conforming to RFC1337. If unset,
329 we are not conforming to RFC, but prevent TCP TIME_WAIT
330 assassination.
331 Default: 0
333 tcp_low_latency - BOOLEAN
334 If set, the TCP stack makes decisions that prefer lower
335 latency as opposed to higher throughput. By default, this
336 option is not set meaning that higher throughput is preferred.
337 An example of an application where this default should be
338 changed would be a Beowulf compute cluster.
339 Default: 0
341 tcp_tso_win_divisor - INTEGER
342 This allows control over what percentage of the congestion window
343 can be consumed by a single TSO frame.
344 The setting of this parameter is a choice between burstiness and
345 building larger TSO frames.
346 Default: 3
348 tcp_frto - BOOLEAN
349 Enables F-RTO, an enhanced recovery algorithm for TCP retransmission
350 timeouts. It is particularly beneficial in wireless environments
351 where packet loss is typically due to random radio interference
352 rather than intermediate router congestion.
354 tcp_congestion_control - STRING
355 Set the congestion control algorithm to be used for new
356 connections. The algorithm "reno" is always available, but
357 additional choices may be available based on kernel configuration.
359 somaxconn - INTEGER
360 Limit of socket listen() backlog, known in userspace as SOMAXCONN.
361 Defaults to 128. See also tcp_max_syn_backlog for additional tuning
362 for TCP sockets.
364 tcp_workaround_signed_windows - BOOLEAN
365 If set, assume no receipt of a window scaling option means the
366 remote TCP is broken and treats the window as a signed quantity.
367 If unset, assume the remote TCP is not broken even if we do
368 not receive a window scaling option from them.
369 Default: 0
371 tcp_slow_start_after_idle - BOOLEAN
372 If set, provide RFC2861 behavior and time out the congestion
373 window after an idle period. An idle period is defined at
374 the current RTO. If unset, the congestion window will not
375 be timed out after an idle period.
376 Default: 1
378 IP Variables:
380 ip_local_port_range - 2 INTEGERS
381 Defines the local port range that is used by TCP and UDP to
382 choose the local port. The first number is the first, the
383 second the last local port number. Default value depends on
384 amount of memory available on the system:
385 > 128Mb 32768-61000
386 < 128Mb 1024-4999 or even less.
387 This number defines number of active connections, which this
388 system can issue simultaneously to systems not supporting
389 TCP extensions (timestamps). With tcp_tw_recycle enabled
390 (i.e. by default) range 1024-4999 is enough to issue up to
391 2000 connections per second to systems supporting timestamps.
393 ip_nonlocal_bind - BOOLEAN
394 If set, allows processes to bind() to non-local IP addresses,
395 which can be quite useful - but may break some applications.
396 Default: 0
398 ip_dynaddr - BOOLEAN
399 If set non-zero, enables support for dynamic addresses.
400 If set to a non-zero value larger than 1, a kernel log
401 message will be printed when dynamic address rewriting
402 occurs.
403 Default: 0
405 icmp_echo_ignore_all - BOOLEAN
406 If set non-zero, then the kernel will ignore all ICMP ECHO
407 requests sent to it.
408 Default: 0
410 icmp_echo_ignore_broadcasts - BOOLEAN
411 If set non-zero, then the kernel will ignore all ICMP ECHO and
412 TIMESTAMP requests sent to it via broadcast/multicast.
413 Default: 1
415 icmp_ratelimit - INTEGER
416 Limit the maximal rates for sending ICMP packets whose type matches
417 icmp_ratemask (see below) to specific targets.
418 0 to disable any limiting, otherwise the maximal rate in jiffies(1)
419 Default: 100
421 icmp_ratemask - INTEGER
422 Mask made of ICMP types for which rates are being limited.
423 Significant bits: IHGFEDCBA9876543210
424 Default mask: 0000001100000011000 (6168)
426 Bit definitions (see include/linux/icmp.h):
427 0 Echo Reply
428 3 Destination Unreachable *
429 4 Source Quench *
430 5 Redirect
431 8 Echo Request
432 B Time Exceeded *
433 C Parameter Problem *
434 D Timestamp Request
435 E Timestamp Reply
436 F Info Request
437 G Info Reply
438 H Address Mask Request
439 I Address Mask Reply
441 * These are rate limited by default (see default mask above)
443 icmp_ignore_bogus_error_responses - BOOLEAN
444 Some routers violate RFC1122 by sending bogus responses to broadcast
445 frames. Such violations are normally logged via a kernel warning.
446 If this is set to TRUE, the kernel will not give such warnings, which
447 will avoid log file clutter.
448 Default: FALSE
450 icmp_errors_use_inbound_ifaddr - BOOLEAN
452 If zero, icmp error messages are sent with the primary address of
453 the exiting interface.
455 If non-zero, the message will be sent with the primary address of
456 the interface that received the packet that caused the icmp error.
457 This is the behaviour network many administrators will expect from
458 a router. And it can make debugging complicated network layouts
459 much easier.
461 Note that if no primary address exists for the interface selected,
462 then the primary address of the first non-loopback interface that
463 has one will be used regarldess of this setting.
465 Default: 0
467 igmp_max_memberships - INTEGER
468 Change the maximum number of multicast groups we can subscribe to.
469 Default: 20
471 conf/interface/* changes special settings per interface (where "interface" is
472 the name of your network interface)
473 conf/all/* is special, changes the settings for all interfaces
476 log_martians - BOOLEAN
477 Log packets with impossible addresses to kernel log.
478 log_martians for the interface will be enabled if at least one of
479 conf/{all,interface}/log_martians is set to TRUE,
480 it will be disabled otherwise
482 accept_redirects - BOOLEAN
483 Accept ICMP redirect messages.
484 accept_redirects for the interface will be enabled if:
485 - both conf/{all,interface}/accept_redirects are TRUE in the case forwarding
486 for the interface is enabled
487 or
488 - at least one of conf/{all,interface}/accept_redirects is TRUE in the case
489 forwarding for the interface is disabled
490 accept_redirects for the interface will be disabled otherwise
491 default TRUE (host)
492 FALSE (router)
494 forwarding - BOOLEAN
495 Enable IP forwarding on this interface.
497 mc_forwarding - BOOLEAN
498 Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
499 and a multicast routing daemon is required.
500 conf/all/mc_forwarding must also be set to TRUE to enable multicast routing
501 for the interface
503 medium_id - INTEGER
504 Integer value used to differentiate the devices by the medium they
505 are attached to. Two devices can have different id values when
506 the broadcast packets are received only on one of them.
507 The default value 0 means that the device is the only interface
508 to its medium, value of -1 means that medium is not known.
510 Currently, it is used to change the proxy_arp behavior:
511 the proxy_arp feature is enabled for packets forwarded between
512 two devices attached to different media.
514 proxy_arp - BOOLEAN
515 Do proxy arp.
516 proxy_arp for the interface will be enabled if at least one of
517 conf/{all,interface}/proxy_arp is set to TRUE,
518 it will be disabled otherwise
520 shared_media - BOOLEAN
521 Send(router) or accept(host) RFC1620 shared media redirects.
522 Overrides ip_secure_redirects.
523 shared_media for the interface will be enabled if at least one of
524 conf/{all,interface}/shared_media is set to TRUE,
525 it will be disabled otherwise
526 default TRUE
528 secure_redirects - BOOLEAN
529 Accept ICMP redirect messages only for gateways,
530 listed in default gateway list.
531 secure_redirects for the interface will be enabled if at least one of
532 conf/{all,interface}/secure_redirects is set to TRUE,
533 it will be disabled otherwise
534 default TRUE
536 send_redirects - BOOLEAN
537 Send redirects, if router.
538 send_redirects for the interface will be enabled if at least one of
539 conf/{all,interface}/send_redirects is set to TRUE,
540 it will be disabled otherwise
541 Default: TRUE
543 bootp_relay - BOOLEAN
544 Accept packets with source address 0.b.c.d destined
545 not to this host as local ones. It is supposed, that
546 BOOTP relay daemon will catch and forward such packets.
547 conf/all/bootp_relay must also be set to TRUE to enable BOOTP relay
548 for the interface
549 default FALSE
550 Not Implemented Yet.
552 accept_source_route - BOOLEAN
553 Accept packets with SRR option.
554 conf/all/accept_source_route must also be set to TRUE to accept packets
555 with SRR option on the interface
556 default TRUE (router)
557 FALSE (host)
559 rp_filter - BOOLEAN
560 1 - do source validation by reversed path, as specified in RFC1812
561 Recommended option for single homed hosts and stub network
562 routers. Could cause troubles for complicated (not loop free)
563 networks running a slow unreliable protocol (sort of RIP),
564 or using static routes.
566 0 - No source validation.
568 conf/all/rp_filter must also be set to TRUE to do source validation
569 on the interface
571 Default value is 0. Note that some distributions enable it
572 in startup scripts.
574 arp_filter - BOOLEAN
575 1 - Allows you to have multiple network interfaces on the same
576 subnet, and have the ARPs for each interface be answered
577 based on whether or not the kernel would route a packet from
578 the ARP'd IP out that interface (therefore you must use source
579 based routing for this to work). In other words it allows control
580 of which cards (usually 1) will respond to an arp request.
582 0 - (default) The kernel can respond to arp requests with addresses
583 from other interfaces. This may seem wrong but it usually makes
584 sense, because it increases the chance of successful communication.
585 IP addresses are owned by the complete host on Linux, not by
586 particular interfaces. Only for more complex setups like load-
587 balancing, does this behaviour cause problems.
589 arp_filter for the interface will be enabled if at least one of
590 conf/{all,interface}/arp_filter is set to TRUE,
591 it will be disabled otherwise
593 arp_announce - INTEGER
594 Define different restriction levels for announcing the local
595 source IP address from IP packets in ARP requests sent on
596 interface:
597 0 - (default) Use any local address, configured on any interface
598 1 - Try to avoid local addresses that are not in the target's
599 subnet for this interface. This mode is useful when target
600 hosts reachable via this interface require the source IP
601 address in ARP requests to be part of their logical network
602 configured on the receiving interface. When we generate the
603 request we will check all our subnets that include the
604 target IP and will preserve the source address if it is from
605 such subnet. If there is no such subnet we select source
606 address according to the rules for level 2.
607 2 - Always use the best local address for this target.
608 In this mode we ignore the source address in the IP packet
609 and try to select local address that we prefer for talks with
610 the target host. Such local address is selected by looking
611 for primary IP addresses on all our subnets on the outgoing
612 interface that include the target IP address. If no suitable
613 local address is found we select the first local address
614 we have on the outgoing interface or on all other interfaces,
615 with the hope we will receive reply for our request and
616 even sometimes no matter the source IP address we announce.
618 The max value from conf/{all,interface}/arp_announce is used.
620 Increasing the restriction level gives more chance for
621 receiving answer from the resolved target while decreasing
622 the level announces more valid sender's information.
624 arp_ignore - INTEGER
625 Define different modes for sending replies in response to
626 received ARP requests that resolve local target IP addresses:
627 0 - (default): reply for any local target IP address, configured
628 on any interface
629 1 - reply only if the target IP address is local address
630 configured on the incoming interface
631 2 - reply only if the target IP address is local address
632 configured on the incoming interface and both with the
633 sender's IP address are part from same subnet on this interface
634 3 - do not reply for local addresses configured with scope host,
635 only resolutions for global and link addresses are replied
636 4-7 - reserved
637 8 - do not reply for all local addresses
639 The max value from conf/{all,interface}/arp_ignore is used
640 when ARP request is received on the {interface}
642 arp_accept - BOOLEAN
643 Define behavior when gratuitous arp replies are received:
644 0 - drop gratuitous arp frames
645 1 - accept gratuitous arp frames
647 app_solicit - INTEGER
648 The maximum number of probes to send to the user space ARP daemon
649 via netlink before dropping back to multicast probes (see
650 mcast_solicit). Defaults to 0.
652 disable_policy - BOOLEAN
653 Disable IPSEC policy (SPD) for this interface
655 disable_xfrm - BOOLEAN
656 Disable IPSEC encryption on this interface, whatever the policy
660 tag - INTEGER
661 Allows you to write a number, which can be used as required.
662 Default value is 0.
664 (1) Jiffie: internal timeunit for the kernel. On the i386 1/100s, on the
665 Alpha 1/1024s. See the HZ define in /usr/include/asm/param.h for the exact
666 value on your system.
668 Alexey Kuznetsov.
669 kuznet@ms2.inr.ac.ru
671 Updated by:
672 Andi Kleen
673 ak@muc.de
674 Nicolas Delon
675 delon.nicolas@wanadoo.fr
680 /proc/sys/net/ipv6/* Variables:
682 IPv6 has no global variables such as tcp_*. tcp_* settings under ipv4/ also
683 apply to IPv6 [XXX?].
685 bindv6only - BOOLEAN
686 Default value for IPV6_V6ONLY socket option,
687 which restricts use of the IPv6 socket to IPv6 communication
688 only.
689 TRUE: disable IPv4-mapped address feature
690 FALSE: enable IPv4-mapped address feature
692 Default: FALSE (as specified in RFC2553bis)
694 IPv6 Fragmentation:
696 ip6frag_high_thresh - INTEGER
697 Maximum memory used to reassemble IPv6 fragments. When
698 ip6frag_high_thresh bytes of memory is allocated for this purpose,
699 the fragment handler will toss packets until ip6frag_low_thresh
700 is reached.
702 ip6frag_low_thresh - INTEGER
703 See ip6frag_high_thresh
705 ip6frag_time - INTEGER
706 Time in seconds to keep an IPv6 fragment in memory.
708 ip6frag_secret_interval - INTEGER
709 Regeneration interval (in seconds) of the hash secret (or lifetime
710 for the hash secret) for IPv6 fragments.
711 Default: 600
713 conf/default/*:
714 Change the interface-specific default settings.
717 conf/all/*:
718 Change all the interface-specific settings.
720 [XXX: Other special features than forwarding?]
722 conf/all/forwarding - BOOLEAN
723 Enable global IPv6 forwarding between all interfaces.
725 IPv4 and IPv6 work differently here; e.g. netfilter must be used
726 to control which interfaces may forward packets and which not.
728 This also sets all interfaces' Host/Router setting
729 'forwarding' to the specified value. See below for details.
731 This referred to as global forwarding.
733 conf/interface/*:
734 Change special settings per interface.
736 The functional behaviour for certain settings is different
737 depending on whether local forwarding is enabled or not.
739 accept_ra - BOOLEAN
740 Accept Router Advertisements; autoconfigure using them.
742 Functional default: enabled if local forwarding is disabled.
743 disabled if local forwarding is enabled.
745 accept_ra_defrtr - BOOLEAN
746 Learn default router in Router Advertisement.
748 Functional default: enabled if accept_ra is enabled.
749 disabled if accept_ra is disabled.
751 accept_ra_pinfo - BOOLEAN
752 Learn Prefix Inforamtion in Router Advertisement.
754 Functional default: enabled if accept_ra is enabled.
755 disabled if accept_ra is disabled.
757 accept_ra_rt_info_max_plen - INTEGER
758 Maximum prefix length of Route Information in RA.
760 Route Information w/ prefix larger than or equal to this
761 variable shall be ignored.
763 Functional default: 0 if accept_ra_rtr_pref is enabled.
764 -1 if accept_ra_rtr_pref is disabled.
766 accept_ra_rtr_pref - BOOLEAN
767 Accept Router Preference in RA.
769 Functional default: enabled if accept_ra is enabled.
770 disabled if accept_ra is disabled.
772 accept_redirects - BOOLEAN
773 Accept Redirects.
775 Functional default: enabled if local forwarding is disabled.
776 disabled if local forwarding is enabled.
778 autoconf - BOOLEAN
779 Autoconfigure addresses using Prefix Information in Router
780 Advertisements.
782 Functional default: enabled if accept_ra_pinfo is enabled.
783 disabled if accept_ra_pinfo is disabled.
785 dad_transmits - INTEGER
786 The amount of Duplicate Address Detection probes to send.
787 Default: 1
789 forwarding - BOOLEAN
790 Configure interface-specific Host/Router behaviour.
792 Note: It is recommended to have the same setting on all
793 interfaces; mixed router/host scenarios are rather uncommon.
795 FALSE:
797 By default, Host behaviour is assumed. This means:
799 1. IsRouter flag is not set in Neighbour Advertisements.
800 2. Router Solicitations are being sent when necessary.
801 3. If accept_ra is TRUE (default), accept Router
802 Advertisements (and do autoconfiguration).
803 4. If accept_redirects is TRUE (default), accept Redirects.
805 TRUE:
807 If local forwarding is enabled, Router behaviour is assumed.
808 This means exactly the reverse from the above:
810 1. IsRouter flag is set in Neighbour Advertisements.
811 2. Router Solicitations are not sent.
812 3. Router Advertisements are ignored.
813 4. Redirects are ignored.
815 Default: FALSE if global forwarding is disabled (default),
816 otherwise TRUE.
818 hop_limit - INTEGER
819 Default Hop Limit to set.
820 Default: 64
822 mtu - INTEGER
823 Default Maximum Transfer Unit
824 Default: 1280 (IPv6 required minimum)
826 router_probe_interval - INTEGER
827 Minimum interval (in seconds) between Router Probing described
828 in RFC4191.
830 Default: 60
832 router_solicitation_delay - INTEGER
833 Number of seconds to wait after interface is brought up
834 before sending Router Solicitations.
835 Default: 1
837 router_solicitation_interval - INTEGER
838 Number of seconds to wait between Router Solicitations.
839 Default: 4
841 router_solicitations - INTEGER
842 Number of Router Solicitations to send until assuming no
843 routers are present.
844 Default: 3
846 use_tempaddr - INTEGER
847 Preference for Privacy Extensions (RFC3041).
848 <= 0 : disable Privacy Extensions
849 == 1 : enable Privacy Extensions, but prefer public
850 addresses over temporary addresses.
851 > 1 : enable Privacy Extensions and prefer temporary
852 addresses over public addresses.
853 Default: 0 (for most devices)
854 -1 (for point-to-point devices and loopback devices)
856 temp_valid_lft - INTEGER
857 valid lifetime (in seconds) for temporary addresses.
858 Default: 604800 (7 days)
860 temp_prefered_lft - INTEGER
861 Preferred lifetime (in seconds) for temporary addresses.
862 Default: 86400 (1 day)
864 max_desync_factor - INTEGER
865 Maximum value for DESYNC_FACTOR, which is a random value
866 that ensures that clients don't synchronize with each
867 other and generate new addresses at exactly the same time.
868 value is in seconds.
869 Default: 600
871 regen_max_retry - INTEGER
872 Number of attempts before give up attempting to generate
873 valid temporary addresses.
874 Default: 5
876 max_addresses - INTEGER
877 Number of maximum addresses per interface. 0 disables limitation.
878 It is recommended not set too large value (or 0) because it would
879 be too easy way to crash kernel to allow to create too much of
880 autoconfigured addresses.
881 Default: 16
883 icmp/*:
884 ratelimit - INTEGER
885 Limit the maximal rates for sending ICMPv6 packets.
886 0 to disable any limiting, otherwise the maximal rate in jiffies(1)
887 Default: 100
890 IPv6 Update by:
891 Pekka Savola <pekkas@netcore.fi>
892 YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
895 /proc/sys/net/bridge/* Variables:
897 bridge-nf-call-arptables - BOOLEAN
898 1 : pass bridged ARP traffic to arptables' FORWARD chain.
899 0 : disable this.
900 Default: 1
902 bridge-nf-call-iptables - BOOLEAN
903 1 : pass bridged IPv4 traffic to iptables' chains.
904 0 : disable this.
905 Default: 1
907 bridge-nf-call-ip6tables - BOOLEAN
908 1 : pass bridged IPv6 traffic to ip6tables' chains.
909 0 : disable this.
910 Default: 1
912 bridge-nf-filter-vlan-tagged - BOOLEAN
913 1 : pass bridged vlan-tagged ARP/IP traffic to arptables/iptables.
914 0 : disable this.
915 Default: 1
920 dev_weight FIXME
921 discovery_slots FIXME
922 discovery_timeout FIXME
923 fast_poll_increase FIXME
924 ip6_queue_maxlen FIXME
925 lap_keepalive_time FIXME
926 lo_cong FIXME
927 max_baud_rate FIXME
928 max_dgram_qlen FIXME
929 max_noreply_time FIXME
930 max_tx_data_size FIXME
931 max_tx_window FIXME
932 min_tx_turn_time FIXME
933 mod_cong FIXME
934 no_cong FIXME
935 no_cong_thresh FIXME
936 slot_timeout FIXME
937 warn_noreply_time FIXME
939 $Id: ip-sysctl.txt,v 1.20 2001/12/13 09:00:18 davem Exp $