LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Adv-Routing-HOWTO/lartc.kernel.obscure.html

933 lines
23 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Obscure settings</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Linux Advanced Routing &#38; Traffic Control HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Kernel network parameters "
HREF="lartc.kernel.html"><LINK
REL="PREVIOUS"
TITLE="Reverse Path Filtering"
HREF="lartc.kernel.rpf.html"><LINK
REL="NEXT"
TITLE="Advanced &#38; less common queueing disciplines"
HREF="lartc.adv-qdisc.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux Advanced Routing &#38; Traffic Control HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="lartc.kernel.rpf.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 13. Kernel network parameters</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="lartc.adv-qdisc.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="LARTC.KERNEL.OBSCURE"
></A
>13.2. Obscure settings</H1
><P
>Ok, there are a lot of parameters which can be modified. We try to list them
all. Also documented (partly) in Documentation/ip-sysctl.txt.</P
><P
>Some of these settings have different defaults based on whether you
answered 'Yes' to 'Configure as router and not host' while compiling your
kernel.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1252"
></A
>13.2.1. Generic ipv4</H2
><P
>As a generic note, most rate limiting features don't work on loopback, so
don't test them locally. The limits are supplied in 'jiffies', and are
enforced using the earlier mentioned token bucket filter.</P
><P
>The kernel has an internal clock which runs at 'HZ' ticks (or 'jiffies') per
second. On Intel, 'HZ' is mostly 100. So setting a *_rate file to, say 50,
would allow for 2 packets per second. The token bucket filter is also
configured to allow for a burst of at most 6 packets, if enough tokens have
been earned.</P
><P
>Several entries in the following list have been copied from
/usr/src/linux/Documentation/networking/ip-sysctl.txt, written by Alexey
Kuznetsov &#60;kuznet@ms2.inr.ac.ru&#62; and Andi Kleen &#60;ak@muc.de&#62;
<P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>/proc/sys/net/ipv4/icmp_destunreach_rate</DT
><DD
><P
>If the kernel decides that it can't deliver a packet, it will drop it, and
send the source of the packet an ICMP notice to this effect.</P
></DD
><DT
>/proc/sys/net/ipv4/icmp_echo_ignore_all</DT
><DD
><P
>Don't act on echo packets at all. Please don't set this by default, but if
you are used as a relay in a DoS attack, it may be useful.</P
></DD
><DT
>/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts [Useful]</DT
><DD
><P
>If you ping the broadcast address of a network, all hosts are supposed to
respond. This makes for a dandy denial-of-service tool. Set this to 1 to
ignore these broadcast messages.</P
></DD
><DT
>/proc/sys/net/ipv4/icmp_echoreply_rate</DT
><DD
><P
>The rate at which echo replies are sent to any one destination.</P
></DD
><DT
>/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses</DT
><DD
><P
>Set this to ignore ICMP errors caused by hosts in the network reacting badly
to frames sent to what they perceive to be the broadcast address.</P
></DD
><DT
>/proc/sys/net/ipv4/icmp_paramprob_rate</DT
><DD
><P
>A relatively unknown ICMP message, which is sent in response to incorrect
packets with broken IP or TCP headers. With this file you can control the
rate at which it is sent.</P
></DD
><DT
>/proc/sys/net/ipv4/icmp_timeexceed_rate</DT
><DD
><P
>This the famous cause of the 'Solaris middle star' in traceroutes. Limits
number of ICMP Time Exceeded messages sent. </P
></DD
><DT
>/proc/sys/net/ipv4/igmp_max_memberships</DT
><DD
><P
>Maximum number of listening igmp (multicast) sockets on the host.
FIXME: Is this true?</P
></DD
><DT
>/proc/sys/net/ipv4/inet_peer_gc_maxtime</DT
><DD
><P
>FIXME: Add a little explanation about the inet peer storage?
Minimum interval between garbage collection passes. This interval is in
effect under low (or absent) memory pressure on the pool. Measured in
jiffies.</P
></DD
><DT
>/proc/sys/net/ipv4/inet_peer_gc_mintime</DT
><DD
><P
>Minimum interval between garbage collection passes. This interval is in
effect under high memory pressure on the pool. Measured in jiffies.</P
></DD
><DT
>/proc/sys/net/ipv4/inet_peer_maxttl</DT
><DD
><P
>Maximum time-to-live of entries. Unused entries will expire after this
period of time if there is no memory pressure on the pool (i.e. when the
number of entries in the pool is very small). Measured in jiffies.</P
></DD
><DT
>/proc/sys/net/ipv4/inet_peer_minttl</DT
><DD
><P
>Minimum time-to-live of entries. Should be enough to cover fragment
time-to-live on the reassembling side. This minimum time-to-live
is guaranteed if the pool size is less than inet_peer_threshold.
Measured in jiffies.</P
></DD
><DT
>/proc/sys/net/ipv4/inet_peer_threshold</DT
><DD
><P
>The approximate size of the INET peer storage. Starting from this threshold
entries will be thrown aggressively. This threshold also determines
entries' time-to-live and time intervals between garbage collection passes.
More entries, less time-to-live, less GC interval.</P
></DD
><DT
>/proc/sys/net/ipv4/ip_autoconfig</DT
><DD
><P
>This file contains the number one if the host received its IP configuration by
RARP, BOOTP, DHCP or a similar mechanism. Otherwise it is zero.</P
></DD
><DT
>/proc/sys/net/ipv4/ip_default_ttl</DT
><DD
><P
>Time To Live of packets. Set to a safe 64. Raise it if you have a huge
network. Don't do so for fun - routing loops cause much more damage that
way. You might even consider lowering it in some circumstances.</P
></DD
><DT
>/proc/sys/net/ipv4/ip_dynaddr</DT
><DD
><P
>You need to set this if you use dial-on-demand with a dynamic interface
address. Once your demand interface comes up, any local TCP sockets which haven't seen replies will be rebound to have the right address. This solves the problem that the
connection that brings up your interface itself does not work, but the
second try does.</P
></DD
><DT
>/proc/sys/net/ipv4/ip_forward</DT
><DD
><P
>If the kernel should attempt to forward packets. Off by default.</P
></DD
><DT
>/proc/sys/net/ipv4/ip_local_port_range</DT
><DD
><P
>Range of local ports for outgoing connections. Actually quite small by
default, 1024 to 4999.</P
></DD
><DT
>/proc/sys/net/ipv4/ip_no_pmtu_disc</DT
><DD
><P
>Set this if you want to disable Path MTU discovery - a technique to
determine the largest Maximum Transfer Unit possible on your path. See also
the section on Path MTU discovery in the
<I
CLASS="CITETITLE"
><A
HREF="lartc.cookbook.html"
>Cookbook</A
></I
> chapter.</P
></DD
><DT
>/proc/sys/net/ipv4/ipfrag_high_thresh</DT
><DD
><P
>Maximum memory used to reassemble IP fragments. When
ipfrag_high_thresh bytes of memory is allocated for this purpose,
the fragment handler will toss packets until ipfrag_low_thresh
is reached.</P
></DD
><DT
>/proc/sys/net/ipv4/ip_nonlocal_bind</DT
><DD
><P
>Set this if you want your applications to be able to bind to an address
which doesn't belong to a device on your system. This can be useful when
your machine is on a non-permanent (or even dynamic) link, so your services
are able to start up and bind to a specific address when your link is down.</P
></DD
><DT
>/proc/sys/net/ipv4/ipfrag_low_thresh</DT
><DD
><P
>Minimum memory used to reassemble IP fragments.</P
></DD
><DT
>/proc/sys/net/ipv4/ipfrag_time</DT
><DD
><P
>Time in seconds to keep an IP fragment in memory.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_abort_on_overflow</DT
><DD
><P
>A boolean flag controlling the behaviour under lots of incoming connections.
When enabled, this causes the kernel to actively send RST packets when a
service is overloaded.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_fin_timeout</DT
><DD
><P
>Time to hold socket in state FIN-WAIT-2, if it was closed by our side. Peer
can be broken and never close its side, or even died unexpectedly. Default
value is 60sec. Usual value used in 2.2 was 180 seconds, you may restore it,
but remember that if your machine is even underloaded WEB server, you risk
to overflow memory with kilotons of dead sockets, FIN-WAIT-2 sockets are
less dangerous than FIN-WAIT-1, because they eat maximum 1.5K of memory, but
they tend to live longer. Cf. tcp_max_orphans.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_keepalive_time</DT
><DD
><P
>How often TCP sends out keepalive messages when keepalive is enabled.
Default: 2hours.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_keepalive_intvl</DT
><DD
><P
>How frequent probes are retransmitted, when a probe isn't acknowledged.
Default: 75 seconds.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_keepalive_probes</DT
><DD
><P
>How many keepalive probes TCP will send, until it decides that the
connection is broken.
Default value: 9.
Multiplied with tcp_keepalive_intvl, this gives the time a link can be
non-responsive after a keepalive has been sent.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_max_orphans</DT
><DD
><P
>Maximal number of TCP sockets not attached to any user file handle, held by
system. If this number is exceeded orphaned connections are reset
immediately and warning is printed. This limit exists only to prevent simple
DoS attacks, you _must_ not rely on this or lower the limit artificially,
but rather increase it (probably, after increasing installed memory), if
network conditions require more than default value, and tune network
services to linger and kill such states more aggressively. Let me remind you
again: each orphan eats up to <20>64K of unswappable memory.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_orphan_retries</DT
><DD
><P
>How may times to retry before killing TCP connection, closed by our side.
Default value 7 corresponds to <20>50sec-16min depending on RTO. If your machine
is a loaded WEB server, you should think about lowering this value, such
sockets may consume significant resources. Cf. tcp_max_orphans.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_max_syn_backlog</DT
><DD
><P
>Maximal number of remembered connection requests, which still did not
receive an acknowledgment from connecting client. Default value is 1024 for
systems with more than 128Mb of memory, and 128 for low memory machines. If
server suffers of overload, try to increase this number. Warning! If you
make it greater than 1024, it would be better to change TCP_SYNQ_HSIZE in
include/net/tcp.h to keep TCP_SYNQ_HSIZE*16&#60;=tcp_max_syn_backlog and to
recompile kernel.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_max_tw_buckets</DT
><DD
><P
>Maximal number of timewait sockets held by system simultaneously. If this
number is exceeded time-wait socket is immediately destroyed and warning is
printed. This limit exists only to prevent simple DoS attacks, you _must_
not lower the limit artificially, but rather increase it (probably, after
increasing installed memory), if network conditions require more than
default value.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_retrans_collapse</DT
><DD
><P
>Bug-to-bug compatibility with some broken printers.
On retransmit try to send bigger packets to work around bugs in
certain TCP stacks.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_retries1</DT
><DD
><P
>How many times to retry before deciding that something is wrong
and it is necessary to report this suspicion to network layer.
Minimal RFC value is 3, it is default, which corresponds
to <20>3sec-8min depending on RTO.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_retries2</DT
><DD
><P
>How may times to retry before killing alive TCP connection.
<A
HREF="http://www.ietf.org/rfc/rfc1122.txt"
TARGET="_top"
>RFC 1122</A
>
says that the limit should be longer than 100 sec.
It is too small number. Default value 15 corresponds to <20>13-30min
depending on RTO.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_rfc1337</DT
><DD
><P
>This boolean enables a fix for 'time-wait assassination hazards in tcp', described
in RFC 1337. If enabled, this causes the kernel to drop RST packets for
sockets in the time-wait state.
Default: 0</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_sack</DT
><DD
><P
>Use Selective ACK which can be used to signify that specific packets are
missing - therefore helping fast recovery.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_stdurg</DT
><DD
><P
>Use the Host requirements interpretation of the TCP urg pointer
field.
Most hosts use the older BSD interpretation, so if you turn this on
Linux might not communicate correctly with them.
Default: FALSE </P
></DD
><DT
>/proc/sys/net/ipv4/tcp_syn_retries</DT
><DD
><P
>Number of SYN packets the kernel will send before giving up on the new
connection.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_synack_retries</DT
><DD
><P
>To open the other side of the connection, the kernel sends a SYN with a
piggybacked ACK on it, to acknowledge the earlier received SYN. This is part
2 of the threeway handshake. This setting determines the number of SYN+ACK
packets sent before the kernel gives up on the connection.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_timestamps</DT
><DD
><P
>Timestamps are used, amongst other things, to protect against wrapping
sequence numbers. A 1 gigabit link might conceivably re-encounter a previous
sequence number with an out-of-line value, because it was of a previous
generation. The timestamp will let it recognize this 'ancient packet'.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_tw_recycle</DT
><DD
><P
>Enable fast recycling TIME-WAIT sockets. Default value is 1.
It should not be changed without advice/request of technical experts.</P
></DD
><DT
>/proc/sys/net/ipv4/tcp_window_scaling</DT
><DD
><P
>TCP/IP normally allows windows up to 65535 bytes big. For really fast
networks, this may not be enough. The window scaling options allows for
almost gigabyte windows, which is good for high bandwidth*delay products.</P
></DD
></DL
></DIV
></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1433"
></A
>13.2.2. Per device settings</H2
><P
>DEV can either stand for a real interface, or for 'all' or 'default'.
Default also changes settings for interfaces yet to be created.
<P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>/proc/sys/net/ipv4/conf/DEV/accept_redirects</DT
><DD
><P
>If a router decides that you are using it for a wrong purpose (ie, it needs
to resend your packet on the same interface), it will send us a ICMP
Redirect. This is a slight security risk however, so you may want to turn it
off, or use secure redirects.</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/accept_source_route</DT
><DD
><P
>Not used very much anymore. You used to be able to give a packet a list of
IP addresses it should visit on its way. Linux can be made to honor this IP
option.</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/bootp_relay</DT
><DD
><P
>Accept packets with source address 0.b.c.d with destinations not to this host
as local ones. It is supposed that a BOOTP relay daemon will catch and forward
such packets.</P
><P
>The default is 0, since this feature is not implemented yet (kernel version
2.2.12).</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/forwarding</DT
><DD
><P
>Enable or disable IP forwarding on this interface.</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/log_martians</DT
><DD
><P
>See the section on
<I
CLASS="CITETITLE"
><A
HREF="lartc.kernel.rpf.html"
>Reverse Path Filtering</A
></I
>.</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/mc_forwarding</DT
><DD
><P
>If we do multicast forwarding on this interface</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/proxy_arp</DT
><DD
><P
>If you set this to 1, this interface will respond to ARP requests for
addresses the kernel has routes to. Can be very useful when building 'ip
pseudo bridges'. Do take care that your netmasks are very correct before
enabling this! Also be aware that the rp_filter, mentioned elsewhere, also
operates on ARP queries!</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/rp_filter</DT
><DD
><P
>See the section on
<I
CLASS="CITETITLE"
><A
HREF="lartc.kernel.rpf.html"
>Reverse Path Filtering</A
></I
>.</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/secure_redirects</DT
><DD
><P
>Accept ICMP redirect messages only for gateways, listed in default gateway
list. Enabled by default.</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/send_redirects</DT
><DD
><P
>If we send the above mentioned redirects.</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/shared_media</DT
><DD
><P
>If it is not set the kernel does not assume that different subnets on this
device can communicate directly. Default setting is 'yes'.</P
></DD
><DT
>/proc/sys/net/ipv4/conf/DEV/tag</DT
><DD
><P
>FIXME: fill this in</P
></DD
></DL
></DIV
></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1490"
></A
>13.2.3. Neighbor policy</H2
><P
>Dev can either stand for a real interface, or for 'all' or 'default'.
Default also changes settings for interfaces yet to be created.
<P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>/proc/sys/net/ipv4/neigh/DEV/anycast_delay</DT
><DD
><P
>Maximum for random delay of answers to neighbor solicitation messages in
jiffies (1/100 sec). Not yet implemented (Linux does not have anycast support
yet).</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/app_solicit</DT
><DD
><P
>Determines the number of requests to send to the user level ARP daemon. Use 0
to turn off.</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/base_reachable_time</DT
><DD
><P
>A base value used for computing the random reachable time value as specified
in RFC2461.</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/delay_first_probe_time</DT
><DD
><P
>Delay for the first time probe if the neighbor is reachable. (see
gc_stale_time)</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/gc_stale_time</DT
><DD
><P
>Determines how often to check for stale ARP entries. After an ARP entry is
stale it will be resolved again (which is useful when an IP address migrates
to another machine). When ucast_solicit is greater than 0 it first tries to
send an ARP packet directly to the known host When that fails and
mcast_solicit is greater than 0, an ARP request is broadcast.</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/locktime</DT
><DD
><P
>An ARP/neighbor entry is only replaced with a new one if the old is at least
locktime old. This prevents ARP cache thrashing.</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/mcast_solicit</DT
><DD
><P
>Maximum number of retries for multicast solicitation.</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/proxy_delay</DT
><DD
><P
>Maximum time (real time is random [0..proxytime]) before answering to an ARP
request for which we have an proxy ARP entry. In some cases, this is used to
prevent network flooding.</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/proxy_qlen</DT
><DD
><P
>Maximum queue length of the delayed proxy arp timer. (see proxy_delay).</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/retrans_time</DT
><DD
><P
>The time, expressed in jiffies (1/100 sec), between retransmitted Neighbor
Solicitation messages. Used for address resolution and to determine if a
neighbor is unreachable.</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/ucast_solicit</DT
><DD
><P
>Maximum number of retries for unicast solicitation.</P
></DD
><DT
>/proc/sys/net/ipv4/neigh/DEV/unres_qlen</DT
><DD
><P
>Maximum queue length for a pending arp request - the number of packets which
are accepted from other layers while the ARP address is still resolved.</P
></DD
><DT
>Internet QoS: Architectures and Mechanisms for Quality of Service,
Zheng Wang, ISBN 1-55860-608-4</DT
><DD
><P
>Hardcover textbook covering topics
related to Quality of Service. Good for understanding basic concepts.</P
></DD
></DL
></DIV
></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN1546"
></A
>13.2.4. Routing settings</H2
><P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>/proc/sys/net/ipv4/route/error_burst</DT
><DD
><P
>These parameters are used to limit the warning messages written to the kernel
log from the routing code. The higher the error_cost factor is, the fewer
messages will be written. Error_burst controls when messages will be dropped.
The default settings limit warning messages to one every five seconds.</P
></DD
><DT
>/proc/sys/net/ipv4/route/error_cost</DT
><DD
><P
>These parameters are used to limit the warning messages written to the kernel
log from the routing code. The higher the error_cost factor is, the fewer
messages will be written. Error_burst controls when messages will be dropped.
The default settings limit warning messages to one every five seconds.</P
></DD
><DT
>/proc/sys/net/ipv4/route/flush</DT
><DD
><P
>Writing to this file results in a flush of the routing cache.</P
></DD
><DT
>/proc/sys/net/ipv4/route/gc_elasticity</DT
><DD
><P
>Values to control the frequency and behavior of the garbage collection
algorithm for the routing cache. This can be important for when doing
fail over. At least gc_timeout seconds will elapse before Linux will skip
to another route because the previous one has died. By default set to 300,
you may want to lower it if you want to have a speedy fail over.</P
><P
>Also see <A
HREF="http://mailman.ds9a.nl/pipermail/lartc/2002q1/002667.html"
TARGET="_top"
>this post</A
> by Ard van Breemen.</P
></DD
><DT
>/proc/sys/net/ipv4/route/gc_interval</DT
><DD
><P
>See /proc/sys/net/ipv4/route/gc_elasticity.</P
></DD
><DT
>/proc/sys/net/ipv4/route/gc_min_interval</DT
><DD
><P
>See /proc/sys/net/ipv4/route/gc_elasticity.</P
></DD
><DT
>/proc/sys/net/ipv4/route/gc_thresh</DT
><DD
><P
>See /proc/sys/net/ipv4/route/gc_elasticity.</P
></DD
><DT
>/proc/sys/net/ipv4/route/gc_timeout</DT
><DD
><P
>See /proc/sys/net/ipv4/route/gc_elasticity.</P
></DD
><DT
>/proc/sys/net/ipv4/route/max_delay</DT
><DD
><P
>Delays for flushing the routing cache.</P
></DD
><DT
>/proc/sys/net/ipv4/route/max_size</DT
><DD
><P
>Maximum size of the routing cache. Old entries will be purged once the cache
reached has this size.</P
></DD
><DT
>/proc/sys/net/ipv4/route/min_adv_mss</DT
><DD
><P
>FIXME: fill this in</P
></DD
><DT
>/proc/sys/net/ipv4/route/min_delay</DT
><DD
><P
>Delays for flushing the routing cache.</P
></DD
><DT
>/proc/sys/net/ipv4/route/min_pmtu</DT
><DD
><P
>FIXME: fill this in</P
></DD
><DT
>/proc/sys/net/ipv4/route/mtu_expires</DT
><DD
><P
>FIXME: fill this in</P
></DD
><DT
>/proc/sys/net/ipv4/route/redirect_load</DT
><DD
><P
>Factors which determine if more ICMP redirects should be sent to a specific
host. No redirects will be sent once the load limit or the maximum number of
redirects has been reached.</P
></DD
><DT
>/proc/sys/net/ipv4/route/redirect_number</DT
><DD
><P
>See /proc/sys/net/ipv4/route/redirect_load.</P
></DD
><DT
>/proc/sys/net/ipv4/route/redirect_silence</DT
><DD
><P
>Timeout for redirects. After this period redirects will be sent again, even if
this has been stopped, because the load or number limit has been reached.</P
></DD
></DL
></DIV
></P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="lartc.kernel.rpf.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="lartc.adv-qdisc.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Reverse Path Filtering</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="lartc.kernel.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Advanced &#38; less common queueing disciplines</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink