Configuring kernel parameters

Networking parameters

Address resolution protocol (ARP) parameters

Parameter Dflt Min Max
arpprintfs 0 0 1
arp_maxretries 5 1 128
arpt_down 20 1 600
arpt_keep 1200 1 2400
arpt_prune 300 1 1800

Controls logging of warnings from the kernel ARP driver. These are displayed on the console. If set to ``0'' (the default), debugging information is not displayed. If set to a non-zero value, debugging information is displayed.

Sets the maximum number of retries for the address resolution protocol (ARP) before it gives up.

Sets the time, in seconds, to hold onto an incomplete ARP cache entry if ARP lookup fails.

Sets the time, in seconds, to keep a valid entry in the ARP cache.

Sets the interval, in seconds, between scanning the ARP table for stale entries.

Compaq Netflex token ring parameters

Parameter Dflt Min Max
NFLXSR_AGE 5 1 120

Specifies the number of minutes for each routing entry to stay alive in the source routing table.

Internet control message protocol version 4 (ICMPv4) parameters

Parameter Dflt Min Max
icmp_answermask 0 0 1
icmp_quenchsz 32 1 4096
icmp_reply_broadcasts 0 0 1
icmpprintfs 0 0 1

If set to ``1'', the system will respond to ICMP subnet mask request messages. This parameter must be set to ``1'' to support certain hosts such as diskless workstations. The default value is ``0'', do not respond, as specified in RFC 1122.

Controls how many addresses to remember every 200ms when performing ICMP source quenching. If a host's address is remembered, this ensures that no more than five quench messages can be sent to it per second.

If set to ``1'', the system will reply to ICMP requests that are directed to broadcast, multicast or experimental addresses. If set to ``0'', the system will not reply to such requests.

Controls logging of warnings from the kernel ICMP driver. These are displayed on the console. If set to ``0'' (the default), debugging information is not displayed. If set to a non-zero value, debugging information is displayed.

Internet group management protocol version 2 (IGMP) parameters

Parameter Dflt Min Max
igmpprintfs 0 0 1

Controls logging of warnings from the kernel IGMP driver. These are displayed on the console. Logging is turned on if this parameter is set to ``1''. If set to ``0'', debugging information is not displayed.

Internet protocol version 4 (IPv4) parameters

Parameter Dflt Min Max
in_fullsize 1 0 1
in_loglimit 64 1 255
in_recvspace 4096 2048 65535
in_sendspace 8192 2048 65535
ip_checkbroadaddr 1 0 1
ip_dirbroadcast 1 0 1
ip_forward_broadcasts 0 0 1
ip_perform_pmtu 1 0 1
ip_pmtu_decrease_age 600   32667
ip_pmtu_increase_age 120 0 600
ip_settos 1 0 1
ip_subnetsarelocal 1 0 1
ip_ttl 64 1 255
ipforwarding 0 0 1
ipsendredirects 0 0 1
ipport_reserved_high 1023 0 65535
ipport_reserved_low 512 0 65535
ipport_userreserved_high 65535 0 65535
ipport_userreserved_low 32768 0 65535
ipnonlocalsrcroute 0 0 1
ipprintfs 0 0 1

NOTE: The number of interfaces supported by IP is dynamic and does not need tuning.

NOTE: The value of the parameters in_fullsize, in_recvspace, and in_sendspace affect the systemwide interface defaults. Their values may be overridden on a per-interface basis. This allows you to mix fast and slow network hardware on the same system with optimal performance parameters defined for each interface. See ifconfig(ADMN).

Controls the systemwide default TCP behavior for attempting to negotiate the use of full-sized segments. If set to ``1'' (the default), TCP attempts to use a segment size equal to the interface MTU minus the size of the TCP/IP headers. If set to ``0'', TCP rounds the segment size down to the nearest multiple of 1K.

Controls how many bytes of the error packet to display when debugging. Note that the appropriate xxxprintfs parameter (such as tcpprintfs) must be set to a non-zero value to enable logging.

Sets the systemwide default size of the TCP/IP receive window in bytes.

Sets the systemwide default size of the TCP/IP send window in bytes. This should be at least as large as the loopback MTU.

Controls whether IP checks whether unicast packets specify a broadcast address. If set to ``1'' (the default as specified in RFC 1122), IP discards non-broadcast packets sent to a link-level broadcast address. In the unlikely event that a data-link driver does not support this, packets may be discarded erroneously. If the netstat -sp ip command shows that many packets cannot be forwarded, set this parameter to ``0'' to turn off checking.

If set to ``1'' (the default), allows receipt of broadcast packets only if they match one of the broadcast addresses configured for the interface upon which the packet was received. If set to ``0'', allows receipt of broadcast packets that match any configured broadcast address.

If set to ``1'', received broadcast packets addressed to the broadcast address of an attached interface are forwarded for broadcasting on the interface. If set to ``0'', rebroadcasting is not permitted.

IP performs Path Maximum Transmission Unit (Path MTU or PMTU) discovery as specified in RFC 1191 if set to ``1'' (the default). This causes IP to send packets with the ``do not fragment'' bit set so that routers will generate ``Fragmentation Required'' messages if they cannot forward the whole packet. Retransmission with a smaller packet size allows the minimum MTU in the path to the destination to be established. If you experience interoperability problems because intermediate routers do not support this feature, a value of ``0'' disables PMTU.

If you disable PMTU, you should also set tcp_offer_big_mss (described in ``Transmission Control Protocol (TCP) parameters'' to ``0''.

Controls how many seconds IP will wait (while performing PMTU) after decreasing an MTU estimate before it starts raising it. If set to ``0xFFFFFFFF'', the estimate is never raised; this is useful if there is only one path out of your local network and its MTU is known to be constant.

Sets the number of seconds between increasing the MTU estimate for a destination once it starts to increase.

If set to ``1'' (the default), IP sets type-of service TOS information (as specified in RFC 1122) in packets that it sends down to the data-link layer. Set this to ``0'' if your network card link-level driver cannot handle this.

The default value of ``1'' specifies that other subnets of the network are to be considered as local -- that is, directly connected. TCP assumes them to be connected via high-MSS paths and adjusts its idea of the MSS to be negotiated. Otherwise, TCP uses the default MSS specified by tcp_mssdflt (described in ``Transmission Control Protocol (TCP) parameters'') -- this is typically 512 bytes in accordance with RFC 793 and RFC 1122. By default, the parameter tcp_offer_big_mss is set to ``1'' so that Path MTU discovery can be used to provide the maximum benefit. If the value of tcp_offer_big_mss is set to ``0'', setting the value of ip_subnetsarelocal to ``1'' allows for good local performance even though PMTU discovery is not used.

The message ``ICMP Host Unreachable'' is generated for local subnet routing failures. When this value is set to ``0'', the packet size is set to 576 bytes, as specified in RFC 1122.

The default value of ``1'' enables this feature; if set to ``0'', it is disabled.

Sets the time to live (TTL) of an IP packet as a number of hops. This value is used by all kernel drivers that need it (including TCP). The default value is ``64'' as recommended by RFC 1340.


If you want to use your machine as a unicast or multicast router, set both these parameters to ``1''. ipforwarding controls whether the system will forward packets sent to it which are destined for another system (that is, act as a router). The default value is ``0'' (off) as defined by RFC 1122. A system acting as a host will still forward source-routed datagrams unless ipnonlocalsrcroute is set to ``0''.

ipsendredirects controls whether IP will send an ICMP redirect error message to a host when forwarding a packet out of the same interface on which it was received. The message informs the sending host which is the correct router to use in the future. This allows the sending host to adjust its routing table appropriately. This should be set to ``1'' if ipforwarding is set to ``1''.




These four parameters control the allocation and verification of reserved and ephemeral port numbers. ipport_reserved_low and ipport_reserved_high set the bottom and top values of the port range which the kernel considers privileged. ipport_userreserved_low and ipport_userreserved_high set the bottom and top values of the port range from which ephemeral ports will be allocated. See inconfig(ADMN) for detailed information about these parameters.

Controls whether source-routed datagrams will be forwarded if they are not destined for the local system. On hosts, the default value is ``0'' (off). If your machine is acting as a router (ipforwarding is set to ``1''), set the value of ipnonlocalsrcroute to ``1'' unless you are concerned that this may open a security hole.

Controls logging of warnings from the kernel IP driver. These are displayed on the console. If set to ``0'' (the default), debugging information is not displayed. If set to a non-zero value, debugging information is displayed.

Transmission Control Protocol (TCP) parameters

Parameter Dflt Min Max
tcp_2msl 240 30 240
tcp_delay_acks 1 0 1
tcp_do_rfc1323 1 0 1
tcp_initial_timeout 180 1 7200
tcp_keepalive_port 0 0 65535
tcp_keepidle 7200 300 86400
tcp_keepintvl 75 1 43200
tcp_maxdata 0x3FFFFFFF 1 0x3FFFFFFF
tcp_mss_sw_threshold 1024 512 4096
tcp_mssdflt 512 512 32768
tcp_nkeep 8 1 256
tcp_offer_big_mss 1 0 1
tcp_q0limit 0 1 65535
tcp_secret   0 2147483647
tcp_seqbits 21 16 26
tcp_small_recvspace 4096 1024 16384
tcp_urgbehavior 1 0 1
tcpalldebug 0 0 1
tcpconsdebug 0 0 1
tcpprintfs 0 0 1

Sets the time, in seconds, that a TCP connection will remain in the TIME_WAIT state waiting for a FIN from the remote side before being moved to the CLOSED state. The default time period is ``240'' seconds as defined by RFC 793.

Selects TCP delayed acknowledgements (ACKs) if set to ``1'' (default), and selects immediate ACKs if set to ``0''. If delayed ACKs are set, TCP does not send an ACK immediately on receiving data. TCP normally delays sending an ACK to improve the chance that it can bundle it with transmitted data.

Control system-wide implementation of TCP performance extensions including timestamps and large window scaling (as defined in RFC 1323). These features provide more efficient and reliable usage of high-bandwidth, high-latency links. If set to ``1'' (the default), negotiation is turned on and will permit a TCP receive window size as large as 1GB. If set to ``0'', negotiation is disabled and the largest possible window size is 64K.

Window size negotiation may be disabled on a per-interface basis by specifying the no1323opt option to ifconfig(ADMN). This is necessary for PPP and SLIP interfaces that allow header compression.

Sets the TCP/IP retransmit time for an initial SYN segment when establishing a connection. (See also the description of tcp_q0limit.) The default value is ``180'' seconds as defined by RFC 1122. The minimum and maximum configurable values are ``1'' and ``7200'' seconds.

Selects a local TCP/IP server port for which incoming TCP/IP connections will automatically set the SO_KEEPALIVE option to enable TCP/IP keepalives.

If keepalives are not enabled for a TCP/IP connection, the socket will not be closed should the client hang or reboot. This can lead to the number of bogus ``established'' connections building up over time on the server. These bogus connections consume system resources, and may eventually prevent new connections from being established until the system is rebooted.

If keepalives are enabled, the server will detect broken connections and close the associated sockets. See also the descriptions of tcp_keepidle, tcp_keepintvl and tcp_nkeep.

The minimum and maximum values are ``0'' and ``65535'' (0xffff). The default value of ``0'' means that TCP/IP keepalives are not automatically enabled for any local server port. A value of ``65535'' automatically enables keepalives for TCP/IP connections to all local server ports. A value from ``1'' to ``65534'' selects a single server port on which keepalives are automatically enabled.

NOTE: The settings of this parameter are not cumulative; it can only be used to set automatic TCP/IP keepalives on none, one, or all of the server ports. Automatic keepalives will be disabled on a server port if subsequently enabled for a different port.

A server process can call setsockopt to set SO_KEEPALIVE.

Sets the idle time before TCP/IP keepalives are sent (if enabled). The default value is ``7200'' seconds. The minimum and maximum configurable values are ``300'' and ``86400'' seconds.

Sets the TCP/IP keepalive interval between keepalive packets once they start being sent. The default value is ``75'' seconds. The minimum and maximum configurable values are ``1'' and ``43200'' seconds.

Sets the maximum TCP receive window size in bytes if tcp_do_rfc1323 is set to ``1'' to enable large window scaling. The maximum and default value is ``0x3FFFFFFF'' (1GB-1).

Defines the small window threshold for interface MTUs. If the MTU of an interface is small enough to force TCP to use an MSS smaller than this threshold, then TCP will use the receive window size specified by tcp_small_recvspace. This is an optimization to avoid buffering too much data on low-speed links such as SLIP and PPP.

Sets the default TCP segment size to use on interfaces for which no MSS and Path MTU information is available. You should keep the value of this parameter small if possible.

Sets the number of TCP/IP keepalives that will be sent before giving up.

In order to get the maximum benefit out of Path MTU (PMTU) discovery, TCP normally offers an MSS that is derived from the local interface MTU (after subtracting the packet header sizes). This allows the remote system to send the biggest segments that the network can handle. Set this parameter to ``0'' for systems that cannot handle this, or that do not implement PMTU discovery. This causes TCP to offer a smaller MTU for non-local connections. See ip_subnetsarelocal in ``Internet protocol version 4 (IPv4) parameters''. The default value of ``1'' (offer it) allows maximum benefit to be gained from PMTU discovery; a value of ``0'' disables this.

Sets the minimum length of the pending (3-way handshake incomplete) connection queue for a TCP endpoint. This protects a server against SYN flood attacks. When the pending connection queue is full and a new connection request arrives, the kernel will randomly drop an outstanding partial connection from the pending queue and add the new connection to the queue.

Setting tcp_q0limit modifies the system behavior as follows:

The default value of ``0'' provides the same behavior as in previous releases. The minimum and maximum configurable values are ``1'' and ``65535''. If you set tcp_q0limit to a non-zero value, it should be greater than ``1''. The value must be high enough to cope with peak demand by incoming connection requests. You should also set the value even higher if most of the physical links are low speed and/or high latency.

Use netstat -s -p tcp to display statistics of partial connections that have been dropped.


To protect against IP address spoofing attacks, a random element is introduced into how TCP chooses the initial send sequence number and its increment.

tcp_secret seeds the random number sequence. Its value can be set to any integer from ``0'' through ``2147483647''.

tcp_seqbits selects the number of bits of tcp_secret that are used to seed the sequence number increment value. The default value represents a compromise between security and the uniqueness of the sequence number. If the value of tcp_seqbits is small, this increases the possibility that an attacker can guess the random number. A large value for tcp_seqbits decreases the time before a given sequence number occurs again.

If the MTU is less than the small window threshold, tcp_mss_sw_threshold, sets the receive window size to use on interfaces that require small windows.

Controls how TCP interprets urgent data. If set to ``0'', it interprets it in RFC 1122 mode; if set to ``1'' (the default), it interprets it in BSD mode.

If set to ``1'', captures trace information for all connections. The default value causes TCP to trace only those connections that set the SO_DEBUG option. This information can be retrieved using the trpt(ADMN) command, or displayed on the console if tcpconsdebug is set.

Directs TCP/IP connection trace output to the console if set to ``1'' (see also tcpalldebug).

Controls logging of warnings from the kernel TCP driver. These are displayed on the console. If set to ``0'' (the default), debugging information is not displayed. If set to a non-zero value, debugging information is displayed.

User datagram protocol (UDP) parameters

Parameter Dflt Min Max
udpprintfs 0 0 1

Controls logging of warnings from the kernel UDP driver. These are displayed on the console. If set to ``0'' (the default), debugging information is not displayed. If set to a non-zero value, debugging information is displayed.

Next topic: Process limit parameters
Previous topic: Kernel memory allocator (KMA) parameters

© 2007 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 05 June 2007