|
|
Parameter | Dflt | Min | Max |
---|---|---|---|
arpprintfs | 0 | 0 | 1 |
arp_maxretries | 5 | 1 | 128 |
arpt_down | 20 | 1 | 600 |
arpt_keep | 1200 | 1 | 2400 |
arpt_prune | 300 | 1 | 1800 |
Parameter | Dflt | Min | Max |
---|---|---|---|
NFLXSR_AGE | 5 | 1 | 120 |
Parameter | Dflt | Min | Max |
---|---|---|---|
icmp_answermask | 0 | 0 | 1 |
icmp_quenchsz | 32 | 1 | 4096 |
icmp_reply_broadcasts | 0 | 0 | 1 |
icmpprintfs | 0 | 0 | 1 |
Parameter | Dflt | Min | Max |
---|---|---|---|
igmpprintfs | 0 | 0 | 1 |
Parameter | Dflt | Min | Max |
---|---|---|---|
in_fullsize | 1 | 0 | 1 |
in_loglimit | 64 | 1 | 255 |
in_recvspace | 4096 | 2048 | 65535 |
in_sendspace | 8192 | 2048 | 65535 |
ip_checkbroadaddr | 1 | 0 | 1 |
ip_dirbroadcast | 1 | 0 | 1 |
ip_forward_broadcasts | 0 | 0 | 1 |
ip_perform_pmtu | 1 | 0 | 1 |
ip_pmtu_decrease_age | 600 | 32667 | |
ip_pmtu_increase_age | 120 | 0 | 600 |
ip_settos | 1 | 0 | 1 |
ip_subnetsarelocal | 1 | 0 | 1 |
ip_ttl | 64 | 1 | 255 |
ipforwarding | 0 | 0 | 1 |
ipsendredirects | 0 | 0 | 1 |
ipport_reserved_high | 1023 | 0 | 65535 |
ipport_reserved_low | 512 | 0 | 65535 |
ipport_userreserved_high | 65535 | 0 | 65535 |
ipport_userreserved_low | 32768 | 0 | 65535 |
ipnonlocalsrcroute | 0 | 0 | 1 |
ipprintfs | 0 | 0 | 1 |
If you disable PMTU, you should also set tcp_offer_big_mss (described in ``Transmission Control Protocol (TCP) parameters'' to ``0''.
The message ``ICMP Host Unreachable'' is generated for local subnet routing failures. When this value is set to ``0'', the packet size is set to 576 bytes, as specified in RFC 1122.
The default value of ``1'' enables this feature; if set to ``0'', it is disabled.
ipsendredirects controls whether IP will send an ICMP redirect error message to a host when forwarding a packet out of the same interface on which it was received. The message informs the sending host which is the correct router to use in the future. This allows the sending host to adjust its routing table appropriately. This should be set to ``1'' if ipforwarding is set to ``1''.
Parameter | Dflt | Min | Max |
---|---|---|---|
tcp_2msl | 240 | 30 | 240 |
tcp_delay_acks | 1 | 0 | 1 |
tcp_do_rfc1323 | 1 | 0 | 1 |
tcp_initial_timeout | 180 | 1 | 7200 |
tcp_keepalive_port | 0 | 0 | 65535 |
tcp_keepidle | 7200 | 300 | 86400 |
tcp_keepintvl | 75 | 1 | 43200 |
tcp_maxdata | 0x3FFFFFFF | 1 | 0x3FFFFFFF |
tcp_mss_sw_threshold | 1024 | 512 | 4096 |
tcp_mssdflt | 512 | 512 | 32768 |
tcp_nkeep | 8 | 1 | 256 |
tcp_offer_big_mss | 1 | 0 | 1 |
tcp_q0limit | 0 | 1 | 65535 |
tcp_secret | 0 | 2147483647 | |
tcp_seqbits | 21 | 16 | 26 |
tcp_small_recvspace | 4096 | 1024 | 16384 |
tcp_urgbehavior | 1 | 0 | 1 |
tcpalldebug | 0 | 0 | 1 |
tcpconsdebug | 0 | 0 | 1 |
tcpprintfs | 0 | 0 | 1 |
Window size negotiation may be disabled on a per-interface basis by specifying the no1323opt option to ifconfig(ADMN). This is necessary for PPP and SLIP interfaces that allow header compression.
If keepalives are not enabled for a TCP/IP connection, the socket will not be closed should the client hang or reboot. This can lead to the number of bogus ``established'' connections building up over time on the server. These bogus connections consume system resources, and may eventually prevent new connections from being established until the system is rebooted.
If keepalives are enabled, the server will detect broken connections and close the associated sockets. See also the descriptions of tcp_keepidle, tcp_keepintvl and tcp_nkeep.
The minimum and maximum values are ``0'' and ``65535'' (0xffff). The default value of ``0'' means that TCP/IP keepalives are not automatically enabled for any local server port. A value of ``65535'' automatically enables keepalives for TCP/IP connections to all local server ports. A value from ``1'' to ``65534'' selects a single server port on which keepalives are automatically enabled.
A server process can call setsockopt to set SO_KEEPALIVE.
Setting tcp_q0limit modifies the system behavior as follows:
The default value of ``0'' provides the same behavior as in previous releases. The minimum and maximum configurable values are ``1'' and ``65535''. If you set tcp_q0limit to a non-zero value, it should be greater than ``1''. The value must be high enough to cope with peak demand by incoming connection requests. You should also set the value even higher if most of the physical links are low speed and/or high latency.
Use netstat -s -p tcp to display statistics of partial connections that have been dropped.
tcp_secret seeds the random number sequence. Its value can be set to any integer from ``0'' through ``2147483647''.
tcp_seqbits selects the number of bits of tcp_secret that are used to seed the sequence number increment value. The default value represents a compromise between security and the uniqueness of the sequence number. If the value of tcp_seqbits is small, this increases the possibility that an attacker can guess the random number. A large value for tcp_seqbits decreases the time before a given sequence number occurs again.
Parameter | Dflt | Min | Max |
---|---|---|---|
udpprintfs | 0 | 0 | 1 |