tcp_2msl-
Sets the time, in seconds, that a TCP connection will remain in the
TIME_WAIT state waiting for a FIN from the remote side before being
moved to the CLOSED state.
The default time period is ``240'' seconds as
defined by RFC 793.
tcp_delay_acks-
Selects TCP delayed acknowledgements (ACKs)
if set to ``1'' (default), and
selects immediate ACKs if set to ``0''.
If delayed ACKs are set, TCP does not send an ACK
immediately on receiving data.
TCP normally delays sending an
ACK to improve the chance that it can
bundle it with transmitted data.
tcp_do_rfc1323-
Control system-wide implementation of TCP performance extensions
including timestamps and large window scaling (as defined
in RFC 1323).
These features provide more efficient and reliable usage of high-bandwidth,
high-latency links.
If set to ``1'' (the default), negotiation is turned on and will
permit a TCP receive window size as large as 1GB.
If set to ``0'', negotiation is
disabled and the largest possible window size is 64K.
Window size negotiation may be disabled on a per-interface basis by
specifying the no1323opt option to
ifconfig(ADMN).
This is necessary for
PPP and SLIP interfaces that allow header compression.
tcp_initial_timeout-
Sets the TCP/IP retransmit time for an initial SYN
segment when establishing a connection.
(See also the description of tcp_q0limit.)
The default value is ``180'' seconds as defined by RFC 1122.
The minimum and maximum configurable values are ``1''
and ``7200'' seconds.
tcp_keepalive_port-
Selects a local TCP/IP server port for which incoming TCP/IP
connections will automatically set the
SO_KEEPALIVE option
to enable TCP/IP keepalives.
If keepalives are not enabled for a TCP/IP connection,
the socket will not be closed should the client hang or reboot.
This can lead to the number of bogus ``established'' connections
building up over time on the server.
These bogus connections consume system resources,
and may eventually prevent new connections from being established
until the system is rebooted.
If keepalives are enabled, the server will
detect broken connections and close the associated sockets.
See also the descriptions of tcp_keepidle,
tcp_keepintvl and tcp_nkeep.
The minimum and maximum values are ``0'' and ``65535'' (0xffff).
The default value of ``0'' means that TCP/IP keepalives are not
automatically enabled for any local server port.
A value of ``65535'' automatically enables keepalives
for TCP/IP connections to all local server ports.
A value from ``1'' to ``65534'' selects a
single server port on which keepalives are automatically enabled.
NOTE:
The settings of this parameter are not cumulative; it
can only be used to set automatic TCP/IP keepalives
on none, one, or all of the server ports.
Automatic keepalives will be disabled on a server port if
subsequently enabled for a different port.
A server process can call setsockopt to set SO_KEEPALIVE.
tcp_keepidle-
Sets the idle time before TCP/IP keepalives are sent (if enabled).
The default value is ``7200'' seconds.
The minimum and maximum configurable values are ``300''
and ``86400'' seconds.
tcp_keepintvl-
Sets the TCP/IP keepalive interval between keepalive packets once they
start being sent.
The default value is ``75'' seconds.
The minimum and maximum configurable values are ``1''
and ``43200'' seconds.
tcp_maxdata-
Sets the maximum TCP receive window size in bytes if
tcp_do_rfc1323 is set to ``1'' to enable large window scaling.
The maximum and default value is ``0x3FFFFFFF'' (1GB-1).
tcp_mss_sw_threshold-
Defines the small window threshold for interface MTUs.
If the MTU of an interface is small enough to force TCP
to use an MSS smaller than this threshold, then TCP
will use the receive window size specified by tcp_small_recvspace.
This is an optimization to avoid buffering too much
data on low-speed links such as SLIP and PPP.
tcp_mssdflt-
Sets the default TCP segment size to use on interfaces
for which no MSS and Path MTU information is available.
You should keep the value of this parameter small if possible.
tcp_nkeep-
Sets the number of TCP/IP keepalives that will be sent before
giving up.
tcp_offer_big_mss-
In order to get the maximum benefit out of Path MTU
(PMTU) discovery,
TCP normally offers an MSS that is derived from
the local interface MTU (after subtracting the packet header sizes).
This allows the remote system to
send the biggest segments that the network can handle.
Set this parameter to ``0'' for systems that cannot handle this, or that
do not implement PMTU discovery.
This causes TCP to offer a smaller MTU
for non-local connections.
See ip_subnetsarelocal in
``Internet protocol version 4 (IPv4) parameters''.
The default value of ``1'' (offer it) allows maximum benefit to be
gained from PMTU discovery; a value of ``0'' disables this.
tcp_q0limit-
Sets the minimum length of the pending (3-way handshake incomplete)
connection queue for a TCP endpoint.
This protects a server against SYN flood attacks.
When the pending connection queue is full
and a new connection request arrives,
the kernel will randomly drop an outstanding partial connection
from the pending queue and add the new connection to the queue.
Setting tcp_q0limit modifies the system behavior as follows:
-
The backlog parameter to
listen(SSC-osr5)
specifies the maximum number of established
(3-way handshake complete) connections that
the kernel will queue for a given socket while
accept(SSC-osr5)
is processing them.
In previous releases, backlog specified
the maximum length of both the pending and
established queues for a socket.
-
If a pending connection is dropped, the connection is terminated
(by sending RST) and the client will receive an appropriate
error (usually ECONNRESET).
-
At least 800 bytes of memory are allocated
to each partial connection. This implies that
each listening port could potentially use
tcp_q0limit
800 bytes.
The default value of ``0'' provides the same behavior as in
previous releases.
The minimum and maximum configurable values are ``1'' and ``65535''.
If you set tcp_q0limit to a non-zero value,
it should be greater than ``1''.
The value must be high enough to cope with peak demand
by incoming connection requests. You should also set the
value even higher if most of the physical links are low speed
and/or high latency.
Use netstat -s -p tcp
to display statistics of partial connections that have been dropped.
tcp_secret-
tcp_seqbits-
To protect against IP address spoofing attacks, a random element is
introduced into how TCP chooses the initial send
sequence number and its increment.
tcp_secret seeds the random number sequence.
Its value can be set to any integer from ``0''
through ``2147483647''.
tcp_seqbits selects the number of bits of tcp_secret
that are used to seed the sequence number increment value.
The default value represents
a compromise between security and the uniqueness of the sequence number.
If the value of tcp_seqbits is small, this increases the
possibility that an attacker can guess the random number.
A large value for tcp_seqbits
decreases the time before a given sequence number occurs again.
tcp_small_recvspace-
If the MTU is less than the small window threshold,
tcp_mss_sw_threshold,
sets the receive window size to use on interfaces that require small windows.
tcp_urgbehavior-
Controls how TCP interprets urgent data.
If set to ``0'', it interprets it in RFC
1122 mode; if set to ``1'' (the default), it interprets it
in BSD mode.
tcpalldebug-
If set to ``1'', captures trace information for all connections.
The default value causes TCP to trace only those
connections that set the SO_DEBUG option.
This information can be retrieved using the
trpt(ADMN)
command, or displayed on the console if tcpconsdebug is set.
tcpconsdebug-
Directs TCP/IP connection trace output to the console if set
to ``1'' (see also tcpalldebug).
tcpprintfs-
Controls logging of warnings from the kernel TCP driver.
These are displayed on the console.
If set to ``0'' (the default), debugging information is not displayed.
If set to a non-zero value, debugging information is displayed.