docs: net: sysctl documentation cleanup

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add missing default values for networking sysctl parameters and
standardize documentation:
- Use "0 (disabled)" / "1 (enabled)" format consistently
- Fix cipso_rbm_struct_valid -> cipso_rbm_strictvalid typo
- Convert fwmark_reflect description to enabled/disabled terminology
- Document possible values for tcp_autocorking

Also addresses formatting inconsistencies in touched parameters.

Signed-off-by: Abdelrahman Fekry <abdelrahmanfekry375@gmail.com>
Reviewed-by: Bagas Sanjaya <bagasdotme@gmail.com>
Link: https://patch.msgid.link/20250624150923.40590-1-abdelrahmanfekry375@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

authored by

Abdelrahman Fekry and committed by

Paolo Abeni 9 months ago 5cfb2ac2 0afcde80

+521 -153

1 changed file

expand all

Documentation

networking

ip-sysctl.rst

+521 -153

Documentation/networking/ip-sysctl.rst

··· 8 8 ============================== 9 9 10 10 ip_forward - BOOLEAN 11 - - 0 - disabled (default) 12 - - not 0 - enabled 13 - 14 11 Forward Packets between interfaces. 15 12 16 13 This variable is special, its change resets all configuration 17 14 parameters to their default state (RFC1122 for hosts, RFC1812 18 15 for routers) 16 + 17 + Possible values: 18 + 19 + - 0 (disabled) 20 + - 1 (enabled) 21 + 22 + Default: 0 (disabled) 19 23 20 24 ip_default_ttl - INTEGER 21 25 Default value of TTL field (Time To Live) for outgoing (but not ··· 66 62 kernel honoring this information. This is normally not the 67 63 case. 68 64 69 - Default: 0 (disabled) 70 - 71 65 Possible values: 72 66 73 - - 0 - disabled 74 - - 1 - enabled 67 + - 0 (disabled) 68 + - 1 (enabled) 69 + 70 + Default: 0 (disabled) 75 71 76 72 fwmark_reflect - BOOLEAN 77 73 Controls the fwmark of kernel-generated IPv4 reply packets that are not 78 74 associated with a socket for example, TCP RSTs or ICMP echo replies). 79 - If unset, these packets have a fwmark of zero. If set, they have the 75 + If disabled, these packets have a fwmark of zero. If enabled, they have the 80 76 fwmark of the packet they are replying to. 81 77 82 - Default: 0 78 + Possible values: 79 + 80 + - 0 (disabled) 81 + - 1 (enabled) 82 + 83 + Default: 0 (disabled) 83 84 84 85 fib_multipath_use_neigh - BOOLEAN 85 86 Use status of existing neighbor entry when determining nexthop for ··· 92 83 packets could be directed to a failed nexthop. Only valid for kernels 93 84 built with CONFIG_IP_ROUTE_MULTIPATH enabled. 94 85 95 - Default: 0 (disabled) 96 - 97 86 Possible values: 98 87 99 - - 0 - disabled 100 - - 1 - enabled 88 + - 0 (disabled) 89 + - 1 (enabled) 90 + 91 + Default: 0 (disabled) 101 92 102 93 fib_multipath_hash_policy - INTEGER 103 94 Controls which hash policy to use for multipath routes. Only valid ··· 377 368 queue. Applications can still use TCP_CORK for optimal behavior 378 369 when they know how/when to uncork their sockets. 379 370 380 - Default : 1 371 + Possible values: 372 + 373 + - 0 (disabled) 374 + - 1 (enabled) 375 + 376 + Default: 1 (enabled) 381 377 382 378 tcp_available_congestion_control - STRING 383 379 Shows the available congestion control choices that are registered. ··· 421 407 422 408 tcp_dsack - BOOLEAN 423 409 Allows TCP to send "duplicate" SACKs. 410 + 411 + Possible values: 412 + 413 + - 0 (disabled) 414 + - 1 (enabled) 415 + 416 + Default: 1 (enabled) 424 417 425 418 tcp_early_retrans - INTEGER 426 419 Tail loss probe (TLP) converts RTOs occurring due to tail ··· 468 447 knob. The value is not used, if tcp_ecn or per route (or congestion 469 448 control) ECN settings are disabled. 470 449 471 - Default: 1 (fallback enabled) 450 + Possible values: 451 + 452 + - 0 (disabled) 453 + - 1 (enabled) 454 + 455 + Default: 1 (enabled) 472 456 473 457 tcp_fack - BOOLEAN 474 458 This is a legacy option, it has no effect anymore. ··· 500 474 By default it's enabled with a non-zero value. 0 disables F-RTO. 501 475 502 476 tcp_fwmark_accept - BOOLEAN 503 - If set, incoming connections to listening sockets that do not have a 477 + If enabled, incoming connections to listening sockets that do not have a 504 478 socket mark will set the mark of the accepting socket to the fwmark of 505 479 the incoming SYN packet. This will cause all packets on that connection 506 480 (starting from the first SYNACK) to be sent with that fwmark. The ··· 508 482 have a fwmark set via setsockopt(SOL_SOCKET, SO_MARK, ...) are 509 483 unaffected. 510 484 511 - Default: 0 485 + Possible values: 486 + 487 + - 0 (disabled) 488 + - 1 (enabled) 489 + 490 + Default: 0 (disabled) 512 491 513 492 tcp_invalid_ratelimit - INTEGER 514 493 Limit the maximal rate for sending duplicate acknowledgments ··· 558 527 derived from the listen socket to be bound to the L3 domain in 559 528 which the packets originated. Only valid when the kernel was 560 529 compiled with CONFIG_NET_L3_MASTER_DEV. 530 + 531 + Possible values: 532 + 533 + - 0 (disabled) 534 + - 1 (enabled) 561 535 562 536 Default: 0 (disabled) 563 537 ··· 629 593 Default: 300 630 594 631 595 tcp_moderate_rcvbuf - BOOLEAN 632 - If set, TCP performs receive buffer auto-tuning, attempting to 596 + If enabled, TCP performs receive buffer auto-tuning, attempting to 633 597 automatically size the buffer (no greater than tcp_rmem[2]) to 634 - match the size required by the path for full throughput. Enabled by 635 - default. 598 + match the size required by the path for full throughput. 599 + 600 + Possible values: 601 + 602 + - 0 (disabled) 603 + - 1 (enabled) 604 + 605 + Default: 1 (enabled) 636 606 637 607 tcp_mtu_probing - INTEGER 638 608 Controls TCP Packetization-Layer Path MTU Discovery. Takes three ··· 663 621 when the connection closes, so that connections established in the 664 622 near future can use these to set initial conditions. Usually, this 665 623 increases overall performance, but may sometimes cause performance 666 - degradation. If set, TCP will not cache metrics on closing 624 + degradation. If enabled, TCP will not cache metrics on closing 667 625 connections. 626 + 627 + Possible values: 628 + 629 + - 0 (disabled) 630 + - 1 (enabled) 631 + 632 + Default: 0 (disabled) 668 633 669 634 tcp_no_ssthresh_metrics_save - BOOLEAN 670 635 Controls whether TCP saves ssthresh metrics in the route cache. 636 + If enabled, ssthresh metrics are disabled. 671 637 672 - Default is 1, which disables ssthresh metrics. 638 + Possible values: 639 + 640 + - 0 (disabled) 641 + - 1 (enabled) 642 + 643 + Default: 1 (enabled) 673 644 674 645 tcp_orphan_retries - INTEGER 675 646 This value influences the timeout of a locally closed TCP connection, ··· 721 666 722 667 This options affects both IPv4 and IPv6. 723 668 669 + Possible values: 670 + 671 + - 0 (disabled) 672 + - 1 (enabled) 673 + 724 674 Default: 0 (disabled) 725 675 726 676 tcp_reordering - INTEGER ··· 746 686 Bug-to-bug compatibility with some broken printers. 747 687 On retransmit try to send bigger packets to work around bugs in 748 688 certain TCP stacks. 689 + 690 + Possible values: 691 + 692 + - 0 (disabled) 693 + - 1 (enabled) 694 + 695 + Default: 1 (enabled) 749 696 750 697 tcp_retries1 - INTEGER 751 698 This value influences the time, after which TCP decides, that ··· 781 714 which corresponds to a value of at least 8. 782 715 783 716 tcp_rfc1337 - BOOLEAN 784 - If set, the TCP stack behaves conforming to RFC1337. If unset, 717 + If enabled, the TCP stack behaves conforming to RFC1337. If unset, 785 718 we are not conforming to RFC, but prevent TCP TIME_WAIT 786 719 assassination. 787 720 788 - Default: 0 721 + Possible values: 722 + 723 + - 0 (disabled) 724 + - 1 (enabled) 725 + 726 + Default: 0 (disabled) 789 727 790 728 tcp_rmem - vector of 3 INTEGERs: min, default, max 791 729 min: Minimal size of receive buffer used by TCP sockets. ··· 814 742 tcp_sack - BOOLEAN 815 743 Enable select acknowledgments (SACKS). 816 744 745 + Possible values: 746 + 747 + - 0 (disabled) 748 + - 1 (enabled) 749 + 750 + Default: 1 (enabled) 751 + 817 752 tcp_comp_sack_delay_ns - LONG INTEGER 818 753 TCP tries to reduce number of SACK sent, using a timer 819 754 based on 5% of SRTT, capped by this sysctl, in nano seconds. ··· 843 764 Default : 44 844 765 845 766 tcp_backlog_ack_defer - BOOLEAN 846 - If set, user thread processing socket backlog tries sending 767 + If enabled, user thread processing socket backlog tries sending 847 768 one ACK for the whole queue. This helps to avoid potential 848 769 long latencies at end of a TCP socket syscall. 849 770 850 - Default : true 771 + Possible values: 772 + 773 + - 0 (disabled) 774 + - 1 (enabled) 775 + 776 + Default: 1 (enabled) 851 777 852 778 tcp_slow_start_after_idle - BOOLEAN 853 - If set, provide RFC2861 behavior and time out the congestion 779 + If enabled, provide RFC2861 behavior and time out the congestion 854 780 window after an idle period. An idle period is defined at 855 781 the current RTO. If unset, the congestion window will not 856 782 be timed out after an idle period. 857 783 858 - Default: 1 784 + Possible values: 785 + 786 + - 0 (disabled) 787 + - 1 (enabled) 788 + 789 + Default: 1 (enabled) 859 790 860 791 tcp_stdurg - BOOLEAN 861 792 Use the Host requirements interpretation of the TCP urgent pointer field. 862 - Most hosts use the older BSD interpretation, so if you turn this on 793 + Most hosts use the older BSD interpretation, so if enabled, 863 794 Linux might not communicate correctly with them. 864 795 865 - Default: FALSE 796 + Possible values: 797 + 798 + - 0 (disabled) 799 + - 1 (enabled) 800 + 801 + Default: 0 (disabled) 866 802 867 803 tcp_synack_retries - INTEGER 868 804 Number of times SYNACKs for a passive TCP connection attempt will ··· 934 840 migration by returning SK_DROP in the type of eBPF program, or 935 841 disable this option. 936 842 937 - Default: 0 843 + Possible values: 844 + 845 + - 0 (disabled) 846 + - 1 (enabled) 847 + 848 + Default: 0 (disabled) 938 849 939 850 tcp_fastopen - INTEGER 940 851 Enable TCP Fast Open (RFC7413) to send and accept data in the opening ··· 1120 1021 tcp_window_scaling - BOOLEAN 1121 1022 Enable window scaling as defined in RFC1323. 1122 1023 1024 + Possible values: 1025 + 1026 + - 0 (disabled) 1027 + - 1 (enabled) 1028 + 1029 + Default: 1 (enabled) 1030 + 1123 1031 tcp_shrink_window - BOOLEAN 1124 1032 This changes how the TCP receive window is calculated. 1125 1033 ··· 1134 1028 window can be offered, and that TCP implementations MUST ensure 1135 1029 that they handle a shrinking window, as specified in RFC 1122. 1136 1030 1137 - - 0 - Disabled. The window is never shrunk. 1138 - - 1 - Enabled. The window is shrunk when necessary to remain within 1139 - the memory limit set by autotuning (sk_rcvbuf). 1140 - This only occurs if a non-zero receive window 1141 - scaling factor is also in effect. 1031 + Possible values: 1142 1032 1143 - Default: 0 1033 + - 0 (disabled) - The window is never shrunk. 1034 + - 1 (enabled) - The window is shrunk when necessary to remain within 1035 + the memory limit set by autotuning (sk_rcvbuf). 1036 + This only occurs if a non-zero receive window 1037 + scaling factor is also in effect. 1038 + 1039 + Default: 0 (disabled) 1144 1040 1145 1041 tcp_wmem - vector of 3 INTEGERs: min, default, max 1146 1042 min: Amount of memory reserved for send buffers for TCP sockets. ··· 1179 1071 Default: UINT_MAX (0xFFFFFFFF) 1180 1072 1181 1073 tcp_workaround_signed_windows - BOOLEAN 1182 - If set, assume no receipt of a window scaling option means the 1074 + If enabled, assume no receipt of a window scaling option means the 1183 1075 remote TCP is broken and treats the window as a signed quantity. 1184 - If unset, assume the remote TCP is not broken even if we do 1076 + If disabled, assume the remote TCP is not broken even if we do 1185 1077 not receive a window scaling option from them. 1186 1078 1187 - Default: 0 1079 + Possible values: 1080 + 1081 + - 0 (disabled) 1082 + - 1 (enabled) 1083 + 1084 + Default: 0 (disabled) 1188 1085 1189 1086 tcp_thin_linear_timeouts - BOOLEAN 1190 1087 Enable dynamic triggering of linear timeouts for thin streams. 1191 - If set, a check is performed upon retransmission by timeout to 1088 + If enabled, a check is performed upon retransmission by timeout to 1192 1089 determine if the stream is thin (less than 4 packets in flight). 1193 1090 As long as the stream is found to be thin, up to 6 linear 1194 1091 timeouts may be performed before exponential backoff mode is ··· 1202 1089 For more information on thin streams, see 1203 1090 Documentation/networking/tcp-thin.rst 1204 1091 1205 - Default: 0 1092 + Possible values: 1093 + 1094 + - 0 (disabled) 1095 + - 1 (enabled) 1096 + 1097 + Default: 0 (disabled) 1206 1098 1207 1099 tcp_limit_output_bytes - INTEGER 1208 1100 Controls TCP Small Queue limit per tcp socket. ··· 1259 1141 Default: 0 1260 1142 1261 1143 tcp_plb_enabled - BOOLEAN 1262 - If set and the underlying congestion control (e.g. DCTCP) supports 1144 + If enabled and the underlying congestion control (e.g. DCTCP) supports 1263 1145 and enables PLB feature, TCP PLB (Protective Load Balancing) is 1264 1146 enabled. PLB is described in the following paper: 1265 1147 https://doi.org/10.1145/3544216.3544226. Based on PLB parameters, ··· 1275 1157 by switches to determine next hop. In either case, further host 1276 1158 and switch side changes will be needed. 1277 1159 1278 - When set, PLB assumes that congestion signal (e.g. ECN) is made 1160 + If enabled, PLB assumes that congestion signal (e.g. ECN) is made 1279 1161 available and used by congestion control module to estimate a 1280 1162 congestion measure (e.g. ce_ratio). PLB needs a congestion measure to 1281 1163 make repathing decisions. 1282 1164 1283 - Default: FALSE 1165 + Possible values: 1166 + 1167 + - 0 (disabled) 1168 + - 1 (enabled) 1169 + 1170 + Default: 0 (disabled) 1284 1171 1285 1172 tcp_plb_idle_rehash_rounds - INTEGER 1286 1173 Number of consecutive congested rounds (RTT) seen after which ··· 1385 1262 originated. Only valid when the kernel was compiled with 1386 1263 CONFIG_NET_L3_MASTER_DEV. 1387 1264 1265 + Possible values: 1266 + 1267 + - 0 (disabled) 1268 + - 1 (enabled) 1269 + 1388 1270 Default: 0 (disabled) 1389 1271 1390 1272 udp_mem - vector of 3 INTEGERs: min, pressure, max ··· 1450 1322 originated. Only valid when the kernel was compiled with 1451 1323 CONFIG_NET_L3_MASTER_DEV. 1452 1324 1325 + Possible values: 1326 + 1327 + - 0 (disabled) 1328 + - 1 (enabled) 1329 + 1453 1330 Default: 1 (enabled) 1454 1331 1455 1332 CIPSOv4 Variables 1456 1333 ================= 1457 1334 1458 1335 cipso_cache_enable - BOOLEAN 1459 - If set, enable additions to and lookups from the CIPSO label mapping 1460 - cache. If unset, additions are ignored and lookups always result in a 1336 + If enabled, enable additions to and lookups from the CIPSO label mapping 1337 + cache. If disabled, additions are ignored and lookups always result in a 1461 1338 miss. However, regardless of the setting the cache is still 1462 1339 invalidated when required when means you can safely toggle this on and 1463 1340 off and the cache will always be "safe". 1464 1341 1465 - Default: 1 1342 + Possible values: 1343 + 1344 + - 0 (disabled) 1345 + - 1 (enabled) 1346 + 1347 + Default: 1 (enabled) 1466 1348 1467 1349 cipso_cache_bucket_size - INTEGER 1468 1350 The CIPSO label cache consists of a fixed size hash table with each ··· 1490 1352 This means that when set the CIPSO tag will be padded with empty 1491 1353 categories in order to make the packet data 32-bit aligned. 1492 1354 1493 - Default: 0 1355 + Possible values: 1494 1356 1495 - cipso_rbm_structvalid - BOOLEAN 1496 - If set, do a very strict check of the CIPSO option when 1497 - ip_options_compile() is called. If unset, relax the checks done during 1357 + - 0 (disabled) 1358 + - 1 (enabled) 1359 + 1360 + Default: 0 (disabled) 1361 + 1362 + cipso_rbm_strictvalid - BOOLEAN 1363 + If enabled, do a very strict check of the CIPSO option when 1364 + ip_options_compile() is called. If disabled, relax the checks done during 1498 1365 ip_options_compile(). Either way is "safe" as errors are caught else 1499 1366 where in the CIPSO processing code but setting this to 0 (False) should 1500 1367 result in less work (i.e. it should be faster) but could cause problems 1501 1368 with other implementations that require strict checking. 1502 1369 1503 - Default: 0 1370 + Possible values: 1371 + 1372 + - 0 (disabled) 1373 + - 1 (enabled) 1374 + 1375 + Default: 0 (disabled) 1504 1376 1505 1377 IP Variables 1506 1378 ============ ··· 1567 1419 Default: 1024 1568 1420 1569 1421 ip_nonlocal_bind - BOOLEAN 1570 - If set, allows processes to bind() to non-local IP addresses, 1422 + If enabled, allows processes to bind() to non-local IP addresses, 1571 1423 which can be quite useful - but may break some applications. 1572 1424 1573 - Default: 0 1425 + Possible values: 1426 + 1427 + - 0 (disabled) 1428 + - 1 (enabled) 1429 + 1430 + Default: 0 (disabled) 1574 1431 1575 1432 ip_autobind_reuse - BOOLEAN 1576 1433 By default, bind() does not select the ports automatically even if ··· 1584 1431 when you use bind()+connect(), but may break some applications. 1585 1432 The preferred solution is to use IP_BIND_ADDRESS_NO_PORT and this 1586 1433 option should only be set by experts. 1587 - Default: 0 1434 + 1435 + Possible values: 1436 + 1437 + - 0 (disabled) 1438 + - 1 (enabled) 1439 + 1440 + Default: 0 (disabled) 1588 1441 1589 1442 ip_dynaddr - INTEGER 1590 1443 If set non-zero, enables support for dynamic addresses. ··· 1608 1449 It may add an additional cost for pure routing workloads that 1609 1450 reduces overall throughput, in such case you should disable it. 1610 1451 1611 - Default: 1 1452 + Possible values: 1453 + 1454 + - 0 (disabled) 1455 + - 1 (enabled) 1456 + 1457 + Default: 1 (enabled) 1612 1458 1613 1459 ping_group_range - 2 INTEGERS 1614 1460 Restrict ICMP_PROTO datagram sockets to users in the group range. ··· 1625 1461 tcp_early_demux - BOOLEAN 1626 1462 Enable early demux for established TCP sockets. 1627 1463 1628 - Default: 1 1464 + Possible values: 1465 + 1466 + - 0 (disabled) 1467 + - 1 (enabled) 1468 + 1469 + Default: 1 (enabled) 1629 1470 1630 1471 udp_early_demux - BOOLEAN 1631 1472 Enable early demux for connected UDP sockets. Disable this if 1632 1473 your system could experience more unconnected load. 1633 1474 1634 - Default: 1 1475 + Possible values: 1476 + 1477 + - 0 (disabled) 1478 + - 1 (enabled) 1479 + 1480 + Default: 1 (enabled) 1635 1481 1636 1482 icmp_echo_ignore_all - BOOLEAN 1637 - If set non-zero, then the kernel will ignore all ICMP ECHO 1483 + If enabled, then the kernel will ignore all ICMP ECHO 1638 1484 requests sent to it. 1639 1485 1640 - Default: 0 1486 + Possible values: 1487 + 1488 + - 0 (disabled) 1489 + - 1 (enabled) 1490 + 1491 + Default: 0 (disabled) 1641 1492 1642 1493 icmp_echo_enable_probe - BOOLEAN 1643 - If set to one, then the kernel will respond to RFC 8335 PROBE 1494 + If enabled, then the kernel will respond to RFC 8335 PROBE 1644 1495 requests sent to it. 1645 1496 1646 - Default: 0 1497 + Possible values: 1498 + 1499 + - 0 (disabled) 1500 + - 1 (enabled) 1501 + 1502 + Default: 0 (disabled) 1647 1503 1648 1504 icmp_echo_ignore_broadcasts - BOOLEAN 1649 - If set non-zero, then the kernel will ignore all ICMP ECHO and 1505 + If enabled, then the kernel will ignore all ICMP ECHO and 1650 1506 TIMESTAMP requests sent to it via broadcast/multicast. 1651 1507 1652 - Default: 1 1508 + Possible values: 1509 + 1510 + - 0 (disabled) 1511 + - 1 (enabled) 1512 + 1513 + Default: 1 (enabled) 1653 1514 1654 1515 icmp_ratelimit - INTEGER 1655 1516 Limit the maximal rates for sending ICMP packets whose type matches ··· 1731 1542 icmp_ignore_bogus_error_responses - BOOLEAN 1732 1543 Some routers violate RFC1122 by sending bogus responses to broadcast 1733 1544 frames. Such violations are normally logged via a kernel warning. 1734 - If this is set to TRUE, the kernel will not give such warnings, which 1545 + If enabled, the kernel will not give such warnings, which 1735 1546 will avoid log file clutter. 1736 1547 1737 - Default: 1 1548 + Possible values: 1549 + 1550 + - 0 (disabled) 1551 + - 1 (enabled) 1552 + 1553 + Default: 1 (enabled) 1738 1554 1739 1555 icmp_errors_use_inbound_ifaddr - BOOLEAN 1740 1556 1741 - If zero, icmp error messages are sent with the primary address of 1557 + If disabled, icmp error messages are sent with the primary address of 1742 1558 the exiting interface. 1743 1559 1744 - If non-zero, the message will be sent with the primary address of 1560 + If enabled, the message will be sent with the primary address of 1745 1561 the interface that received the packet that caused the icmp error. 1746 1562 This is the behaviour many network administrators will expect from 1747 1563 a router. And it can make debugging complicated network layouts ··· 1756 1562 then the primary address of the first non-loopback interface that 1757 1563 has one will be used regardless of this setting. 1758 1564 1759 - Default: 0 1565 + Possible values: 1566 + 1567 + - 0 (disabled) 1568 + - 1 (enabled) 1569 + 1570 + Default: 0 (disabled) 1760 1571 1761 1572 igmp_max_memberships - INTEGER 1762 1573 Change the maximum number of multicast groups we can subscribe to. ··· 2111 1912 between access points on the same network. In most cases this should 2112 1913 remain as the default (1). 2113 1914 2114 - - 1 - (default): Clear the ARP cache on NOCARRIER events 2115 - - 0 - Do not clear ARP cache on NOCARRIER events 1915 + Possible values: 1916 + 1917 + - 0 (disabled) - Do not clear ARP cache on NOCARRIER events 1918 + - 1 (enabled) - Clear the ARP cache on NOCARRIER events 1919 + 1920 + Default: 1 (enabled) 2116 1921 2117 1922 mcast_solicit - INTEGER 2118 1923 The maximum number of multicast probes in INCOMPLETE state, ··· 2139 1936 disable_policy - BOOLEAN 2140 1937 Disable IPSEC policy (SPD) for this interface 2141 1938 1939 + Possible values: 1940 + 1941 + - 0 (disabled) 1942 + - 1 (enabled) 1943 + 1944 + Default: 0 (disabled) 1945 + 2142 1946 disable_xfrm - BOOLEAN 2143 1947 Disable IPSEC encryption on this interface, whatever the policy 1948 + 1949 + Possible values: 1950 + 1951 + - 0 (disabled) 1952 + - 1 (enabled) 1953 + 1954 + Default: 0 (disabled) 2144 1955 2145 1956 igmpv2_unsolicited_report_interval - INTEGER 2146 1957 The interval in milliseconds in which the next unsolicited ··· 2171 1954 ignore_routes_with_linkdown - BOOLEAN 2172 1955 Ignore routes whose link is down when performing a FIB lookup. 2173 1956 1957 + Possible values: 1958 + 1959 + - 0 (disabled) 1960 + - 1 (enabled) 1961 + 1962 + Default: 0 (disabled) 1963 + 2174 1964 promote_secondaries - BOOLEAN 2175 1965 When a primary IP address is removed from this interface 2176 1966 promote a corresponding secondary IP address instead of 2177 1967 removing all the corresponding secondary IP addresses. 1968 + 1969 + Possible values: 1970 + 1971 + - 0 (disabled) 1972 + - 1 (enabled) 1973 + 1974 + Default: 0 (disabled) 2178 1975 2179 1976 drop_unicast_in_l2_multicast - BOOLEAN 2180 1977 Drop any unicast IP packets that are received in link-layer ··· 2197 1966 This behavior (for multicast) is actually a SHOULD in RFC 2198 1967 1122, but is disabled by default for compatibility reasons. 2199 1968 2200 - Default: off (0) 1969 + Possible values: 1970 + 1971 + - 0 (disabled) 1972 + - 1 (enabled) 1973 + 1974 + Default: 0 (disabled) 2201 1975 2202 1976 drop_gratuitous_arp - BOOLEAN 2203 1977 Drop all gratuitous ARP frames, for example if there's a known 2204 1978 good ARP proxy on the network and such frames need not be used 2205 1979 (or in the case of 802.11, must not be used to prevent attacks.) 2206 1980 2207 - Default: off (0) 1981 + Possible values: 1982 + 1983 + - 0 (disabled) 1984 + - 1 (enabled) 1985 + 1986 + Default: 0 (disabled) 2208 1987 2209 1988 2210 1989 tag - INTEGER ··· 2258 2017 which restricts use of the IPv6 socket to IPv6 communication 2259 2018 only. 2260 2019 2261 - - TRUE: disable IPv4-mapped address feature 2262 - - FALSE: enable IPv4-mapped address feature 2020 + Possible values: 2263 2021 2264 - Default: FALSE (as specified in RFC3493) 2022 + - 0 (disabled) - enable IPv4-mapped address feature 2023 + - 1 (enabled) - disable IPv4-mapped address feature 2024 + 2025 + Default: 0 (disabled) 2265 2026 2266 2027 flowlabel_consistency - BOOLEAN 2267 2028 Protect the consistency (and unicity) of flow label. 2268 2029 You have to disable it to use IPV6_FL_F_REFLECT flag on the 2269 2030 flow label manager. 2270 2031 2271 - - TRUE: enabled 2272 - - FALSE: disabled 2032 + Possible values: 2273 2033 2274 - Default: TRUE 2034 + - 0 (disabled) 2035 + - 1 (enabled) 2036 + 2037 + Default: 1 (enabled) 2275 2038 2276 2039 auto_flowlabels - INTEGER 2277 2040 Automatically generate flow labels based on a flow hash of the ··· 2301 2056 reserved for the IPv6 flow manager facility, 0x80000-0xFFFFF 2302 2057 is reserved for stateless flow labels as described in RFC6437. 2303 2058 2304 - - TRUE: enabled 2305 - - FALSE: disabled 2059 + Possible values: 2306 2060 2307 - Default: true 2061 + - 0 (disabled) 2062 + - 1 (enabled) 2063 + 2064 + Default: 1 (enabled) 2065 + 2308 2066 2309 2067 flowlabel_reflect - INTEGER 2310 2068 Control flow label reflection. Needed for Path MTU ··· 2375 2127 Controls the use of anycast addresses as source addresses for ICMPv6 2376 2128 echo reply 2377 2129 2378 - - TRUE: enabled 2379 - - FALSE: disabled 2130 + Possible values: 2380 2131 2381 - Default: FALSE 2132 + - 0 (disabled) 2133 + - 1 (enabled) 2134 + 2135 + Default: 0 (disabled) 2136 + 2382 2137 2383 2138 idgen_delay - INTEGER 2384 2139 Controls the delay in seconds after which time to retry ··· 2438 2187 to true skips the message, making IPv4 and IPv6 on par in relying 2439 2188 on userspace caches to track link events and evict routes. 2440 2189 2441 - Default: false (generate message) 2190 + Possible values: 2191 + 2192 + - 0 (disabled) - generate the message 2193 + - 1 (enabled) - skip generating the message 2194 + 2195 + Default: 0 (disabled) 2442 2196 2443 2197 nexthop_compat_mode - BOOLEAN 2444 2198 New nexthop API provides a means for managing nexthops independent of ··· 2550 2294 proxy_ndp - BOOLEAN 2551 2295 Do proxy ndp. 2552 2296 2297 + Possible values: 2298 + 2299 + - 0 (disabled) 2300 + - 1 (enabled) 2301 + 2302 + Default: 0 (disabled) 2303 + 2304 + 2553 2305 fwmark_reflect - BOOLEAN 2554 2306 Controls the fwmark of kernel-generated IPv6 reply packets that are not 2555 2307 associated with a socket for example, TCP RSTs or ICMPv6 echo replies). 2556 - If unset, these packets have a fwmark of zero. If set, they have the 2308 + If disabled, these packets have a fwmark of zero. If enabled, they have the 2557 2309 fwmark of the packet they are replying to. 2558 2310 2559 - Default: 0 2311 + Possible values: 2312 + 2313 + - 0 (disabled) 2314 + - 1 (enabled) 2315 + 2316 + Default: 0 (disabled) 2560 2317 2561 2318 ``conf/interface/*``: 2562 2319 Change special settings per interface. ··· 2660 2391 lifetime of an address matching a prefix sent in a Router 2661 2392 Advertisement Prefix Information Option. 2662 2393 2663 - - If enabled, the PIO valid lifetime will always be honored. 2664 - - If disabled, RFC4862 section 5.5.3e is used to determine 2394 + Possible values: 2395 + 2396 + - 0 (disabled) - RFC4862 section 5.5.3e is used to determine 2665 2397 the valid lifetime of the address. 2398 + - 1 (enabled) - the PIO valid lifetime will always be honored. 2666 2399 2667 2400 Default: 0 (disabled) 2668 2401 ··· 2676 2405 P-flag suppresses any effects of the A-flag within the same 2677 2406 PIO. For a given PIO, P=1 and A=1 is treated as A=0. 2678 2407 2679 - - If disabled, the P-flag is ignored. 2680 - - If enabled, the P-flag will disable SLAAC autoconfiguration 2408 + Possible values: 2409 + 2410 + - 0 (disabled) - the P-flag is ignored. 2411 + - 1 (enabled) - the P-flag will disable SLAAC autoconfiguration 2681 2412 for the given Prefix Information Option. 2682 2413 2683 2414 Default: 0 (disabled) ··· 2801 2528 Default: 1280 (IPv6 required minimum) 2802 2529 2803 2530 ip_nonlocal_bind - BOOLEAN 2804 - If set, allows processes to bind() to non-local IPv6 addresses, 2531 + If enabled, allows processes to bind() to non-local IPv6 addresses, 2805 2532 which can be quite useful - but may break some applications. 2806 2533 2807 - Default: 0 2534 + Possible values: 2535 + 2536 + - 0 (disabled) 2537 + - 1 (enabled) 2538 + 2539 + Default: 0 (disabled) 2808 2540 2809 2541 router_probe_interval - INTEGER 2810 2542 Minimum interval (in seconds) between Router Probing described ··· 2839 2561 routed via this interface are restricted to the set of addresses 2840 2562 configured on this interface (vis. RFC 6724, section 4). 2841 2563 2842 - Default: false 2564 + Possible values: 2565 + 2566 + - 0 (disabled) 2567 + - 1 (enabled) 2568 + 2569 + Default: 0 (disabled) 2843 2570 2844 2571 use_tempaddr - INTEGER 2845 2572 Preference for Privacy Extensions (RFC3041). ··· 2969 2686 ndisc_notify - BOOLEAN 2970 2687 Define mode for notification of address and device changes. 2971 2688 2972 - * 0 - (default): do nothing 2973 - * 1 - Generate unsolicited neighbour advertisements when device is brought 2689 + Possible values: 2690 + 2691 + - 0 (disabled) - do nothing 2692 + - 1 (enabled) - Generate unsolicited neighbour advertisements when device is brought 2974 2693 up or hardware address changes. 2694 + 2695 + Default: 0 (disabled) 2975 2696 2976 2697 ndisc_tclass - INTEGER 2977 2698 The IPv6 Traffic Class to use by default when sending IPv6 Neighbor ··· 2993 2706 not be cleared when roaming between access points on the same network. 2994 2707 In most cases this should remain as the default (1). 2995 2708 2996 - - 1 - (default): Clear neighbor discover cache on NOCARRIER events. 2997 - - 0 - Do not clear neighbor discovery cache on NOCARRIER events. 2709 + Possible values: 2710 + 2711 + - 0 (disabled) - Do not clear neighbor discovery cache on NOCARRIER events. 2712 + - 1 (enabled) - Clear neighbor discover cache on NOCARRIER events. 2713 + 2714 + Default: 1 (enabled) 2998 2715 2999 2716 mldv1_unsolicited_report_interval - INTEGER 3000 2717 The interval in milliseconds in which the next unsolicited ··· 3027 2736 optimistic_dad - BOOLEAN 3028 2737 Whether to perform Optimistic Duplicate Address Detection (RFC 4429). 3029 2738 3030 - * 0: disabled (default) 3031 - * 1: enabled 3032 - 3033 2739 Optimistic Duplicate Address Detection for the interface will be enabled 3034 2740 if at least one of conf/{all,interface}/optimistic_dad is set to 1, 3035 2741 it will be disabled otherwise. 2742 + 2743 + Possible values: 2744 + 2745 + - 0 (disabled) 2746 + - 1 (enabled) 2747 + 2748 + Default: 0 (disabled) 2749 + 3036 2750 3037 2751 use_optimistic - BOOLEAN 3038 2752 If enabled, do not classify optimistic addresses as deprecated during ··· 3045 2749 before optimistic addresses, subject to other ranking in the source 3046 2750 address selection algorithm. 3047 2751 3048 - * 0: disabled (default) 3049 - * 1: enabled 3050 - 3051 2752 This will be enabled if at least one of 3052 2753 conf/{all,interface}/use_optimistic is set to 1, disabled otherwise. 2754 + 2755 + Possible values: 2756 + 2757 + - 0 (disabled) 2758 + - 1 (enabled) 2759 + 2760 + Default: 0 (disabled) 3053 2761 3054 2762 stable_secret - IPv6 address 3055 2763 This IPv6 address will be used as a secret to generate IPv6 ··· 3085 2785 Drop any unicast IPv6 packets that are received in link-layer 3086 2786 multicast (or broadcast) frames. 3087 2787 3088 - By default this is turned off. 2788 + Possible values: 2789 + 2790 + - 0 (disabled) 2791 + - 1 (enabled) 2792 + 2793 + Default: 0 (disabled) 3089 2794 3090 2795 drop_unsolicited_na - BOOLEAN 3091 2796 Drop all unsolicited neighbor advertisements, for example if there's 3092 2797 a known good NA proxy on the network and such frames need not be used 3093 2798 (or in the case of 802.11, must not be used to prevent attacks.) 3094 2799 3095 - By default this is turned off. 2800 + Possible values: 2801 + 2802 + - 0 (disabled) 2803 + - 1 (enabled) 2804 + 2805 + Default: 0 (disabled). 3096 2806 3097 2807 accept_untracked_na - INTEGER 3098 2808 Define behavior for accepting neighbor advertisements from devices that ··· 3143 2833 The nonce option will be sent on an interface unless both of 3144 2834 conf/{all,interface}/enhanced_dad are set to FALSE. 3145 2835 3146 - Default: TRUE 2836 + Possible values: 2837 + 2838 + - 0 (disabled) 2839 + - 1 (enabled) 2840 + 2841 + Default: 1 (enabled) 3147 2842 3148 2843 ``icmp/*``: 3149 2844 =========== ··· 3177 2862 Default: 0-1,3-127 (rate limit ICMPv6 errors except Packet Too Big) 3178 2863 3179 2864 echo_ignore_all - BOOLEAN 3180 - If set non-zero, then the kernel will ignore all ICMP ECHO 2865 + If enabled, then the kernel will ignore all ICMP ECHO 3181 2866 requests sent to it over the IPv6 protocol. 3182 2867 3183 - Default: 0 2868 + Possible values: 2869 + 2870 + - 0 (disabled) 2871 + - 1 (enabled) 2872 + 2873 + Default: 0 (disabled) 3184 2874 3185 2875 echo_ignore_multicast - BOOLEAN 3186 - If set non-zero, then the kernel will ignore all ICMP ECHO 2876 + If enabled, then the kernel will ignore all ICMP ECHO 3187 2877 requests sent to it over the IPv6 protocol via multicast. 3188 2878 3189 - Default: 0 2879 + Possible values: 2880 + 2881 + - 0 (disabled) 2882 + - 1 (enabled) 2883 + 2884 + Default: 0 (disabled) 3190 2885 3191 2886 echo_ignore_anycast - BOOLEAN 3192 - If set non-zero, then the kernel will ignore all ICMP ECHO 2887 + If enabled, then the kernel will ignore all ICMP ECHO 3193 2888 requests sent to it over the IPv6 protocol destined to anycast address. 3194 2889 3195 - Default: 0 2890 + Possible values: 2891 + 2892 + - 0 (disabled) 2893 + - 1 (enabled) 2894 + 2895 + Default: 0 (disabled) 3196 2896 3197 2897 error_anycast_as_unicast - BOOLEAN 3198 - If set to 1, then the kernel will respond with ICMP Errors 2898 + If enabled, then the kernel will respond with ICMP Errors 3199 2899 resulting from requests sent to it over the IPv6 protocol destined 3200 2900 to anycast address essentially treating anycast as unicast. 3201 2901 3202 - Default: 0 2902 + Possible values: 2903 + 2904 + - 0 (disabled) 2905 + - 1 (enabled) 2906 + 2907 + Default: 0 (disabled) 3203 2908 3204 2909 xfrm6_gc_thresh - INTEGER 3205 2910 (Obsolete since linux-4.14) ··· 3237 2902 ================================= 3238 2903 3239 2904 bridge-nf-call-arptables - BOOLEAN 3240 - - 1 : pass bridged ARP traffic to arptables' FORWARD chain. 3241 - - 0 : disable this. 3242 2905 3243 - Default: 1 2906 + Possible values: 2907 + 2908 + - 0 (disabled) - disable this. 2909 + - 1 (enabled) - pass bridged ARP traffic to arptables' FORWARD chain. 2910 + 2911 + Default: 1 (enabled) 3244 2912 3245 2913 bridge-nf-call-iptables - BOOLEAN 3246 - - 1 : pass bridged IPv4 traffic to iptables' chains. 3247 - - 0 : disable this. 3248 2914 3249 - Default: 1 2915 + Possible values: 2916 + 2917 + - 0 (disabled) - disable this. 2918 + - 1 (enabled) - pass bridged IPv4 traffic to iptables' chains. 2919 + 2920 + Default: 1 (enabled) 3250 2921 3251 2922 bridge-nf-call-ip6tables - BOOLEAN 3252 - - 1 : pass bridged IPv6 traffic to ip6tables' chains. 3253 - - 0 : disable this. 3254 2923 3255 - Default: 1 2924 + Possible values: 2925 + 2926 + - 0 (disabled) - disable this. 2927 + - 1 (enabled) - pass bridged IPv6 traffic to ip6tables' chains. 2928 + 2929 + Default: 1 (enabled) 3256 2930 3257 2931 bridge-nf-filter-vlan-tagged - BOOLEAN 3258 - - 1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables. 3259 - - 0 : disable this. 3260 2932 3261 - Default: 0 2933 + Possible values: 2934 + 2935 + - 0 (disabled) - disable this. 2936 + - 1 (enabled) - pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables 2937 + 2938 + Default: 0 (disabled) 3262 2939 3263 2940 bridge-nf-filter-pppoe-tagged - BOOLEAN 3264 - - 1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables. 3265 - - 0 : disable this. 3266 2941 3267 - Default: 0 2942 + Possible values: 2943 + 2944 + - 0 (disabled) - disable this. 2945 + - 1 (enabled) - pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables. 2946 + 2947 + Default: 0 (disabled) 3268 2948 3269 2949 bridge-nf-pass-vlan-input-dev - BOOLEAN 3270 2950 - 1: if bridge-nf-filter-vlan-tagged is enabled, try to find a vlan ··· 3302 2952 the ability to dynamically add and remove new addresses for the SCTP 3303 2953 associations. 3304 2954 3305 - 1: Enable extension. 2955 + Possible values: 3306 2956 3307 - 0: Disable extension. 2957 + - 0 (disabled) - disable extension. 2958 + - 1 (enabled) - enable extension 3308 2959 3309 - Default: 0 2960 + Default: 0 (disabled) 3310 2961 3311 2962 pf_enable - INTEGER 3312 2963 Enable or disable pf (pf is short for potentially failed) state. A value ··· 3376 3025 required for secure operation of Dynamic Address Reconfiguration 3377 3026 (ADD-IP) extension. 3378 3027 3379 - - 1: Enable this extension. 3380 - - 0: Disable this extension. 3028 + Possible values: 3381 3029 3382 - Default: 0 3030 + - 0 (disabled) - disable extension. 3031 + - 1 (enabled) - enable extension 3032 + 3033 + Default: 0 (disabled) 3383 3034 3384 3035 prsctp_enable - BOOLEAN 3385 3036 Enable or disable the Partial Reliability extension (RFC3758) which 3386 3037 is used to notify peers that a given DATA should no longer be expected. 3387 3038 3388 - - 1: Enable extension 3389 - - 0: Disable 3039 + Possible values: 3390 3040 3391 - Default: 1 3041 + - 0 (disabled) - disable extension. 3042 + - 1 (enabled) - enable extension 3043 + 3044 + Default: 1 (enabled) 3392 3045 3393 3046 max_burst - INTEGER 3394 3047 The limit of the number of new packets that can be initially sent. It ··· 3492 3137 Enable or disable the ability to extend the lifetime of the SCTP cookie 3493 3138 that is used during the establishment phase of SCTP association 3494 3139 3495 - - 1: Enable cookie lifetime extension. 3496 - - 0: Disable 3140 + Possible values: 3497 3141 3498 - Default: 1 3142 + - 0 (disabled) - disable. 3143 + - 1 (enabled) - enable cookie lifetime extension. 3144 + 3145 + Default: 1 (enabled) 3499 3146 3500 3147 cookie_hmac_alg - STRING 3501 3148 Select the hmac algorithm used when generating the cookie value sent by ··· 3631 3274 a stream, and it includes the Parameters of "Outgoing/Incoming SSN 3632 3275 Reset", "SSN/TSN Reset" and "Add Outgoing/Incoming Streams". 3633 3276 3634 - - 1: Enable extension. 3635 - - 0: Disable extension. 3277 + Possible values: 3636 3278 3637 - Default: 0 3279 + - 0 (disabled) - Disable extension. 3280 + - 1 (enabled) - Enable extension. 3281 + 3282 + Default: 0 (disabled) 3638 3283 3639 3284 intl_enable - BOOLEAN 3640 3285 Enable or disable extension of User Message Interleaving functionality ··· 3647 3288 to 1 and also needs to set socket options SCTP_FRAGMENT_INTERLEAVE to 2 3648 3289 and SCTP_INTERLEAVING_SUPPORTED to 1. 3649 3290 3650 - - 1: Enable extension. 3651 - - 0: Disable extension. 3291 + Possible values: 3652 3292 3653 - Default: 0 3293 + - 0 (disabled) - Disable extension. 3294 + - 1 (enabled) - Enable extension. 3295 + 3296 + Default: 0 (disabled) 3654 3297 3655 3298 ecn_enable - BOOLEAN 3656 3299 Control use of Explicit Congestion Notification (ECN) by SCTP. ··· 3661 3300 due to congestion by allowing supporting routers to signal congestion 3662 3301 before having to drop packets. 3663 3302 3664 - 1: Enable ecn. 3665 - 0: Disable ecn. 3303 + Possible values: 3666 3304 3667 - Default: 1 3305 + - 0 (disabled) - Disable ecn. 3306 + - 1 (enabled) - Enable ecn. 3307 + 3308 + Default: 1 (enabled) 3668 3309 3669 3310 l3mdev_accept - BOOLEAN 3670 3311 Enabling this option allows a "global" bound socket to work ··· 3674 3311 being received regardless of the L3 domain in which they 3675 3312 originated. Only valid when the kernel was compiled with 3676 3313 CONFIG_NET_L3_MASTER_DEV. 3314 + 3315 + Possible values: 3316 + 3317 + - 0 (disabled) 3318 + - 1 (enabled) 3677 3319 3678 3320 Default: 1 (enabled) 3679 3321