Controls logging of warnings from the kernel ARP driver.
These are displayed on the console.
If set to ``0'' (the default), debugging information is not displayed.
If set to a non-zero value, debugging information is displayed.
arp_maxretries
Sets the maximum number of retries for the address resolution protocol
(ARP) before it gives up.
arpt_down
Sets the time, in seconds, to hold onto an incomplete ARP
cache entry if ARP lookup fails.
arpt_keep
Sets the time, in seconds, to keep a valid entry in the ARP cache.
arpt_prune
Sets the interval, in seconds, between scanning the ARP
table for stale entries.
Compaq Netflex token ring parameters
Parameter
Dflt
Min
Max
NFLXSR_AGE
5
1
120
NFLXSR_AGE
Specifies the number of minutes for each routing entry
to stay alive in the source routing table.
Internet control message protocol version 4 (ICMPv4) parameters
Parameter
Dflt
Min
Max
icmp_answermask
0
0
1
icmp_quenchsz
32
1
4096
icmp_reply_broadcasts
0
0
1
icmpprintfs
0
0
1
icmp_answermask
If set to ``1'', the system will respond to ICMP subnet mask
request messages.
This parameter must be set to ``1'' to support certain hosts
such as diskless workstations.
The default value is ``0'', do not respond, as specified in
RFC 1122.
icmp_quenchsz
Controls how many addresses to remember every 200ms when
performing ICMP source quenching.
If a host's address is remembered, this ensures that no more than five quench
messages can be sent to it per second.
icmp_reply_broadcasts
If set to ``1'', the system will reply to ICMP
requests that are directed to broadcast, multicast or experimental addresses.
If set to ``0'', the system will not reply to such requests.
icmpprintfs
Controls logging of warnings from the kernel ICMP driver.
These are displayed on the console.
If set to ``0'' (the default), debugging information is not displayed.
If set to a non-zero value, debugging information is displayed.
Internet group management protocol version 4 (IGMP) parameters
Parameter
Dflt
Min
Max
igmpprintfs
0
0
1
igmpprintfs
Controls logging of warnings from the kernel IGMP driver.
These are displayed on the console.
Logging is turned on if this parameter is set to ``1''.
If set to ``0'', debugging information is not displayed.
Internet protocol version 4 (IPv4) parameters
Parameter
Dflt
Min
Max
in_fullsize
1
0
1
in_loglimit
64
1
255
in_recvspace
4096
2048
65535
in_sendspace
8192
2048
65535
ip_checkbroadaddr
1
0
1
ip_dirbroadcast
1
0
1
ip_forward_broadcasts
0
0
1
ip_perform_pmtu
1
0
1
ip_pmtu_decrease_age
600
32667
ip_pmtu_increase_age
120
0
600
ip_settos
1
0
1
ip_subnetsarelocal
1
0
1
ip_ttl
64
1
255
ipforwarding
0
0
1
ipsendredirects
0
0
1
ipport_reserved_high
1023
0
65535
ipport_reserved_low
512
0
65535
ipport_userreserved_high
65535
0
65535
ipport_userreserved_low
32768
0
65535
ipnonlocalsrcroute
0
0
1
ipprintfs
0
0
1
NOTE:
The number of interfaces supported by IP is dynamic
and does not need tuning.
NOTE:
The value of the parameters in_fullsize, in_recvspace,
and in_sendspace affect the systemwide interface defaults.
Their values may be overridden on a per-interface basis.
This allows you to mix fast and slow network hardware on the
same system with optimal performance parameters defined for each interface.
See
ifconfig(1Mtcp).
in_fullsize
Controls the systemwide default TCP behavior for attempting
to negotiate the use of full-sized segments.
If set to ``1'' (the default), TCP attempts to use
a segment size equal to the interface MTU minus the size
of the TCP/IP headers.
If set to ``0'', TCP rounds the segment size down to
the nearest multiple of 1K.
in_loglimit
Controls how many bytes of the error packet to display when debugging.
Note that the appropriate xxxprintfs parameter (such as
tcpprintfs) must be set to a non-zero value to enable logging.
in_recvspace
Sets the systemwide default size of the TCP/IP receive
window in bytes.
(This can be overridden by using
setsockopt(3sock)
to set SO_RCVBUF.)
in_sendspace
Sets the systemwide default size of the TCP/IP send window in bytes.
This should be at least as large as the loopback MTU.
(This can be overridden by using
setsockopt(3sock)
to set SO_SNDBUF.)
ip_checkbroadaddr
Controls whether IP checks whether unicast packets specify
a broadcast address.
If set to ``1'' (the default as specified in RFC 1122),
IP discards non-broadcast packets sent to a link-level
broadcast address.
In the unlikely event that a data-link driver does not support this,
packets may be discarded erroneously.
If the netstat -sp ip command shows that many
packets cannot be forwarded, set this parameter to ``0''
to turn off checking.
ip_dirbroadcast
If set to ``1'' (the default), allows receipt of broadcast
packets only if they match one of the broadcast addresses configured
for the interface upon which the packet was received.
If set to ``0'', allows receipt of broadcast packets that
match any configured broadcast address.
ip_forward_broadcasts
If set to ``1'', received broadcast packets addressed to the
broadcast address of an attached interface are
forwarded for broadcasting on the interface.
If set to ``0'', rebroadcasting is not permitted.
ip_perform_pmtu
IP performs Path Maximum Transmission Unit (Path MTU
or PMTU) discovery as specified in RFC 1191 if set
to ``1'' (the default).
This causes IP to send packets with the ``do not fragment''
bit set so that routers will generate ``Fragmentation Required'' messages if
they cannot forward the whole packet.
Retransmission with a smaller packet size allows the minimum MTU
in the path to the destination to be established.
If you experience interoperability problems because intermediate routers
do not support this feature, a value of ``0'' disables PMTU.
Controls how many seconds IP will wait (while performing
PMTU) after decreasing an MTU estimate before
it starts raising it.
If set to ``0xFFFFFFFF'', the estimate is never raised; this is useful
if there is only one path out of your
local network and its MTU is known to be constant.
ip_pmtu_increase_age
Sets the number of seconds between increasing the MTU estimate for a
destination once it starts to increase.
ip_settos
If set to ``1'' (the default), IP sets type-of service
TOS information (as specified in RFC 1122)
in packets that it sends down to the data-link layer.
Set this to ``0'' if your network card link-level driver cannot
handle this.
ip_subnetsarelocal
The default value of ``1'' specifies that other subnets of the
network are to be considered as local -- that is, directly connected.
TCP assumes them to be connected via high-MSS paths
and adjusts its idea of the MSS to be negotiated.
Otherwise, TCP uses the default MSS specified
by tcp_mssdflt (described in
``Transmission Control Protocol (TCP) parameters'')
-- this is typically 512 bytes in accordance with RFC 793
and RFC 1122.
By default, the parameter tcp_offer_big_mss is set to
``1'' so that
Path MTU discovery can be used to provide the maximum benefit.
If the value of tcp_offer_big_mss is
set to ``0'', setting the value of ip_subnetsarelocal
to ``1'' allows for good local performance even though
PMTU discovery is not used.
The message ``ICMP Host Unreachable'' is generated for local subnet
routing failures.
When this value is set to ``0'', the packet size is set to 576
bytes, as specified in RFC 1122.
The default value of ``1'' enables this feature; if set
to ``0'', it is disabled.
ip_ttl
Sets the time to live (TTL) of an IP packet as a
number of hops.
This value is used by all kernel drivers that need it (including TCP).
The default value is ``64'' as recommended by RFC 1340.
ipforwarding
ipsendredirects
If you want to use your machine as a unicast or multicast router, set both
these parameters to ``1''.
ipforwarding controls whether the system will forward packets
sent to it which are destined for another system (that is, act as a router).
The default value is ``0'' (off) as defined by RFC 1122.
A system acting as a host will still
forward source-routed datagrams unless ipnonlocalsrcroute
is set to ``0''.
ipsendredirects controls whether IP will send
an ICMP redirect error message to a host when forwarding a
packet out of the same interface on which it was received.
The message informs the sending host which is the
correct router to use in the future.
This allows the sending host to adjust its routing table appropriately.
This should be set to ``1'' if ipforwarding
is set to ``1''.
ipport_reserved_high
ipport_reserved_low
ipport_userreserved_high
ipport_userreserved_low
These four parameters control the allocation and verification of
reserved and ephemeral port numbers.
ipport_reserved_low and
ipport_reserved_high set the bottom
and top values of the port range which the kernel considers privileged.
ipport_userreserved_low and
ipport_userreserved_high set the
bottom and top values of the port range from which ephemeral
ports will be allocated.
See
inconfig(1Mtcp)
for detailed information about these parameters.
ipnonlocalsrcroute
Controls whether source-routed datagrams will be forwarded if they are not
destined for the local system.
On hosts, the default value is ``0'' (off).
If your machine is acting as a router (ipforwarding is set
to ``1''), set the value of ipnonlocalsrcroute
to ``1'' unless you are concerned that this may open a security hole.
ipprintfs
Controls logging of warnings from the kernel IP driver.
These are displayed on the console.
If set to ``0'' (the default), debugging information is not displayed.
If set to a non-zero value, debugging information is displayed.
Open DataLink Interface (ODI) parameters
Parameter
Dflt
Min
Max
ATM_FRAME_SIZE
1514
1514
1514
ETH_FRAME_SIZE
1514
1514
1514
FDDI_FRAME_SIZE
4000
1514
4491
TOK_FRAME_SIZE
4464
2048
16384
LSL_1KCHUNKS
8
0
8
LSL_2KCHUNKS
48
0
64
LSL_6KCHUNKS
16
0
16
LSL_10KCHUNKS
1
0
2
LSL_36KCHUNKS
1
0
2
ODIMEM_BUFSIZE
5120
5120
5120
ODIMEM_NUMBUF
128
128
512
ODISR_BOARDAGE
5
1
120
ODISR_NBOARD
14
2
14
ATM_FRAME_SIZE
Specifies the largest supported size of an ATM frame.
ETH_FRAME_SIZE
Specifies the largest supported size of an ethernet frame.
FDDI_FRAME_SIZE
Specifies the largest supported size of an FDDI frame.
TOK_FRAME_SIZE
Specifies the largest supported size of a token ring frame.
LSL_1KCHUNKS
Specifies the number of 1024 byte chunks of memory
pre-allocated for ODI (Open DataLink Interface) drivers.
Typically, each driver requires four of these chunks of memory.
This parameter is used only if ODI version 3.1 drivers
are installed in the system,
and the driver supports cards that do Bus Mastering DMA.
LSL_2KCHUNKS
Specifies the number of 2048 byte chunks of memory
pre-allocated for ODI (Open DataLink Interface) drivers.
Typically, each driver requires 48 of these chunks of memory.
This parameter is used only if ODI version 3.1 drivers
are installed in the system,
and the driver supports cards that do Bus Mastering DMA.
LSL_6KCHUNKS
Specifies the number of 6144 byte chunks of memory
pre-allocated for ODI (Open DataLink Interface) drivers.
Typically, each driver requires four of these chunks of memory.
This parameter is used only if ODI version 3.1 drivers
are installed in the system,
and the driver supports cards that do Bus Mastering DMA.
LSL_10KCHUNKS
Specifies the number of 10240 byte chunks of memory
pre-allocated for ODI (Open DataLink Interface) drivers.
Typically, each driver requires two of these chunks of memory.
This parameter is used only if ODI version 3.1 drivers
are installed in the system,
and the driver supports cards that do Bus Mastering DMA.
LSL_36KCHUNKS
Specifies the number of 36864 byte chunks of memory
pre-allocated for ODI (Open DataLink Interface) drivers.
Typically, each driver requires zero of these chunks of memory.
This parameter is used only if ODI version 3.1 drivers
are installed in the system,
and the driver supports cards that do Bus Mastering DMA.
ODIMEM_BUFSIZE
Specifies the size of the buffers that will be pre-allocated
by the odimem driver for bus mastering token ring and
FDDI ODI drivers.
ODIMEM_NUMBUF
specifies the number of memory buffers that will be pre-allocated
by the odimem driver for bus mastering token ring and
FDDI ODI drivers.
ODISR_BOARDAGE
Specifies the number of minutes for each routing entry
to stay alive in the source routing table.
ODISR_NBOARD
Specifies the number of TOKEN frame types that the odisr module supports.
By default, odisr supports both TOKEN-RING and TOKEN-Ring_SNAP.
Transmission Control Protocol (TCP) parameters
Parameter
Dflt
Min
Max
tcp_2msl
240
30
240
tcp_delay_acks
1
0
1
tcp_do_rfc1323
1
0
1
tcp_initial_timeout
180
1
7200
tcp_keepalive_port
0
0
65535
tcp_keepidle
7200
300
86400
tcp_keepintvl
75
1
43200
tcp_maxdata
0x3FFFFFFF
1
0x3FFFFFFF
tcp_mss_sw_threshold
1024
512
4096
tcp_mssdflt
512
512
32768
tcp_nkeep
8
1
256
tcp_offer_big_mss
1
0
1
tcp_q0limit
0
1
65535
tcp_secret
0
2147483647
tcp_seqbits
21
16
26
tcp_small_recvspace
4096
1024
16384
tcp_urgbehavior
1
0
1
tcpalldebug
0
0
1
tcpconsdebug
0
0
1
tcpprintfs
0
0
1
tcp_2msl
Sets the time, in seconds, that a TCP connection will remain in the
TIME_WAIT state waiting for a FIN from the remote side before being
moved to the CLOSED state.
The default time period is ``240'' seconds as
defined by RFC 793.
tcp_delay_acks
Selects TCP delayed acknowledgements (ACKs)
if set to ``1'' (default), and
selects immediate ACKs if set to ``0''.
If delayed ACKs are set, TCP does not send an ACK
immediately on receiving data.
TCP normally delays sending an
ACK to improve the chance that it can
bundle it with transmitted data.
tcp_do_rfc1323
Control system-wide implementation of TCP performance extensions
including timestamps and large window scaling (as defined
in RFC 1323).
These features provide more efficient and reliable usage of high-bandwidth,
high-latency links.
If set to ``1'' (the default), negotiation is turned on and will
permit a TCP receive window size as large as 1GB.
If set to ``0'', negotiation is
disabled and the largest possible window size is 64K.
Window size negotiation may be disabled on a per-interface basis by
specifying the no1323opt option to
ifconfig(1Mtcp).
This is necessary for
PPP and SLIP interfaces that allow header compression.
tcp_initial_timeout
Sets the TCP/IP retransmit time for an initial SYN
segment when establishing a connection.
(See also the description of tcp_q0limit.)
The default value is ``180'' seconds as defined by RFC 1122.
The minimum and maximum configurable values are ``1''
and ``7200'' seconds.
tcp_keepalive_port
Selects a local TCP/IP server port for which incoming TCP/IP
connections will automatically set the
SO_KEEPALIVE option (see
setsockopt(3sock))
to enable TCP/IP keepalives.
If keepalives are not enabled for a TCP/IP connection,
the socket will not be closed should the client hang or reboot.
This can lead to the number of bogus ``established'' connections
building up over time on the server.
These bogus connections consume system resources,
and may eventually prevent new connections from being established
until the system is rebooted.
If keepalives are enabled, the server will
detect broken connections and close the associated sockets.
See also the descriptions of tcp_keepidle,
tcp_keepintvl and tcp_nkeep.
The minimum and maximum values are ``0'' and ``65535'' (0xffff).
The default value of ``0'' means that TCP/IP keepalives are not
automatically enabled for any local server port.
A value of ``65535'' automatically enables keepalives
for TCP/IP connections to all local server ports.
A value from ``1'' to ``65534'' selects a
single server port on which keepalives are automatically enabled.
NOTE:
The settings of this parameter are not cumulative; it
can only be used to set automatic TCP/IP keepalives
on none, one, or all of the server ports.
Automatic keepalives will be disabled on a server port if
subsequently enabled for a different port.
A server process can call setsockopt to set SO_KEEPALIVE.
tcp_keepidle
Sets the idle time before TCP/IP keepalives are sent (if enabled).
The default value is ``7200'' seconds.
The minimum and maximum configurable values are ``300''
and ``86400'' seconds.
tcp_keepintvl
Sets the TCP/IP keepalive interval between keepalive packets once they
start being sent.
The default value is ``75'' seconds.
The minimum and maximum configurable values are ``1''
and ``43200'' seconds.
tcp_maxdata
Sets the maximum TCP receive window size in bytes if
tcp_do_rfc1323 is set to ``1'' to enable large window scaling.
The maximum and default value is ``0x3FFFFFFF'' (1GB-1).
tcp_mss_sw_threshold
Defines the small window threshold for interface MTUs.
If the MTU of an interface is small enough to force TCP
to use an MSS smaller than this threshold, then TCP
will use the receive window size specified by tcp_small_recvspace.
This is an optimization to avoid buffering too much
data on low-speed links such as SLIP and PPP.
tcp_mssdflt
Sets the default TCP segment size to use on interfaces
for which no MSS and Path MTU information is available.
You should keep the value of this parameter small if possible.
tcp_nkeep
Sets the number of TCP/IP keepalives that will be sent before
giving up.
tcp_offer_big_mss
In order to get the maximum benefit out of Path MTU
(PMTU) discovery,
TCP normally offers an MSS that is derived from
the local interface MTU (after subtracting the packet header sizes).
This allows the remote system to
send the biggest segments that the network can handle.
Set this parameter to ``0'' for systems that cannot handle this, or that
do not implement PMTU discovery.
This causes TCP to offer a smaller MTU
for non-local connections.
See ip_subnetsarelocal in
``Internet protocol version 4 (IPv4) parameters''.
The default value of ``1'' (offer it) allows maximum benefit to be
gained from PMTU discovery; a value of ``0'' disables this.
tcp_q0limit
Sets the minimum length of the pending (3-way handshake incomplete)
connection queue for a TCP endpoint.
This protects a server against SYN flood attacks.
When the pending connection queue is full
and a new connection request arrives,
the kernel will randomly drop an outstanding partial connection
from the pending queue and add the new connection to the queue.
Setting tcp_q0limit modifies the system behavior as follows:
The backlog parameter to
listen(3sock)
specifies the maximum number of established
(3-way handshake complete) connections that
the kernel will queue for a given socket while
accept(3sock)
is processing them.
In previous releases, backlog specified
the maximum length of both the pending and
established queues for a socket.
If a pending connection is dropped, the connection is terminated
(by sending RST) and the client will receive an appropriate
error (usually ECONNRESET).
At least 800 bytes of memory are allocated
to each partial connection. This implies that
each listening port could potentially use
tcp_q0limit800 bytes.
The default value of ``0'' provides the same behavior as in
previous releases.
The minimum and maximum configurable values are ``1'' and ``65535''.
If you set tcp_q0limit to a non-zero value,
it should be greater than ``1''.
The value must be high enough to cope with peak demand
by incoming connection requests. You should also set the
value even higher if most of the physical links are low speed
and/or high latency.
Use netstat -s -p tcp
to display statistics of partial connections that have been dropped.
tcp_secret
tcp_seqbits
To protect against IP address spoofing attacks, a random element is
introduced into how TCP chooses the initial send
sequence number and its increment.
tcp_secret seeds the random number sequence.
Its value can be set to any integer from ``0''
through ``2147483647''.
tcp_seqbits selects the number of bits of tcp_secret
that are used to seed the sequence number increment value.
The default value represents
a compromise between security and the uniqueness of the sequence number.
If the value of tcp_seqbits is small, this increases the
possibility that an attacker can guess the random number.
A large value for tcp_seqbits
decreases the time before a given sequence number occurs again.
tcp_small_recvspace
If the MTU is less than the small window threshold,
tcp_mss_sw_threshold,
sets the receive window size to use on interfaces that require small windows.
tcp_urgbehavior
Controls how TCP interprets urgent data.
If set to ``0'', it interprets it in RFC
1122 mode; if set to ``1'' (the default), it interprets it
in BSD mode.
tcpalldebug
If set to ``1'', captures trace information for all connections.
The default value causes TCP to trace only those
connections that set the SO_DEBUG option.
This information can be retrieved using the
trpt(1Mtcp)
command, or displayed on the console if tcpconsdebug is set.
tcpconsdebug
Directs TCP/IP connection trace output to the console if set
to ``1'' (see also tcpalldebug).
tcpprintfs
Controls logging of warnings from the kernel TCP driver.
These are displayed on the console.
If set to ``0'' (the default), debugging information is not displayed.
If set to a non-zero value, debugging information is displayed.
User datagram protocol (UDP) parameters
Parameter
Dflt
Min
Max
udpprintfs
0
0
1
udpprintfs
Controls logging of warnings from the kernel UDP driver.
These are displayed on the console.
If set to ``0'' (the default), debugging information is not displayed.
If set to a non-zero value, debugging information is displayed.
800 bytes.