Sync net.{inet,inet6}.
This commit is contained in:
elad
parent
a67c9be512
commit
742866cafe
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: sysctl.3,v 1.159 2005/12/01 18:08:10 wiz Exp $
|
||||
.\" $NetBSD: sysctl.3,v 1.160 2006/01/13 21:09:55 elad Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -29,7 +29,7 @@
|
||||
.\"
|
||||
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95
|
||||
.\"
|
||||
.Dd December 1, 2005
|
||||
.Dd January 13, 2006
|
||||
.Dt SYSCTL 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -993,27 +993,34 @@ The fourth level name is the variable name.
|
||||
The currently defined protocols and names are:
|
||||
.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent
|
||||
.It Sy Protocol name Variable name Type Changeable
|
||||
.It ip forwarding integer yes
|
||||
.It ip redirect integer yes
|
||||
.It ip ttl integer yes
|
||||
.It ip forwsrcrt integer yes
|
||||
.It ip directed-broadcast integer yes
|
||||
.It ip allowsrcrt integer yes
|
||||
.It ip subnetsarelocal integer yes
|
||||
.It ip mtudisc integer yes
|
||||
.It ip anonportmin integer yes
|
||||
.It ip anonportmax integer yes
|
||||
.It ip mtudisctimeout integer yes
|
||||
.It ip gifttl integer yes
|
||||
.It ip grettl integer yes
|
||||
.It ip lowportmin integer yes
|
||||
.It ip lowportmax integer yes
|
||||
.It ip maxfragpacket integer yes
|
||||
.It ip checkinterface integer yes
|
||||
.It icmp maskrepl integer yes
|
||||
.It arp down integer yes
|
||||
.It arp keep integer yes
|
||||
.It arp prune integer yes
|
||||
.It arp refresh integer yes
|
||||
.It icmp errppslimit integer yes
|
||||
.It icmp maskrepl integer yes
|
||||
.It icmp rediraccept integer yes
|
||||
.It icmp redirtimeout integer yes
|
||||
.It ip allowsrcrt integer yes
|
||||
.It ip anonportmax integer yes
|
||||
.It ip anonportmin integer yes
|
||||
.It ip checkinterface integer yes
|
||||
.It ip directed-broadcast integer yes
|
||||
.It ip do_loopback_cksum integer yes
|
||||
.It ip forwarding integer yes
|
||||
.It ip forwsrcrt integer yes
|
||||
.It ip gifttl integer yes
|
||||
.It ip grettl integer yes
|
||||
.It ip hostzerobroadcast integer yes
|
||||
.It ip lowportmin integer yes
|
||||
.It ip lowportmax integer yes
|
||||
.It ip maxfragpackets integer yes
|
||||
.It ip mtudisc integer yes
|
||||
.It ip mtudisctimeout integer yes
|
||||
.It ip random_id integer yes
|
||||
.It ip redirect integer yes
|
||||
.It ip subnetsarelocal integer yes
|
||||
.It ip ttl integer yes
|
||||
.It tcp rfc1323 integer yes
|
||||
.It tcp sendspace integer yes
|
||||
.It tcp recvspace integer yes
|
||||
@ -1040,32 +1047,73 @@ The currently defined protocols and names are:
|
||||
.It tcp rstppslimit integer yes
|
||||
.It tcp ident struct no
|
||||
.It udp checksum integer yes
|
||||
.It udp sendspace integer yes
|
||||
.It udp do_loopback_cksum integer yes
|
||||
.It udp recvspace integer yes
|
||||
.It udp sendspace integer yes
|
||||
.El
|
||||
.Pp
|
||||
The variables are as follows:
|
||||
.Bl -tag -width "123456"
|
||||
.It Li arp.down
|
||||
Failed ARP entry lifetime.
|
||||
.It Li arp.keep
|
||||
Valid ARP entry lifetime.
|
||||
.It Li arp.prune
|
||||
ARP cache pruning interval.
|
||||
.It Li arp.refresh
|
||||
ARP entry refresh interval.
|
||||
.It Li ip.allowsrcrt
|
||||
If set to 1, the host accepts source routed packets.
|
||||
.It Li ip.anonportmax
|
||||
The highest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535, and must
|
||||
be greater than
|
||||
.Li ip.anonportmin .
|
||||
.It Li ip.anonportmin
|
||||
The lowest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535.
|
||||
.It Li ip.checkinterface
|
||||
If set to non-zero, the host will reject packets addressed to it
|
||||
that arrive on an interface not bound to that address.
|
||||
Currently, this must be disabled if ipnat is used to translate the
|
||||
destination address to another local interface, or if addresses
|
||||
are added to the loopback interface instead of the interface where
|
||||
the packets for those packets are received.
|
||||
.It Li ip.directed-broadcast
|
||||
If set to 1, enables directed broadcast behavior for the host.
|
||||
.It Li ip.do_loopback_cksum
|
||||
Perform IP checksum on loopback.
|
||||
.It Li ip.forwarding
|
||||
If set to 1, enables IP forwarding for the host,
|
||||
meaning that the host is acting as a router.
|
||||
.It Li ip.redirect
|
||||
If set to 1, ICMP redirects may be sent by the host.
|
||||
This option is ignored unless the host is routing IP packets,
|
||||
and should normally be enabled on all systems.
|
||||
.It Li ip.ttl
|
||||
The maximum time-to-live (hop count) value for an IP packet sourced by
|
||||
the system.
|
||||
This value applies to normal transport protocols, not to ICMP.
|
||||
.It Li ip.forwsrcrt
|
||||
If set to 1, enables forwarding of source-routed packets for the host.
|
||||
This value may only be changed if the kernel security level is less than 1.
|
||||
.It Li ip.directed-broadcast
|
||||
If set to 1, enables directed broadcast behavior for the host.
|
||||
.It Li ip.allowsrcrt
|
||||
If set to 1, the host accepts source routed packets.
|
||||
.It Li ip.subnetsarelocal
|
||||
If set to 1, subnets are to be considered local addresses.
|
||||
.It Li ip.gifttl
|
||||
The maximum time-to-live (hop count) value for an IPv4 packet generated by
|
||||
.Xr gif 4
|
||||
tunnel interface.
|
||||
.It Li ip.grettl
|
||||
The maximum time-to-live (hop count) value for an IPv4 packet generated by
|
||||
.Xr gre 4
|
||||
tunnel interface.
|
||||
.It Li ip.hostzerobroadcast
|
||||
All zeroes address is broadcast address.
|
||||
.It Li ip.lowportmax
|
||||
The highest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be greater than
|
||||
.Li ip.lowportmin .
|
||||
.It Li ip.lowportmin
|
||||
The lowest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be smaller than
|
||||
.Li ip.lowportmax .
|
||||
.It Li ip.maxfragpackets
|
||||
The maximum number of fragmented packets the node will accept.
|
||||
0 means that the node will not accept any fragmented packets.
|
||||
\-1 means that the node will accept as many fragmented packets as it receives.
|
||||
The flag is provided basically for avoiding possible DoS attacks.
|
||||
.It Li ip.mtudisc
|
||||
If set to 1, enables Path MTU Discovery (RFC 1191).
|
||||
When Path MTU Discovery is enabled, the transmitted TCP segment
|
||||
@ -1075,57 +1123,31 @@ If MTU Discovery is disabled, the transmitted segment size will
|
||||
never be greater than
|
||||
.Li tcp.mssdflt
|
||||
(the local maximum segment size).
|
||||
.It Li ip.anonportmin
|
||||
The lowest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535.
|
||||
.It Li ip.anonportmax
|
||||
The highest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535, and must
|
||||
be greater than
|
||||
.Li ip.anonportmin .
|
||||
.It Li ip.mtudisctimeout
|
||||
The number of seconds in which a route added by the Path MTU
|
||||
Discovery engine will time out.
|
||||
When the route times out, the Path
|
||||
MTU Discovery engine will attempt to probe a larger path MTU.
|
||||
.It Li ip.gifttl
|
||||
The maximum time-to-live (hop count) value for an IPv4 packet generated by
|
||||
.Xr gif 4
|
||||
tunnel interface.
|
||||
.It Li ip.grettl
|
||||
The maximum time-to-live (hop count) value for an IPv4 packet generated by
|
||||
.Xr gre 4
|
||||
tunnel interface.
|
||||
.It Li ip.lowportmin
|
||||
The lowest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be smaller than
|
||||
.Li ip.lowportmax .
|
||||
.It Li ip.lowportmax
|
||||
The highest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be greater than
|
||||
.Li ip.lowportmin .
|
||||
.It Li ip.maxfragpackets
|
||||
The maximum number of fragmented packets the node will accept.
|
||||
0 means that the node will not accept any fragmented packets.
|
||||
\-1 means that the node will accept as many fragmented packets as it receives.
|
||||
The flag is provided basically for avoiding possible DoS attacks.
|
||||
.It Li ip.checkinterface
|
||||
If set to non-zero, the host will reject packets addressed to it
|
||||
that arrive on an interface not bound to that address.
|
||||
Currently, this must be disabled if ipnat is used to translate the
|
||||
destination address to another local interface, or if addresses
|
||||
are added to the loopback interface instead of the interface where
|
||||
the packets for those packets are received.
|
||||
.It Li icmp.maskrepl
|
||||
If set to 1, ICMP network mask requests are to be answered.
|
||||
.It Li ip.random_id
|
||||
Assign random ip_id values.
|
||||
.It Li ip.redirect
|
||||
If set to 1, ICMP redirects may be sent by the host.
|
||||
This option is ignored unless the host is routing IP packets,
|
||||
and should normally be enabled on all systems.
|
||||
.It Li ip.subnetsarelocal
|
||||
If set to 1, subnets are to be considered local addresses.
|
||||
.It Li ip.ttl
|
||||
The maximum time-to-live (hop count) value for an IP packet sourced by
|
||||
the system.
|
||||
This value applies to normal transport protocols, not to ICMP.
|
||||
.It Li icmp.errppslimit
|
||||
The variable specifies the maximum number of outgoing ICMP error messages,
|
||||
per second.
|
||||
ICMP error messages that exceeded the value are subject to rate limitation
|
||||
and will not go out from the node.
|
||||
Negative value disables rate limitation.
|
||||
.It Li icmp.maskrepl
|
||||
If set to 1, ICMP network mask requests are to be answered.
|
||||
.It Li icmp.rediraccept
|
||||
If set to non-zero, the host will accept ICMP redirect packets.
|
||||
Note that routers will never accept ICMP redirect packets,
|
||||
@ -1134,49 +1156,15 @@ and the variable is meaningful on IP hosts only.
|
||||
The variable specifies lifetime of routing entries generated by incoming
|
||||
ICMP redirect.
|
||||
This defaults to 600 seconds.
|
||||
.It Li tcp.rfc1323
|
||||
If set to 1, enables RFC 1323 extensions to TCP.
|
||||
.It Li tcp.sendspace
|
||||
The default TCP send buffer size.
|
||||
.It Li tcp.recvspace
|
||||
The default TCP receive buffer size.
|
||||
.It Li tcp.mssdflt
|
||||
The default maximum segment size both advertised to the peer
|
||||
and to use when either the peer does not advertise a maximum segment size to
|
||||
us during connection setup or Path MTU Discovery
|
||||
.Li ( ip.mtudisc )
|
||||
is disabled.
|
||||
Do not change this value unless you really know what you are doing.
|
||||
.It Li tcp.syn_cache_limit
|
||||
The maximum number of entries allowed in the TCP compressed state
|
||||
engine.
|
||||
.It Li tcp.syn_bucket_limit
|
||||
The maximum number of entries allowed per hash bucket in the TCP
|
||||
compressed state engine.
|
||||
.It Li tcp.syn_cache_interval
|
||||
The TCP compressed state engine's timer interval.
|
||||
.It Li tcp.init_win
|
||||
A value indicating the TCP initial congestion window.
|
||||
If this value is 0, an auto-tuning algorithm designed to use an initial
|
||||
window of approximately 4K bytes is in use.
|
||||
Otherwise, this value indicates a fixed number of packets.
|
||||
.It Li tcp.init_win_local
|
||||
Like
|
||||
.Li tcp.init_win ,
|
||||
but used when communicating with hosts on a local network.
|
||||
.It Li tcp.mss_ifmtu
|
||||
If set to 1, TCP calculates the outgoing maximum segment size based on
|
||||
the MTU of the appropriate interface.
|
||||
If set to 0, it is calculated based on the greater of the MTU of the
|
||||
interface, and the largest (non-loopback) interface MTU on the system.
|
||||
.It Li tcp.sack
|
||||
If set to 1, enables RFC 2018 Selective ACKnowledgement.
|
||||
.It Li tcp.win_scale
|
||||
If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options,
|
||||
for increasing the TCP window size, are enabled.
|
||||
.It Li tcp.timestamps
|
||||
If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options,
|
||||
used for measuring TCP round trip times, are enabled.
|
||||
.It Li icmp.returndatabytes
|
||||
Number of bytes to return in an ICMP error message.
|
||||
.It Li tcp.ack_on_push
|
||||
If set to 1, TCP is to immediately transmit an ACK upon reception of
|
||||
a packet with PUSH set.
|
||||
This can avoid losing a round trip time in some rare situations,
|
||||
but has the caveat of potentially defeating TCP's delayed ACK algorithm.
|
||||
Use of this option is generally not recommended, but
|
||||
the variable exists in case your configuration really needs it.
|
||||
.It Li tcp.compat_42
|
||||
If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation.
|
||||
Use of this option is not recommended, although it may be
|
||||
@ -1192,13 +1180,24 @@ which support HTTP/1.1, which has lingering connections.
|
||||
.It Li tcp.cwm_burstsize
|
||||
The Congestion Window Monitoring allowed burst size, in terms
|
||||
of packet count.
|
||||
.It Li tcp.ack_on_push
|
||||
If set to 1, TCP is to immediately transmit an ACK upon reception of
|
||||
a packet with PUSH set.
|
||||
This can avoid losing a round trip time in some rare situations,
|
||||
but has the caveat of potentially defeating TCP's delayed ACK algorithm.
|
||||
Use of this option is generally not recommended, but
|
||||
the variable exists in case your configuration really needs it.
|
||||
.It Li tcp.delack_ticks
|
||||
Number of ticks to delay sending an ACK.
|
||||
.It Li tcp.do_loopback_cksum
|
||||
Perform TCP checksum on loopback.
|
||||
.It Li tcp.init_win
|
||||
A value indicating the TCP initial congestion window.
|
||||
If this value is 0, an auto-tuning algorithm designed to use an initial
|
||||
window of approximately 4K bytes is in use.
|
||||
Otherwise, this value indicates a fixed number of packets.
|
||||
.It Li tcp.init_win_local
|
||||
Like
|
||||
.Li tcp.init_win ,
|
||||
but used when communicating with hosts on a local network.
|
||||
.It Li tcp.keepcnt
|
||||
Number of keepalive probes sent before declaring a connection dead.
|
||||
If set to zero, there is no limit;
|
||||
keepalives will be sent until some kind of
|
||||
response is received from the peer.
|
||||
.It Li tcp.keepidle
|
||||
Time a connection must be idle before keepalives are sent (if keepalives
|
||||
are enabled for the connection).
|
||||
@ -1207,28 +1206,61 @@ See also tcp.slowhz.
|
||||
Time after a keepalive probe is sent until, in the absence of any response,
|
||||
another probe is sent.
|
||||
See also tcp.slowhz.
|
||||
.It Li tcp.keepcnt
|
||||
Number of keepalive probes sent before declaring a connection dead.
|
||||
If set to zero, there is no limit;
|
||||
keepalives will be sent until some kind of
|
||||
response is received from the peer.
|
||||
.It Li tcp.slowhz
|
||||
The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks
|
||||
of a clock that ticks tcp.slowhz times per second.
|
||||
(That is, their values
|
||||
must be divided by the tcp.slowhz value to get times in seconds.)
|
||||
.It Li tcp.log_refused
|
||||
If set to 1, refused TCP connections to the host will be logged.
|
||||
.It Li tcp.mss_ifmtu
|
||||
If set to 1, TCP calculates the outgoing maximum segment size based on
|
||||
the MTU of the appropriate interface.
|
||||
If set to 0, it is calculated based on the greater of the MTU of the
|
||||
interface, and the largest (non-loopback) interface MTU on the system.
|
||||
.It Li tcp.mssdflt
|
||||
The default maximum segment size both advertised to the peer
|
||||
and to use when either the peer does not advertise a maximum segment size to
|
||||
us during connection setup or Path MTU Discovery
|
||||
.Li ( ip.mtudisc )
|
||||
is disabled.
|
||||
Do not change this value unless you really know what you are doing.
|
||||
.It Li tcp.newreno
|
||||
If set to 1, enables the use of J.
|
||||
Hoe's NewReno congestion control algorithm.
|
||||
This algorithm improves the start-up behavior of TCP connections.
|
||||
.It Li tcp.log_refused
|
||||
If set to 1, refused TCP connections to the host will be logged.
|
||||
.It Li tcp.recvspace
|
||||
The default TCP receive buffer size.
|
||||
.It Li tcp.rfc1323
|
||||
If set to 1, enables RFC 1323 extensions to TCP.
|
||||
.It Li tcp.rstppslimit
|
||||
The variable specifies the maximum number of outgoing TCP RST packets,
|
||||
per second.
|
||||
TCP RST packet that exceeded the value are subject to rate limitation
|
||||
and will not go out from the node.
|
||||
Negative value disables rate limitation.
|
||||
.It Li tcp.sack.enable
|
||||
If set to 1, enables RFC 2018 Selective ACKnowledgement.
|
||||
.It Li tcp.sack.globalholes
|
||||
Global number of TCP SACK holes.
|
||||
.It Li tcp.sack.globalmaxholes
|
||||
Global maximum number of TCP SACK holes.
|
||||
.It Li tcp.sack.maxholes
|
||||
Maximum number of TCP SACK holes allowed per connection.
|
||||
.It Li tcp.sendspace
|
||||
The default TCP send buffer size.
|
||||
.It Li tcp.slowhz
|
||||
The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks
|
||||
of a clock that ticks tcp.slowhz times per second.
|
||||
(That is, their values
|
||||
must be divided by the tcp.slowhz value to get times in seconds.)
|
||||
.It Li tcp.syn_bucket_limit
|
||||
The maximum number of entries allowed per hash bucket in the TCP
|
||||
compressed state engine.
|
||||
.It Li tcp.syn_cache_limit
|
||||
The maximum number of entries allowed in the TCP compressed state
|
||||
engine.
|
||||
.It Li tcp.timestamps
|
||||
If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options,
|
||||
used for measuring TCP round trip times, are enabled.
|
||||
.It Li tcp.win_scale
|
||||
If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options,
|
||||
for increasing the TCP window size, are enabled.
|
||||
.It Li udp.checksum
|
||||
If set to 1, UDP checksums are being computed.
|
||||
Received non-zero UDP checksums are always checked.
|
||||
@ -1249,46 +1281,74 @@ The fourth level name is the variable name.
|
||||
The currently defined protocols and names are:
|
||||
.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent
|
||||
.It Sy Protocol name Variable name Type Changeable
|
||||
.It ip6 forwarding integer yes
|
||||
.It ip6 redirect integer yes
|
||||
.It ip6 hlim integer yes
|
||||
.It ip6 maxfragpackets integer yes
|
||||
.It ip6 accept_rtadv integer yes
|
||||
.It ip6 keepfaith integer yes
|
||||
.It ip6 log_interval integer yes
|
||||
.It ip6 hdrnestlimit integer yes
|
||||
.It ip6 dad_count integer yes
|
||||
.It ip6 auto_flowlabel integer yes
|
||||
.It ip6 defmcasthlim integer yes
|
||||
.It ip6 gif_hlim integer yes
|
||||
.It ip6 kame_version string no
|
||||
.It ip6 use_deprecated integer yes
|
||||
.It ip6 rr_prune integer yes
|
||||
.It ip6 v6only integer yes
|
||||
.It ip6 anonportmin integer yes
|
||||
.It ip6 anonportmax integer yes
|
||||
.It ip6 lowportmin integer yes
|
||||
.It ip6 lowportmax integer yes
|
||||
.It ip6 maxfrags integer yes
|
||||
.It icmp6 rediraccept integer yes
|
||||
.It icmp6 redirtimeout integer yes
|
||||
.It icmp6 nd6_prune integer yes
|
||||
.It icmp6 nd6_delay integer yes
|
||||
.It icmp6 nd6_umaxtries integer yes
|
||||
.It icmp6 nd6_mmaxtries integer yes
|
||||
.It icmp6 nd6_useloopback integer yes
|
||||
.It icmp6 nodeinfo integer yes
|
||||
.It icmp6 errppslimit integer yes
|
||||
.It icmp6 nd6_maxnudhint integer yes
|
||||
.It icmp6 mtudisc_hiwat integer yes
|
||||
.It icmp6 mtudisc_lowat integer yes
|
||||
.It icmp6 nd6_debug integer yes
|
||||
.It udp6 sendspace integer yes
|
||||
.It icmp6 nd6_delay integer yes
|
||||
.It icmp6 nd6_maxnudhint integer yes
|
||||
.It icmp6 nd6_mmaxtries integer yes
|
||||
.It icmp6 nd6_prune integer yes
|
||||
.It icmp6 nd6_umaxtries integer yes
|
||||
.It icmp6 nd6_useloopback integer yes
|
||||
.It icmp6 nodeinfo integer yes
|
||||
.It icmp6 rediraccept integer yes
|
||||
.It icmp6 redirtimeout integer yes
|
||||
.It ip6 accept_rtadv integer yes
|
||||
.It ip6 anonportmax integer yes
|
||||
.It ip6 anonportmin integer yes
|
||||
.It ip6 auto_flowlabel integer yes
|
||||
.It ip6 dad_count integer yes
|
||||
.It ip6 defmcasthlim integer yes
|
||||
.It ip6 forwarding integer yes
|
||||
.It ip6 gifhlim integer yes
|
||||
.It ip6 hlim integer yes
|
||||
.It ip6 hdrnestlimit integer yes
|
||||
.It ip6 kame_version string no
|
||||
.It ip6 keepfaith integer yes
|
||||
.It ip6 log_interval integer yes
|
||||
.It ip6 lowportmax integer yes
|
||||
.It ip6 lowportmin integer yes
|
||||
.It ip6 maxfragpackets integer yes
|
||||
.It ip6 maxfrags integer yes
|
||||
.It ip6 redirect integer yes
|
||||
.It ip6 rr_prune integer yes
|
||||
.It ip6 use_deprecated integer yes
|
||||
.It ip6 v6only integer yes
|
||||
.It udp6 do_loopback_cksum integer yes
|
||||
.It udp6 recvspace integer yes
|
||||
.It udp6 sendspace integer yes
|
||||
.El
|
||||
.Pp
|
||||
The variables are as follows:
|
||||
.Bl -tag -width "123456"
|
||||
.It Li ip6.accept_rtadv
|
||||
If set to non-zero, the node will accept ICMPv6 router advertisement packets
|
||||
and autoconfigures address prefixes and default routers.
|
||||
The node must be a host
|
||||
.Pq not a router
|
||||
for the option to be meaningful.
|
||||
.It Li ip6.anonportmax
|
||||
The highest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535, and must
|
||||
be greater than
|
||||
.Li ip6.anonportmin .
|
||||
.It Li ip6.anonportmin
|
||||
The lowest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535.
|
||||
.It Li ip6.auto_flowlabel
|
||||
On connected transport protocol packets,
|
||||
fill IPv6 flowlabel field to help intermediate routers to identify packet flows.
|
||||
.It Li ip6.dad_count
|
||||
The variable configures number of IPv6 DAD
|
||||
.Pq duplicated address detection
|
||||
probe packets.
|
||||
The packets will be generated when IPv6 interface addresses are configured.
|
||||
.It Li ip6.defmcasthlim
|
||||
The default hop limit value for an IPv6 multicast packet sourced by the node.
|
||||
This value applies to all the transport protocols on top of IPv6.
|
||||
There are APIs to override the value, as documented in
|
||||
.Xr ip6 4 .
|
||||
.It Li ip6.forwarding
|
||||
If set to 1, enables IPv6 forwarding for the node,
|
||||
meaning that the node is acting as a router.
|
||||
@ -1302,26 +1362,20 @@ case quite differently, and changing this variable during operation
|
||||
may cause serious trouble.
|
||||
It is recommended to configure the variable at bootstrap time,
|
||||
and bootstrap time only.
|
||||
.It Li ip6.redirect
|
||||
If set to 1, ICMPv6 redirects may be sent by the node.
|
||||
This option is ignored unless the node is routing IP packets,
|
||||
and should normally be enabled on all systems.
|
||||
.It Li ip6.gifhlim
|
||||
The maximum hop limit value for an IPv6 packet generated by
|
||||
.Xr gif 4
|
||||
tunnel interface.
|
||||
.It Li ip6.hdrnestlimit
|
||||
The number of IPv6 extension headers permitted on incoming IPv6 packets.
|
||||
If set to 0, the node will accept as many extension headers as possible.
|
||||
.It Li ip6.hlim
|
||||
The default hop limit value for an IPv6 unicast packet sourced by the node.
|
||||
This value applies to all the transport protocols on top of IPv6.
|
||||
There are APIs to override the value, as documented in
|
||||
.Xr ip6 4 .
|
||||
.It Li ip6.maxfragpackets
|
||||
The maximum number of fragmented packets the node will accept.
|
||||
0 means that the node will not accept any fragmented packets.
|
||||
\-1 means that the node will accept as many fragmented packets as it receives.
|
||||
The flag is provided basically for avoiding possible DoS attacks.
|
||||
.It Li ip6.accept_rtadv
|
||||
If set to non-zero, the node will accept ICMPv6 router advertisement packets
|
||||
and autoconfigures address prefixes and default routers.
|
||||
The node must be a host
|
||||
.Pq not a router
|
||||
for the option to be meaningful.
|
||||
.It Li ip6.kame_version
|
||||
The string identifies the version of KAME IPv6 stack implemented in the kernel.
|
||||
.It Li ip6.keepfaith
|
||||
If set to non-zero, it enables
|
||||
.Dq FAITH
|
||||
@ -1335,33 +1389,35 @@ for detail.
|
||||
The variable controls amount of logs generated by IPv6 packet
|
||||
forwarding engine, by setting interval between log output
|
||||
.Pq in seconds .
|
||||
.It Li ip6.hdrnestlimit
|
||||
The number of IPv6 extension headers permitted on incoming IPv6 packets.
|
||||
If set to 0, the node will accept as many extension headers as possible.
|
||||
.It Li ip6.dad_count
|
||||
The variable configures number of IPv6 DAD
|
||||
.Pq duplicated address detection
|
||||
probe packets.
|
||||
The packets will be generated when IPv6 interface addresses are configured.
|
||||
.It Li ip6.auto_flowlabel
|
||||
On connected transport protocol packets,
|
||||
fill IPv6 flowlabel field to help intermediate routers to identify packet flows.
|
||||
.It Li ip6.defmcasthlim
|
||||
The default hop limit value for an IPv6 multicast packet sourced by the node.
|
||||
This value applies to all the transport protocols on top of IPv6.
|
||||
There are APIs to override the value, as documented in
|
||||
.Xr ip6 4 .
|
||||
.It Li ip6.gif_hlim
|
||||
The maximum hop limit value for an IPv6 packet generated by
|
||||
.Xr gif 4
|
||||
tunnel interface.
|
||||
.It Li ip6.kame_version
|
||||
The string identifies the version of KAME IPv6 stack implemented in the kernel.
|
||||
.It Li ip6.use_deprecated
|
||||
The variable controls use of deprecated address, specified in RFC 2462 5.5.4.
|
||||
.It Li ip6.lowportmax
|
||||
The highest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be greater than
|
||||
.Li ip6.lowportmin .
|
||||
.It Li ip6.lowportmin
|
||||
The lowest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be smaller than
|
||||
.Li ip6.lowportmax .
|
||||
.It Li ip6.maxfragpackets
|
||||
The maximum number of fragmented packets the node will accept.
|
||||
0 means that the node will not accept any fragmented packets.
|
||||
\-1 means that the node will accept as many fragmented packets as it receives.
|
||||
The flag is provided basically for avoiding possible DoS attacks.
|
||||
.It Li ip6.maxfrags
|
||||
The maximum number of fragments the node will accept.
|
||||
0 means that the node will not accept any fragments.
|
||||
\-1 means that the node will accept as many fragments as it receives.
|
||||
The flag is provided basically for avoiding possible DoS attacks.
|
||||
.It Li ip6.redirect
|
||||
If set to 1, ICMPv6 redirects may be sent by the node.
|
||||
This option is ignored unless the node is routing IP packets,
|
||||
and should normally be enabled on all systems.
|
||||
.It Li ip6.rr_prune
|
||||
The variable specifies interval between IPv6 router renumbering prefix
|
||||
babysitting, in seconds.
|
||||
.It Li ip6.use_deprecated
|
||||
The variable controls use of deprecated address, specified in RFC 2462 5.5.4.
|
||||
.It Li ip6.v6only
|
||||
The variable specifies initial value for
|
||||
.Dv IPV6_V6ONLY
|
||||
@ -1371,90 +1427,12 @@ socket.
|
||||
Please refer to
|
||||
.Xr ip6 4
|
||||
for detail.
|
||||
.It Li ip6.anonportmin
|
||||
The lowest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535.
|
||||
.It Li ip6.anonportmax
|
||||
The highest port number to use for TCP and UDP ephemeral port allocation.
|
||||
This cannot be set to less than 1024 or greater than 65535, and must
|
||||
be greater than
|
||||
.Li ip6.anonportmin .
|
||||
.It Li ip6.lowportmin
|
||||
The lowest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be smaller than
|
||||
.Li ip6.lowportmax .
|
||||
.It Li ip6.lowportmax
|
||||
The highest port number to use for TCP and UDP reserved port allocation.
|
||||
This cannot be set to less than 0 or greater than 1024, and must
|
||||
be greater than
|
||||
.Li ip6.lowportmin .
|
||||
.It Li ip6.maxfrags
|
||||
The maximum number of fragments the node will accept.
|
||||
0 means that the node will not accept any fragments.
|
||||
\-1 means that the node will accept as many fragments as it receives.
|
||||
The flag is provided basically for avoiding possible DoS attacks.
|
||||
.It Li icmp6.rediraccept
|
||||
If set to non-zero, the host will accept ICMPv6 redirect packets.
|
||||
Note that IPv6 routers will never accept ICMPv6 redirect packets,
|
||||
and the variable is meaningful on IPv6 hosts
|
||||
.Pq non-router
|
||||
only.
|
||||
.It Li icmp6.redirtimeout
|
||||
The variable specifies lifetime of routing entries generated by incoming
|
||||
ICMPv6 redirect.
|
||||
.It Li icmp6.nd6_prune
|
||||
The variable specifies interval between IPv6 neighbor cache babysitting,
|
||||
in seconds.
|
||||
.It Li icmp6.nd6_delay
|
||||
The variable specifies
|
||||
.Dv DELAY_FIRST_PROBE_TIME
|
||||
timing constant in IPv6 neighbor discovery specification
|
||||
.Pq RFC 2461 ,
|
||||
in seconds.
|
||||
.It Li icmp6.nd6_umaxtries
|
||||
The variable specifies
|
||||
.Dv MAX_UNICAST_SOLICIT
|
||||
constant in IPv6 neighbor discovery specification
|
||||
.Pq RFC 2461 .
|
||||
.It Li icmp6.nd6_mmaxtries
|
||||
The variable specifies
|
||||
.Dv MAX_MULTICAST_SOLICIT
|
||||
constant in IPv6 neighbor discovery specification
|
||||
.Pq RFC 2461 .
|
||||
.It Li icmp6.nd6_useloopback
|
||||
If set to non-zero, kernel IPv6 stack will use loopback interface for
|
||||
local traffic.
|
||||
.It Li icmp6.nodeinfo
|
||||
The variable enables responses to ICMPv6 node information queries.
|
||||
If you set the variable to 0, responses will not be generated for
|
||||
ICMPv6 node information queries.
|
||||
Since node information queries can have a security impact, it is
|
||||
possible to fine tune which responses should be answered.
|
||||
Two separate bits can be set.
|
||||
.Bl -tag -width "12345"
|
||||
.It 1
|
||||
Respond to ICMPv6 FQDN queries, e.g.
|
||||
.Li ping6 -w .
|
||||
.It 2
|
||||
Respond to ICMPv6 node addresses queries, e.g.
|
||||
.Li ping6 -a .
|
||||
.El
|
||||
.It Li icmp6.errppslimit
|
||||
The variable specifies the maximum number of outgoing ICMPv6 error messages,
|
||||
per second.
|
||||
ICMPv6 error messages that exceeded the value are subject to rate limitation
|
||||
and will not go out from the node.
|
||||
Negative value disables rate limitation.
|
||||
.It Li icmp6.nd6_maxnudhint
|
||||
IPv6 neighbor discovery permits upper layer protocols to supply reachability
|
||||
hints, to avoid unnecessary neighbor discovery exchanges.
|
||||
The variable defines the number of consecutive hints the neighbor discovery
|
||||
layer will take.
|
||||
For example, by setting the variable to 3, neighbor discovery layer
|
||||
will take 3 consecutive hints in maximum.
|
||||
After receiving 3 hints, neighbor discovery layer will perform
|
||||
normal neighbor discovery process.
|
||||
.It Li icmp6.mtudisc_hiwat
|
||||
.It Li icmp6.mtudisc_lowat
|
||||
The variables define the maximum number of routing table entries,
|
||||
@ -1475,6 +1453,67 @@ If set to non-zero, kernel IPv6 neighbor discovery code will generate
|
||||
debugging messages.
|
||||
The debug outputs are useful to diagnose IPv6 interoperability issues.
|
||||
The flag must be set to 0 for normal operation.
|
||||
.It Li icmp6.nd6_delay
|
||||
The variable specifies
|
||||
.Dv DELAY_FIRST_PROBE_TIME
|
||||
timing constant in IPv6 neighbor discovery specification
|
||||
.Pq RFC 2461 ,
|
||||
in seconds.
|
||||
.It Li icmp6.nd6_maxnudhint
|
||||
IPv6 neighbor discovery permits upper layer protocols to supply reachability
|
||||
hints, to avoid unnecessary neighbor discovery exchanges.
|
||||
The variable defines the number of consecutive hints the neighbor discovery
|
||||
layer will take.
|
||||
For example, by setting the variable to 3, neighbor discovery layer
|
||||
will take 3 consecutive hints in maximum.
|
||||
After receiving 3 hints, neighbor discovery layer will perform
|
||||
normal neighbor discovery process.
|
||||
.It Li icmp6.nd6_mmaxtries
|
||||
The variable specifies
|
||||
.Dv MAX_MULTICAST_SOLICIT
|
||||
constant in IPv6 neighbor discovery specification
|
||||
.Pq RFC 2461 .
|
||||
.It Li icmp6.nd6_prune
|
||||
The variable specifies interval between IPv6 neighbor cache babysitting,
|
||||
in seconds.
|
||||
.It Li icmp6.nd6_umaxtries
|
||||
The variable specifies
|
||||
.Dv MAX_UNICAST_SOLICIT
|
||||
constant in IPv6 neighbor discovery specification
|
||||
.Pq RFC 2461 .
|
||||
.It Li icmp6.nd6_useloopback
|
||||
If set to non-zero, kernel IPv6 stack will use loopback interface for
|
||||
local traffic.
|
||||
.It Li icmp6.nodeinfo
|
||||
The variable enables responses to ICMPv6 node information queries.
|
||||
If you set the variable to 0, responses will not be generated for
|
||||
ICMPv6 node information queries.
|
||||
Since node information queries can have a security impact, it is
|
||||
possible to fine tune which responses should be answered.
|
||||
Two separate bits can be set.
|
||||
.Bl -tag -width "12345"
|
||||
.It 1
|
||||
Respond to ICMPv6 FQDN queries, e.g.
|
||||
.Li ping6 -w .
|
||||
.It 2
|
||||
Respond to ICMPv6 node addresses queries, e.g.
|
||||
.Li ping6 -a .
|
||||
.El
|
||||
.It Li icmp6.rediraccept
|
||||
If set to non-zero, the host will accept ICMPv6 redirect packets.
|
||||
Note that IPv6 routers will never accept ICMPv6 redirect packets,
|
||||
and the variable is meaningful on IPv6 hosts
|
||||
.Pq non-router
|
||||
only.
|
||||
.It Li icmp6.redirtimeout
|
||||
The variable specifies lifetime of routing entries generated by incoming
|
||||
ICMPv6 redirect.
|
||||
.It Li udp6.do_loopback_cksum
|
||||
Perform UDP checksum on loopback.
|
||||
.It Li udp6.recvspace
|
||||
Default UDP receive buffer size.
|
||||
.It Li udp6.sendspace
|
||||
Default UDP send buffer size.
|
||||
.El
|
||||
.Pp
|
||||
We reuse net.*.tcp for
|
||||
|
||||
Loading…
Reference in New Issue
Block a user