1Documentation for /proc/sys/net/* 2 (c) 1999 Terrehon Bowden <terrehon@pacbell.net> 3 Bodo Bauer <bb@ricochet.net> 4 (c) 2000 Jorge Nerin <comandante@zaralinux.com> 5 (c) 2009 Shen Feng <shen@cn.fujitsu.com> 6 7For general info and legal blurb, please look in README. 8 9============================================================== 10 11This file contains the documentation for the sysctl files in 12/proc/sys/net 13 14The interface to the networking parts of the kernel is located in 15/proc/sys/net. The following table shows all possible subdirectories. You may 16see only some of them, depending on your kernel's configuration. 17 18 19Table : Subdirectories in /proc/sys/net 20.............................................................................. 21 Directory Content Directory Content 22 core General parameter appletalk Appletalk protocol 23 unix Unix domain sockets netrom NET/ROM 24 802 E802 protocol ax25 AX25 25 ethernet Ethernet protocol rose X.25 PLP layer 26 ipv4 IP version 4 x25 X.25 protocol 27 ipx IPX token-ring IBM token ring 28 bridge Bridging decnet DEC net 29 ipv6 IP version 6 tipc TIPC 30.............................................................................. 31 321. /proc/sys/net/core - Network core options 33------------------------------------------------------- 34 35bpf_jit_enable 36-------------- 37 38This enables Berkeley Packet Filter Just in Time compiler. 39Currently supported on x86_64 architecture, bpf_jit provides a framework 40to speed packet filtering, the one used by tcpdump/libpcap for example. 41Values : 42 0 - disable the JIT (default value) 43 1 - enable the JIT 44 2 - enable the JIT and ask the compiler to emit traces on kernel log. 45 46bpf_jit_harden 47-------------- 48 49This enables hardening for the Berkeley Packet Filter Just in Time compiler. 50Supported are eBPF JIT backends. Enabling hardening trades off performance, 51but can mitigate JIT spraying. 52Values : 53 0 - disable JIT hardening (default value) 54 1 - enable JIT hardening for unprivileged users only 55 2 - enable JIT hardening for all users 56 57dev_weight 58-------------- 59 60The maximum number of packets that kernel can handle on a NAPI interrupt, 61it's a Per-CPU variable. 62Default: 64 63 64default_qdisc 65-------------- 66 67The default queuing discipline to use for network devices. This allows 68overriding the default of pfifo_fast with an alternative. Since the default 69queuing discipline is created without additional parameters so is best suited 70to queuing disciplines that work well without configuration like stochastic 71fair queue (sfq), CoDel (codel) or fair queue CoDel (fq_codel). Don't use 72queuing disciplines like Hierarchical Token Bucket or Deficit Round Robin 73which require setting up classes and bandwidths. Note that physical multiqueue 74interfaces still use mq as root qdisc, which in turn uses this default for its 75leaves. Virtual devices (like e.g. lo or veth) ignore this setting and instead 76default to noqueue. 77Default: pfifo_fast 78 79busy_read 80---------------- 81Low latency busy poll timeout for socket reads. (needs CONFIG_NET_RX_BUSY_POLL) 82Approximate time in us to busy loop waiting for packets on the device queue. 83This sets the default value of the SO_BUSY_POLL socket option. 84Can be set or overridden per socket by setting socket option SO_BUSY_POLL, 85which is the preferred method of enabling. If you need to enable the feature 86globally via sysctl, a value of 50 is recommended. 87Will increase power usage. 88Default: 0 (off) 89 90busy_poll 91---------------- 92Low latency busy poll timeout for poll and select. (needs CONFIG_NET_RX_BUSY_POLL) 93Approximate time in us to busy loop waiting for events. 94Recommended value depends on the number of sockets you poll on. 95For several sockets 50, for several hundreds 100. 96For more than that you probably want to use epoll. 97Note that only sockets with SO_BUSY_POLL set will be busy polled, 98so you want to either selectively set SO_BUSY_POLL on those sockets or set 99sysctl.net.busy_read globally. 100Will increase power usage. 101Default: 0 (off) 102 103rmem_default 104------------ 105 106The default setting of the socket receive buffer in bytes. 107 108rmem_max 109-------- 110 111The maximum receive socket buffer size in bytes. 112 113tstamp_allow_data 114----------------- 115Allow processes to receive tx timestamps looped together with the original 116packet contents. If disabled, transmit timestamp requests from unprivileged 117processes are dropped unless socket option SOF_TIMESTAMPING_OPT_TSONLY is set. 118Default: 1 (on) 119 120 121wmem_default 122------------ 123 124The default setting (in bytes) of the socket send buffer. 125 126wmem_max 127-------- 128 129The maximum send socket buffer size in bytes. 130 131message_burst and message_cost 132------------------------------ 133 134These parameters are used to limit the warning messages written to the kernel 135log from the networking code. They enforce a rate limit to make a 136denial-of-service attack impossible. A higher message_cost factor, results in 137fewer messages that will be written. Message_burst controls when messages will 138be dropped. The default settings limit warning messages to one every five 139seconds. 140 141warnings 142-------- 143 144This sysctl is now unused. 145 146This was used to control console messages from the networking stack that 147occur because of problems on the network like duplicate address or bad 148checksums. 149 150These messages are now emitted at KERN_DEBUG and can generally be enabled 151and controlled by the dynamic_debug facility. 152 153netdev_budget 154------------- 155 156Maximum number of packets taken from all interfaces in one polling cycle (NAPI 157poll). In one polling cycle interfaces which are registered to polling are 158probed in a round-robin manner. 159 160netdev_max_backlog 161------------------ 162 163Maximum number of packets, queued on the INPUT side, when the interface 164receives packets faster than kernel can process them. 165 166netdev_rss_key 167-------------- 168 169RSS (Receive Side Scaling) enabled drivers use a 40 bytes host key that is 170randomly generated. 171Some user space might need to gather its content even if drivers do not 172provide ethtool -x support yet. 173 174myhost:~# cat /proc/sys/net/core/netdev_rss_key 17584:50:f4:00:a8:15:d1:a7:e9:7f:1d:60:35:c7:47:25:42:97:74:ca:56:bb:b6:a1:d8: ... (52 bytes total) 176 177File contains nul bytes if no driver ever called netdev_rss_key_fill() function. 178Note: 179/proc/sys/net/core/netdev_rss_key contains 52 bytes of key, 180but most drivers only use 40 bytes of it. 181 182myhost:~# ethtool -x eth0 183RX flow hash indirection table for eth0 with 8 RX ring(s): 184 0: 0 1 2 3 4 5 6 7 185RSS hash key: 18684:50:f4:00:a8:15:d1:a7:e9:7f:1d:60:35:c7:47:25:42:97:74:ca:56:bb:b6:a1:d8:43:e3:c9:0c:fd:17:55:c2:3a:4d:69:ed:f1:42:89 187 188netdev_tstamp_prequeue 189---------------------- 190 191If set to 0, RX packet timestamps can be sampled after RPS processing, when 192the target CPU processes packets. It might give some delay on timestamps, but 193permit to distribute the load on several cpus. 194 195If set to 1 (default), timestamps are sampled as soon as possible, before 196queueing. 197 198optmem_max 199---------- 200 201Maximum ancillary buffer size allowed per socket. Ancillary data is a sequence 202of struct cmsghdr structures with appended data. 203 2042. /proc/sys/net/unix - Parameters for Unix domain sockets 205------------------------------------------------------- 206 207There is only one file in this directory. 208unix_dgram_qlen limits the max number of datagrams queued in Unix domain 209socket's buffer. It will not take effect unless PF_UNIX flag is specified. 210 211 2123. /proc/sys/net/ipv4 - IPV4 settings 213------------------------------------------------------- 214Please see: Documentation/networking/ip-sysctl.txt and ipvs-sysctl.txt for 215descriptions of these entries. 216 217 2184. Appletalk 219------------------------------------------------------- 220 221The /proc/sys/net/appletalk directory holds the Appletalk configuration data 222when Appletalk is loaded. The configurable parameters are: 223 224aarp-expiry-time 225---------------- 226 227The amount of time we keep an ARP entry before expiring it. Used to age out 228old hosts. 229 230aarp-resolve-time 231----------------- 232 233The amount of time we will spend trying to resolve an Appletalk address. 234 235aarp-retransmit-limit 236--------------------- 237 238The number of times we will retransmit a query before giving up. 239 240aarp-tick-time 241-------------- 242 243Controls the rate at which expires are checked. 244 245The directory /proc/net/appletalk holds the list of active Appletalk sockets 246on a machine. 247 248The fields indicate the DDP type, the local address (in network:node format) 249the remote address, the size of the transmit pending queue, the size of the 250received queue (bytes waiting for applications to read) the state and the uid 251owning the socket. 252 253/proc/net/atalk_iface lists all the interfaces configured for appletalk.It 254shows the name of the interface, its Appletalk address, the network range on 255that address (or network number for phase 1 networks), and the status of the 256interface. 257 258/proc/net/atalk_route lists each known network route. It lists the target 259(network) that the route leads to, the router (may be directly connected), the 260route flags, and the device the route is using. 261 262 2635. IPX 264------------------------------------------------------- 265 266The IPX protocol has no tunable values in proc/sys/net. 267 268The IPX protocol does, however, provide proc/net/ipx. This lists each IPX 269socket giving the local and remote addresses in Novell format (that is 270network:node:port). In accordance with the strange Novell tradition, 271everything but the port is in hex. Not_Connected is displayed for sockets that 272are not tied to a specific remote address. The Tx and Rx queue sizes indicate 273the number of bytes pending for transmission and reception. The state 274indicates the state the socket is in and the uid is the owning uid of the 275socket. 276 277The /proc/net/ipx_interface file lists all IPX interfaces. For each interface 278it gives the network number, the node number, and indicates if the network is 279the primary network. It also indicates which device it is bound to (or 280Internal for internal networks) and the Frame Type if appropriate. Linux 281supports 802.3, 802.2, 802.2 SNAP and DIX (Blue Book) ethernet framing for 282IPX. 283 284The /proc/net/ipx_route table holds a list of IPX routes. For each route it 285gives the destination network, the router node (or Directly) and the network 286address of the router (or Connected) for internal networks. 287 2886. TIPC 289------------------------------------------------------- 290 291tipc_rmem 292---------- 293 294The TIPC protocol now has a tunable for the receive memory, similar to the 295tcp_rmem - i.e. a vector of 3 INTEGERs: (min, default, max) 296 297 # cat /proc/sys/net/tipc/tipc_rmem 298 4252725 34021800 68043600 299 # 300 301The max value is set to CONN_OVERLOAD_LIMIT, and the default and min values 302are scaled (shifted) versions of that same value. Note that the min value 303is not at this point in time used in any meaningful way, but the triplet is 304preserved in order to be consistent with things like tcp_rmem. 305 306named_timeout 307-------------- 308 309TIPC name table updates are distributed asynchronously in a cluster, without 310any form of transaction handling. This means that different race scenarios are 311possible. One such is that a name withdrawal sent out by one node and received 312by another node may arrive after a second, overlapping name publication already 313has been accepted from a third node, although the conflicting updates 314originally may have been issued in the correct sequential order. 315If named_timeout is nonzero, failed topology updates will be placed on a defer 316queue until another event arrives that clears the error, or until the timeout 317expires. Value is in milliseconds. 318