Lines Matching +full:send +full:- +full:not +full:- +full:empty
1 .. SPDX-License-Identifier: GPL-2.0
10 ip_forward - BOOLEAN
11 - 0 - disabled (default)
12 - not 0 - enabled
20 ip_default_ttl - INTEGER
21 Default value of TTL field (Time To Live) for outgoing (but not
25 ip_no_pmtu_disc - INTEGER
27 fragmentation-required ICMP is received, the PMTU to this
38 accept fragmentation-needed errors if the underlying protocol
42 association. This mode should not be enabled globally but is
48 Possible values: 0-3
52 min_pmtu - INTEGER
53 default 552 - minimum Path MTU. Unless this is changed manually,
56 ip_forward_use_pmtu - BOOLEAN
60 You only need to enable this if you have user-space software
62 kernel honoring this information. This is normally not the
69 - 0 - disabled
70 - 1 - enabled
72 fwmark_reflect - BOOLEAN
73 Controls the fwmark of kernel-generated IPv4 reply packets that are not
80 fib_multipath_use_neigh - BOOLEAN
82 multipath routes. If disabled, neighbor information is not used and
90 - 0 - disabled
91 - 1 - enabled
93 fib_multipath_hash_policy - INTEGER
101 - 0 - Layer 3
102 - 1 - Layer 4
103 - 2 - Layer 3 or inner Layer 3 if present
104 - 3 - Custom multipath hash. Fields used for multipath hash calculation
107 fib_multipath_hash_fields - UNSIGNED INTEGER
134 fib_multipath_hash_seed - UNSIGNED INTEGER
140 internal random-generated one.
142 The actual hashing algorithm is not specified -- there is no guarantee
148 fib_sync_mem - UNSIGNED INTEGER
154 ip_forward_update_priority - INTEGER
157 according to an rt_tos2priority table (see e.g. man tc-prio).
163 - 0 - Do not update priority.
164 - 1 - Update priority.
166 route/max_size - INTEGER
176 neigh/default/gc_thresh1 - INTEGER
177 Minimum number of entries to keep. Garbage collector will not
182 neigh/default/gc_thresh2 - INTEGER
189 neigh/default/gc_thresh3 - INTEGER
190 Maximum number of non-PERMANENT neighbor entries allowed. Increase
192 with large numbers of directly-connected peers.
196 neigh/default/unres_qlen_bytes - INTEGER
209 neigh/default/unres_qlen - INTEGER
222 neigh/default/interval_probe_time_ms - INTEGER
228 mtu_expires - INTEGER
231 min_adv_mss - INTEGER
235 fib_notify_on_flag_change - INTEGER
241 but not necessarily in hardware.
246 The notifications will indicate to user-space the state of the route.
248 Default: 0 (Do not emit notifications.)
252 - 0 - Do not emit notifications.
253 - 1 - Emit notifications.
254 - 2 - Emit notifications only for RTM_F_OFFLOAD_FAILED flag change.
258 ipfrag_high_thresh - LONG INTEGER
261 ipfrag_low_thresh - LONG INTEGER
262 (Obsolete since linux-4.17)
267 ipfrag_time - INTEGER
270 ipfrag_max_dist - INTEGER
271 ipfrag_max_dist is a non-negative integer value which defines the
274 not unusual, but if a large number of fragments arrive from a source
278 is done on fragments before they are added to a reassembly queue - if
293 bc_forwarding - INTEGER
294 bc_forwarding enables the feature described in rfc1812#section-5.3.5.2
303 inet_peer_threshold - INTEGER
306 entries' time-to-live and time intervals between garbage collection
307 passes. More entries, less time-to-live, less GC interval.
309 inet_peer_minttl - INTEGER
310 Minimum time-to-live of entries. Should be enough to cover fragment
311 time-to-live on the reassembling side. This minimum time-to-live is
315 inet_peer_maxttl - INTEGER
316 Maximum time-to-live of entries. Unused entries will expire after
324 somaxconn - INTEGER
326 Defaults to 4096. (Was 128 before linux-5.4)
329 tcp_abort_on_overflow - BOOLEAN
337 tcp_adv_win_scale - INTEGER
338 Obsolete since linux-6.6
340 (if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
343 Possible values are [-31, 31], inclusive.
347 tcp_allowed_congestion_control - STRING
348 Show/set the congestion control choices available to non-privileged
354 tcp_app_win - INTEGER
362 tcp_autocorking - BOOLEAN
373 tcp_available_congestion_control - STRING
376 but not loaded.
378 tcp_base_mss - INTEGER
383 tcp_mtu_probe_floor - INTEGER
389 tcp_min_snd_mss - INTEGER
398 tcp_congestion_control - STRING
408 tcp_dsack - BOOLEAN
409 Allows TCP to send "duplicate" SACKs.
411 tcp_early_retrans - INTEGER
413 losses into fast recovery (draft-ietf-tcpm-rack). Note that
418 - 0 disables TLP
419 - 3 or 4 enables TLP
423 tcp_ecn - INTEGER
437 but do not request ECN on outgoing connections.
442 tcp_ecn_fallback - BOOLEAN
444 back to non-ECN. Currently, this knob implements the fallback
447 knob. The value is not used, if tcp_ecn or per route (or congestion
452 tcp_fack - BOOLEAN
455 tcp_fin_timeout - INTEGER
459 valid "receive only" state for an un-orphaned connection, an
467 tcp_frto - INTEGER
468 Enables Forward RTO-Recovery (F-RTO) defined in RFC5682.
469 F-RTO is an enhanced recovery algorithm for TCP retransmission
471 RTT fluctuates (e.g., wireless). F-RTO is sender-side only
472 modification. It does not require any support from the peer.
474 By default it's enabled with a non-zero value. 0 disables F-RTO.
476 tcp_fwmark_accept - BOOLEAN
477 If set, incoming connections to listening sockets that do not have a
487 tcp_invalid_ratelimit - INTEGER
492 (a) out-of-window sequence number,
493 (b) out-of-window acknowledgment number, or
497 a buggy or malicious middlebox or man-in-the-middle can
500 causing each side to send an unterminating stream of duplicate
503 Using 0 disables rate-limiting of dupacks in response to
509 tcp_keepalive_time - INTEGER
513 tcp_keepalive_probes - INTEGER
517 tcp_keepalive_intvl - INTEGER
518 How frequently the probes are send out. Multiplied by
519 tcp_keepalive_probes it is time to kill not responding connection,
523 tcp_l3mdev_accept - BOOLEAN
533 tcp_low_latency - BOOLEAN
536 tcp_max_orphans - INTEGER
537 Maximal number of TCP sockets not attached to any user file handle,
540 only to prevent simple DoS attacks, you _must_ not rely on this
548 tcp_max_syn_backlog - INTEGER
550 which have not received an acknowledgment from connecting client.
552 This is a per-listener limit.
562 tcp_max_tw_buckets - INTEGER
564 If this number is exceeded time-wait socket is immediately destroyed
566 simple DoS attacks, you _must_ not lower the limit artificially,
570 tcp_mem - vector of 3 INTEGERs: min, pressure, max
571 min: below this number of pages TCP is not bothered about its
584 tcp_min_rtt_wlen - INTEGER
591 Possible values: 0 - 86400 (1 day)
595 tcp_moderate_rcvbuf - BOOLEAN
596 If set, TCP performs receive buffer auto-tuning, attempting to
601 tcp_mtu_probing - INTEGER
602 Controls TCP Packetization-Layer Path MTU Discovery. Takes three
605 - 0 - Disabled
606 - 1 - Disabled by default, enabled when an ICMP black hole detected
607 - 2 - Always enabled, use initial MSS of tcp_base_mss.
609 tcp_probe_interval - UNSIGNED INTEGER
610 Controls how often to start TCP Packetization-Layer Path MTU
614 tcp_probe_threshold - INTEGER
615 Controls when TCP Packetization-Layer Path MTU Discovery probing
619 tcp_no_metrics_save - BOOLEAN
624 degradation. If set, TCP will not cache metrics on closing
627 tcp_no_ssthresh_metrics_save - BOOLEAN
632 tcp_orphan_retries - INTEGER
643 tcp_recovery - INTEGER
659 tcp_reflect_tos - BOOLEAN
669 tcp_reordering - INTEGER
676 tcp_max_reordering - INTEGER
683 tcp_retrans_collapse - BOOLEAN
684 Bug-to-bug compatibility with some broken printers.
685 On retransmit try to send bigger packets to work around bugs in
688 tcp_retries1 - INTEGER
697 tcp_retries2 - INTEGER
712 tcp_rfc1337 - BOOLEAN
714 we are not conforming to RFC, but prevent TCP TIME_WAIT
719 tcp_rmem - vector of 3 INTEGERs: min, default, max
732 selected receiver buffers for TCP socket. This value does not override
738 tcp_sack - BOOLEAN
741 tcp_comp_sack_delay_ns - LONG INTEGER
748 tcp_comp_sack_slack_ns - LONG INTEGER
756 tcp_comp_sack_nr - INTEGER
762 tcp_backlog_ack_defer - BOOLEAN
769 tcp_slow_start_after_idle - BOOLEAN
772 the current RTO. If unset, the congestion window will not
777 tcp_stdurg - BOOLEAN
780 Linux might not communicate correctly with them.
784 tcp_synack_retries - INTEGER
786 be retransmitted. Should not be higher than 255. Default value
791 tcp_syncookies - INTEGER
793 Send out syncookies when the syn backlog queue of a socket
798 It MUST NOT be used to help highly loaded servers to stand
805 syncookies seriously violate TCP protocol, do not allow
807 of some services (f.e. SMTP relaying), visible not by you,
809 SYN flood warnings in logs not being really flooded, your server
816 tcp_migrate_req - BOOLEAN
818 the initial SYN packet is received during the three-way handshake.
819 When a listener is closed, in-flight request sockets during the
841 tcp_fastopen - INTEGER
842 Enable TCP Fast Open (RFC7413) to send and accept data in the opening
847 rather than connect() to send data in SYN.
852 the option value being the length of the syn-data backlog.
860 application before 3-way handshake finishes.
861 0x4 (client) send data in the opening SYN regardless of cookie
863 0x200 (server) accept data-in-SYN w/o any cookie option present.
873 tcp_fastopen_blackhole_timeout_sec - INTEGER
877 get detected right after Fastopen is re-enabled and will reset to
883 tcp_fastopen_key - list of comma separated 32-digit hexadecimal INTEGERs
891 TCP_FASTOPEN setsockopt() optname is set and a key has not been
894 per-socket keys will be used instead of any keys that are specified via
897 A key is specified as 4 8-digit hexadecimal integers which are separated
898 by a '-' as: xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx. Leading zeros may be
903 tcp_syn_retries - INTEGER
905 will be retransmitted. Should not be higher than 127. Default value
911 tcp_timestamps - INTEGER
914 - 0: Disabled.
915 - 1: Enable timestamps as defined in RFC1323 and use random offset for
917 - 2: Like 1, but without random offsets.
921 tcp_min_tso_segs - INTEGER
924 Since linux-3.12, TCP does an automatic sizing of TSO frames,
932 tcp_tso_rtt_log - INTEGER
935 Starting from linux-5.18, TCP autosizing can be tweaked
938 Old autosizing was splitting the pacing budget to send 1024 TSO
941 tso_packet_size = sk->sk_pacing_rate / 1024;
955 tcp_pacing_ss_ratio - INTEGER
956 sk->sk_pacing_rate is set by TCP stack using a ratio applied
964 tcp_pacing_ca_ratio - INTEGER
965 sk->sk_pacing_rate is set by TCP stack using a ratio applied
972 tcp_syn_linear_timeouts - INTEGER
982 tcp_tso_win_divisor - INTEGER
990 tcp_tw_reuse - INTEGER
991 Enable reuse of TIME-WAIT sockets for new connections when it is
994 - 0 - disable
995 - 1 - global enable
996 - 2 - enable for loopback traffic only
998 It should not be changed without advice/request of technical
1003 tcp_window_scaling - BOOLEAN
1006 tcp_shrink_window - BOOLEAN
1013 - 0 - Disabled. The window is never shrunk.
1014 - 1 - Enabled. The window is shrunk when necessary to remain within
1016 This only occurs if a non-zero receive window
1021 tcp_wmem - vector of 3 INTEGERs: min, default, max
1022 min: Amount of memory reserved for send buffers for TCP sockets.
1027 default: initial size of send buffer used by TCP sockets. This
1035 send buffers for TCP sockets. This value does not override
1037 automatic tuning of that socket's send buffer size, in which case
1042 tcp_notsent_lowat - UNSIGNED INTEGER
1046 socket value, and if the write queue is not full. sendmsg() will
1047 also not add new buffers if the limit is hit.
1050 sockets not using TCP_NOTSENT_LOWAT. For these sockets, a change
1055 tcp_workaround_signed_windows - BOOLEAN
1058 If unset, assume the remote TCP is not broken even if we do
1059 not receive a window scaling option from them.
1063 tcp_thin_linear_timeouts - BOOLEAN
1070 non-aggressive thin streams, often found to be time-dependent.
1072 Documentation/networking/tcp-thin.rst
1076 tcp_limit_output_bytes - INTEGER
1088 tcp_challenge_ack_limit - INTEGER
1090 in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
1092 attacks and probably should not be enabled.
1096 tcp_ehash_entries - INTEGER
1100 A negative value means the networking namespace does not own its
1103 tcp_child_ehash_entries - INTEGER
1107 If the value is not 0, the kernel uses a value rounded up to 2^n
1121 Possible values: 0, 2^n (n: 0 - 24 (16Mi))
1125 tcp_plb_enabled - BOOLEAN
1136 field, and currently no-op for IPv4 headers. It is possible
1149 tcp_plb_idle_rehash_rounds - INTEGER
1155 Possible Values: 0 - 31
1159 tcp_plb_rehash_rounds - INTEGER
1166 Possible Values: 0 - 31
1170 tcp_plb_suspend_rto_sec - INTEGER
1178 Possible Values: 0 - 255
1182 tcp_plb_cong_thresh - INTEGER
1187 The 0-1 fraction range is mapped to 0-256 range to avoid floating
1193 of congestion. This is not intended behavior for PLB and should be
1196 Possible Values: 0 - 256
1200 tcp_pingpong_thresh - INTEGER
1203 "ping-pong" (request-response) connection for which delayed
1209 Possible Values: 1 - 255
1213 tcp_rto_min_us - INTEGER
1222 Possible Values: 1 - INT_MAX
1229 udp_l3mdev_accept - BOOLEAN
1238 udp_mem - vector of 3 INTEGERs: min, pressure, max
1249 udp_rmem_min - INTEGER
1256 udp_wmem_min - INTEGER
1257 UDP does not have tx memory accounting and this tunable has no effect.
1259 udp_hash_entries - INTEGER
1263 A negative value means the networking namespace does not own its
1266 udp_child_ehash_entries - INTEGER
1270 If the value is not 0, the kernel uses a value rounded up to 2^n
1281 Possible values: 0, 2^n (n: 7 (128) - 16 (64K))
1289 raw_l3mdev_accept - BOOLEAN
1301 cipso_cache_enable - BOOLEAN
1310 cipso_cache_bucket_size - INTEGER
1320 cipso_rbm_optfmt - BOOLEAN
1323 This means that when set the CIPSO tag will be padded with empty
1324 categories in order to make the packet data 32-bit aligned.
1328 cipso_rbm_structvalid - BOOLEAN
1341 ip_local_port_range - 2 INTEGERS
1350 ip_local_reserved_ports - list of comma separated ranges
1351 Specify the ports which are reserved for known third-party
1352 applications. These ports will not be used by automatic port
1357 list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
1367 You can reserve ports which are not in the current
1381 Default: Empty
1383 ip_unprivileged_port_start - INTEGER
1384 This is a per-namespace sysctl. It defines the first
1387 To disable all privileged ports, set this to 0. They must not
1392 ip_nonlocal_bind - BOOLEAN
1393 If set, allows processes to bind() to non-local IP addresses,
1394 which can be quite useful - but may break some applications.
1398 ip_autobind_reuse - BOOLEAN
1399 By default, bind() does not select the ports automatically even if
1407 ip_dynaddr - INTEGER
1408 If set non-zero, enables support for dynamic addresses.
1409 If set to a non-zero value larger than 1, a kernel log
1415 ip_early_demux - BOOLEAN
1425 ping_group_range - 2 INTEGERS
1427 The default is "1 0", meaning, that nobody (not even root) may
1430 4294967294" would enable it for the users, but not daemons.
1432 tcp_early_demux - BOOLEAN
1437 udp_early_demux - BOOLEAN
1443 icmp_echo_ignore_all - BOOLEAN
1444 If set non-zero, then the kernel will ignore all ICMP ECHO
1449 icmp_echo_enable_probe - BOOLEAN
1455 icmp_echo_ignore_broadcasts - BOOLEAN
1456 If set non-zero, then the kernel will ignore all ICMP ECHO and
1461 icmp_ratelimit - INTEGER
1471 icmp_msgs_per_sec - INTEGER
1479 icmp_msgs_burst - INTEGER
1486 icmp_ratemask - INTEGER
1513 icmp_ignore_bogus_error_responses - BOOLEAN
1516 If this is set to TRUE, the kernel will not give such warnings, which
1521 icmp_errors_use_inbound_ifaddr - BOOLEAN
1526 If non-zero, the message will be sent with the primary address of
1533 then the primary address of the first non-loopback interface that
1538 igmp_max_memberships - INTEGER
1542 Theoretical maximum value is bounded by having to send a membership
1550 M = 65536-sizeof (ip header)/(sizeof(Group record))
1553 So net.ipv4.igmp_max_memberships should not be set higher than:
1555 (65536-24) / 12 = 5459
1560 igmp_max_msf - INTEGER
1566 igmp_qrv - INTEGER
1573 force_igmp_version - INTEGER
1574 - 0 - (default) No enforcement of a IGMP version, IGMPv1/v2 fallback
1577 - 1 - Enforce to use IGMP version 1. Will also reply IGMPv1 report if
1579 - 2 - Enforce to use IGMP version 2. Will fallback to IGMPv1 if receive
1581 - 3 - Enforce to use IGMP version 3. The same react with default 0.
1585 this is not the same with force_mld_version because IGMPv3 RFC3376
1586 Security Considerations does not have clear description that we could
1597 log_martians - BOOLEAN
1603 accept_redirects - BOOLEAN
1607 - both conf/{all,interface}/accept_redirects are TRUE in the case
1612 - at least one of conf/{all,interface}/accept_redirects is TRUE in the
1619 - TRUE (host)
1620 - FALSE (router)
1622 forwarding - BOOLEAN
1626 mc_forwarding - BOOLEAN
1632 medium_id - INTEGER
1637 to its medium, value of -1 means that medium is not known.
1643 proxy_arp - BOOLEAN
1650 proxy_arp_pvlan - BOOLEAN
1657 3069, where the individual ports are NOT allowed to
1668 Hewlett-Packard call it Source-Port filtering or port-isolation.
1669 Ericsson call it MAC-Forced Forwarding (RFC Draft).
1671 proxy_delay - INTEGER
1679 shared_media - BOOLEAN
1680 Send(router) or accept(host) RFC1620 shared media redirects.
1689 secure_redirects - BOOLEAN
1702 send_redirects - BOOLEAN
1703 Send redirects, if router.
1711 bootp_relay - BOOLEAN
1713 not to this host as local ones. It is supposed, that
1720 Not Implemented Yet.
1722 accept_source_route - BOOLEAN
1729 - TRUE (router)
1730 - FALSE (host)
1732 accept_local - BOOLEAN
1738 route_localnet - BOOLEAN
1739 Do not consider loopback addresses as martian source or destination
1744 rp_filter - INTEGER
1745 - 0 - No source validation.
1746 - 1 - Strict mode as defined in RFC3704 Strict Reverse Path
1748 is not the best reverse path the packet check will fail.
1750 - 2 - Loose mode as defined in RFC3704 Loose Reverse Path
1752 and if the source address is not reachable via any interface
1765 src_valid_mark - BOOLEAN
1766 - 0 - The fwmark of the packet is not included in reverse path
1771 - 1 - The fwmark of the packet is included in reverse path route
1784 arp_filter - BOOLEAN
1785 - 1 - Allows you to have multiple network interfaces on the same
1787 based on whether or not the kernel would route a packet from
1792 - 0 - (default) The kernel can respond to arp requests with addresses
1795 IP addresses are owned by the complete host on Linux, not by
1796 particular interfaces. Only for more complex setups like load-
1803 arp_announce - INTEGER
1808 - 0 - (default) Use any local address, configured on any interface
1809 - 1 - Try to avoid local addresses that are not in the target's
1818 - 2 - Always use the best local address for this target.
1835 arp_ignore - INTEGER
1839 - 0 - (default): reply for any local target IP address, configured
1841 - 1 - reply only if the target IP address is local address
1843 - 2 - reply only if the target IP address is local address
1846 - 3 - do not reply for local addresses configured with scope host,
1848 - 4-7 - reserved
1849 - 8 - do not reply for all local addresses
1854 arp_notify - BOOLEAN
1863 arp_accept - INTEGER
1865 that are not already present in the ARP table:
1867 - 0 - don't create new entries in the ARP table
1868 - 1 - create new entries in the ARP table
1869 - 2 - create new entries only if the source IP address is in the same
1880 arp_evict_nocarrier - BOOLEAN
1882 wireless devices where the ARP cache should not be cleared when roaming
1886 - 1 - (default): Clear the ARP cache on NOCARRIER events
1887 - 0 - Do not clear ARP cache on NOCARRIER events
1889 mcast_solicit - INTEGER
1894 ucast_solicit - INTEGER
1898 app_solicit - INTEGER
1899 The maximum number of probes to send to the user space ARP daemon
1903 mcast_resolicit - INTEGER
1907 disable_policy - BOOLEAN
1910 disable_xfrm - BOOLEAN
1913 igmpv2_unsolicited_report_interval - INTEGER
1919 igmpv3_unsolicited_report_interval - INTEGER
1925 ignore_routes_with_linkdown - BOOLEAN
1928 promote_secondaries - BOOLEAN
1933 drop_unicast_in_l2_multicast - BOOLEAN
1934 Drop any unicast IP packets that are received in link-layer
1942 drop_gratuitous_arp - BOOLEAN
1944 good ARP proxy on the network and such frames need not be used
1945 (or in the case of 802.11, must not be used to prevent attacks.)
1950 tag - INTEGER
1955 xfrm4_gc_thresh - INTEGER
1956 (Obsolete since linux-4.14)
1961 igmp_link_local_mcast_reports - BOOLEAN
1972 - Andi Kleen
1974 - Nicolas Delon
1986 bindv6only - BOOLEAN
1991 - TRUE: disable IPv4-mapped address feature
1992 - FALSE: enable IPv4-mapped address feature
1996 flowlabel_consistency - BOOLEAN
2001 - TRUE: enabled
2002 - FALSE: disabled
2006 auto_flowlabels - INTEGER
2025 flowlabel_state_ranges - BOOLEAN
2026 Split the flow label number space into two ranges. 0-0x7FFFF is
2027 reserved for the IPv6 flow manager facility, 0x80000-0xFFFFF
2030 - TRUE: enabled
2031 - FALSE: disabled
2035 flowlabel_reflect - INTEGER
2039 https://tools.ietf.org/html/draft-wang-6man-flow-label-reflection-01
2043 - 1: enabled for established flows
2046 in "tcp: change IPv6 flow-label upon receiving spurious retransmission"
2049 - 2: enabled for TCP RESET packets (no active listener)
2053 - 4: enabled for ICMPv6 echo reply messages.
2057 fib_multipath_hash_policy - INTEGER
2064 - 0 - Layer 3 (source and destination addresses plus flow label)
2065 - 1 - Layer 4 (standard 5-tuple)
2066 - 2 - Layer 3 or inner Layer 3 if present
2067 - 3 - Custom multipath hash. Fields used for multipath hash calculation
2070 fib_multipath_hash_fields - UNSIGNED INTEGER
2097 anycast_src_echo_reply - BOOLEAN
2101 - TRUE: enabled
2102 - FALSE: disabled
2106 idgen_delay - INTEGER
2113 idgen_retries - INTEGER
2119 mld_qrv - INTEGER
2126 max_dst_opts_number - INTEGER
2127 Maximum number of non-padding TLVs allowed in a Destination
2134 max_hbh_opts_number - INTEGER
2135 Maximum number of non-padding TLVs allowed in a Hop-by-Hop
2142 max_dst_opts_length - INTEGER
2148 max_hbh_length - INTEGER
2149 Maximum length allowed for a Hop-by-Hop options extension
2154 skip_notify_on_dev_down - BOOLEAN
2156 removed when a device is taken down or deleted. IPv4 does not
2163 nexthop_compat_mode - BOOLEAN
2174 Note that as a backward-compatible mode, dumping of modern features
2175 might be incomplete or wrong. For example, resilient groups will not be
2177 do not fit into 8 bits will show incorrectly.
2181 fib_notify_on_flag_change - INTEGER
2187 but not necessarily in hardware.
2192 The notifications will indicate to user-space the state of the route.
2194 Default: 0 (Do not emit notifications.)
2198 - 0 - Do not emit notifications.
2199 - 1 - Emit notifications.
2200 - 2 - Emit notifications only for RTM_F_OFFLOAD_FAILED flag change.
2202 ioam6_id - INTEGER
2210 ioam6_id_wide - LONG INTEGER
2221 ip6frag_high_thresh - INTEGER
2227 ip6frag_low_thresh - INTEGER
2230 ip6frag_time - INTEGER
2234 Change the interface-specific default settings.
2240 Change all the interface-specific settings.
2244 conf/all/disable_ipv6 - BOOLEAN
2246 setting and also all per-interface ``disable_ipv6`` settings to the same
2249 Reading this value does not have any particular meaning. It does not say
2254 conf/all/forwarding - BOOLEAN
2258 to control which interfaces may forward packets and which not.
2265 proxy_ndp - BOOLEAN
2268 fwmark_reflect - BOOLEAN
2269 Controls the fwmark of kernel-generated IPv6 reply packets that are not
2280 depending on whether local forwarding is enabled or not.
2282 accept_ra - INTEGER
2285 It also determines whether or not to transmit Router
2293 0 Do not accept Router Advertisements.
2301 - enabled if local forwarding is disabled.
2302 - disabled if local forwarding is enabled.
2304 accept_ra_defrtr - BOOLEAN
2309 - enabled if accept_ra is enabled.
2310 - disabled if accept_ra is disabled.
2312 ra_defrtr_metric - UNSIGNED INTEGER
2322 accept_ra_from_local - BOOLEAN
2323 Accept RA with source-address that is found on local machine
2326 Default is to NOT accept these as it may be an un-intended
2331 - enabled if accept_ra_from_local is enabled
2333 - disabled if accept_ra_from_local is disabled
2336 accept_ra_min_hop_limit - INTEGER
2344 accept_ra_min_lft - INTEGER
2352 accept_ra_pinfo - BOOLEAN
2357 - enabled if accept_ra is enabled.
2358 - disabled if accept_ra is disabled.
2360 ra_honor_pio_life - BOOLEAN
2365 - If enabled, the PIO valid lifetime will always be honored.
2366 - If disabled, RFC4862 section 5.5.3e is used to determine
2371 ra_honor_pio_pflag - BOOLEAN
2372 The Prefix Information Option P-flag indicates the network can
2373 allocate a unique IPv6 prefix per client using DHCPv6-PD.
2374 This sysctl can be enabled when a userspace DHCPv6-PD client
2375 is running to cause the P-flag to take effect: i.e. the
2376 P-flag suppresses any effects of the A-flag within the same
2379 - If disabled, the P-flag is ignored.
2380 - If enabled, the P-flag will disable SLAAC autoconfiguration
2385 accept_ra_rt_info_min_plen - INTEGER
2394 * -1 if accept_ra_rtr_pref is disabled.
2396 accept_ra_rt_info_max_plen - INTEGER
2405 * -1 if accept_ra_rtr_pref is disabled.
2407 accept_ra_rtr_pref - BOOLEAN
2412 - enabled if accept_ra is enabled.
2413 - disabled if accept_ra is disabled.
2415 accept_ra_mtu - BOOLEAN
2421 - enabled if accept_ra is enabled.
2422 - disabled if accept_ra is disabled.
2424 accept_redirects - BOOLEAN
2429 - enabled if local forwarding is disabled.
2430 - disabled if local forwarding is enabled.
2432 accept_source_route - INTEGER
2435 - >= 0: Accept only routing header type 2.
2436 - < 0: Do not accept routing header.
2440 autoconf - BOOLEAN
2446 - enabled if accept_ra_pinfo is enabled.
2447 - disabled if accept_ra_pinfo is disabled.
2449 dad_transmits - INTEGER
2450 The amount of Duplicate Address Detection probes to send.
2454 forwarding - INTEGER
2455 Configure interface-specific Host/Router behaviour.
2464 - 0 Forwarding disabled
2465 - 1 Forwarding enabled
2471 1. IsRouter flag is not set in Neighbour Advertisements.
2484 2. Router Solicitations are not sent unless accept_ra is 2.
2491 hop_limit - INTEGER
2496 mtu - INTEGER
2501 ip_nonlocal_bind - BOOLEAN
2502 If set, allows processes to bind() to non-local IPv6 addresses,
2503 which can be quite useful - but may break some applications.
2507 router_probe_interval - INTEGER
2513 router_solicitation_delay - INTEGER
2519 router_solicitation_interval - INTEGER
2524 router_solicitations - INTEGER
2525 Number of Router Solicitations to send until assuming no
2530 use_oif_addrs_only - BOOLEAN
2537 use_tempaddr - INTEGER
2549 * -1 (for point-to-point devices and loopback devices)
2551 temp_valid_lft - INTEGER
2553 minimum required lifetime (typically 5-7 seconds), temporary addresses
2554 will not be created.
2558 temp_prefered_lft - INTEGER
2561 5-7 seconds), the preferred lifetime is the minimum required. If
2567 keep_addr_on_down - INTEGER
2569 global addresses with no expiration time are not flushed.
2577 max_desync_factor - INTEGER
2585 regen_min_advance - INTEGER
2591 does not conform to RFC 8981.
2595 regen_max_retry - INTEGER
2601 max_addresses - INTEGER
2603 to zero disables the limitation. It is not recommended to set this
2609 disable_ipv6 - BOOLEAN
2611 will be dynamically set to TRUE if DAD fails for the link-local
2617 it will dynamically create a link-local address on the given
2622 interface. From now on it will not possible to add addresses/routes
2625 accept_dad - INTEGER
2631 2 Enable DAD, and disable IPv6 operation if MAC-based duplicate
2632 link-local address has been found.
2638 force_tllao - BOOLEAN
2639 Enable sending the target link-layer address option even when
2644 Quoting from RFC 2461, section 4.4, Target link-layer address:
2648 does not have a cache entry to return a Neighbor Advertisements
2650 omitted since the sender of the solicitation has the correct link-
2651 layer address; otherwise it would not have be able to send the unicast
2652 solicitation in the first place. However, including the link-layer
2654 race condition where the sender deletes the cached link-layer address
2657 ndisc_notify - BOOLEAN
2660 * 0 - (default): do nothing
2661 * 1 - Generate unsolicited neighbour advertisements when device is brought
2664 ndisc_tclass - INTEGER
2672 * 0 - (default)
2674 ndisc_evict_nocarrier - BOOLEAN
2677 not be cleared when roaming between access points on the same network.
2680 - 1 - (default): Clear neighbor discover cache on NOCARRIER events.
2681 - 0 - Do not clear neighbor discovery cache on NOCARRIER events.
2683 mldv1_unsolicited_report_interval - INTEGER
2689 mldv2_unsolicited_report_interval - INTEGER
2695 force_mld_version - INTEGER
2696 * 0 - (default) No enforcement of a MLD version, MLDv1 fallback allowed
2697 * 1 - Enforce to use MLD version 1
2698 * 2 - Enforce to use MLD version 2
2700 suppress_frag_ndisc - INTEGER
2704 * 1 - (default) discard fragmented neighbor discovery packets
2705 * 0 - allow fragmented neighbor discovery packets
2707 optimistic_dad - BOOLEAN
2717 use_optimistic - BOOLEAN
2718 If enabled, do not classify optimistic addresses as deprecated during
2729 stable_secret - IPv6 address
2731 addresses for link-local addresses and autoconfigured
2734 addrgenmode ip-link. conf/default/stable_secret is used as the
2743 addr_gen_mode - INTEGER
2744 Defines how link-local and autoconf addresses are generated.
2748 1 do no generate a link-local address, use EUI64 for addresses
2755 drop_unicast_in_l2_multicast - BOOLEAN
2756 Drop any unicast IPv6 packets that are received in link-layer
2761 drop_unsolicited_na - BOOLEAN
2763 a known good NA proxy on the network and such frames need not be used
2764 (or in the case of 802.11, must not be used to prevent attacks.)
2768 accept_untracked_na - INTEGER
2772 - 0 - (default) Do not accept unsolicited and untracked neighbor
2775 - 1 - Add a new neighbor cache entry in STALE state for routers on
2777 with target link-layer address option specified if no neighbor entry
2782 This is as per router-side behavior documented in RFC9131.
2786 This will optimize the return path for the initial off-link
2788 ensuring that the first-hop router which turns on this setting doesn't
2789 have to buffer the initial return packets to do neighbor-solicitation.
2790 The prerequisite is that the host is configured to send unsolicited
2795 - 2 - Extend option (1) to add a new neighbor cache entry only if the
2799 enhanced_dad - BOOLEAN
2803 detection of duplicates due to loopback of the NS messages that we send.
2812 ratelimit - INTEGER
2820 ratemask - list of comma separated ranges
2825 list of ranges (e.g. "0-127,129" for ICMPv6 message type 0 to 127 and
2829 Refer to: https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml
2833 Default: 0-1,3-127 (rate limit ICMPv6 errors except Packet Too Big)
2835 echo_ignore_all - BOOLEAN
2836 If set non-zero, then the kernel will ignore all ICMP ECHO
2841 echo_ignore_multicast - BOOLEAN
2842 If set non-zero, then the kernel will ignore all ICMP ECHO
2847 echo_ignore_anycast - BOOLEAN
2848 If set non-zero, then the kernel will ignore all ICMP ECHO
2853 error_anycast_as_unicast - BOOLEAN
2860 xfrm6_gc_thresh - INTEGER
2861 (Obsolete since linux-4.14)
2869 YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
2875 bridge-nf-call-arptables - BOOLEAN
2876 - 1 : pass bridged ARP traffic to arptables' FORWARD chain.
2877 - 0 : disable this.
2881 bridge-nf-call-iptables - BOOLEAN
2882 - 1 : pass bridged IPv4 traffic to iptables' chains.
2883 - 0 : disable this.
2887 bridge-nf-call-ip6tables - BOOLEAN
2888 - 1 : pass bridged IPv6 traffic to ip6tables' chains.
2889 - 0 : disable this.
2893 bridge-nf-filter-vlan-tagged - BOOLEAN
2894 - 1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
2895 - 0 : disable this.
2899 bridge-nf-filter-pppoe-tagged - BOOLEAN
2900 - 1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
2901 - 0 : disable this.
2905 bridge-nf-pass-vlan-input-dev - BOOLEAN
2906 - 1: if bridge-nf-filter-vlan-tagged is enabled, try to find a vlan
2908 vlan. This allows use of e.g. "iptables -i br0.1" and makes the
2909 REDIRECT target work with vlan-on-top-of-bridge interfaces. When no
2913 - 0: disable bridge netfilter vlan interface lookup.
2920 addip_enable - BOOLEAN
2922 (ADD-IP) functionality specified in RFC5061. This extension provides
2932 pf_enable - INTEGER
2942 https://datatracker.ietf.org/doc/draft-ietf-tsvwg-sctp-failover for
2951 pf_expose - INTEGER
2956 SCTP_ADDR_PF state will be sent and a SCTP_PF-state transport info
2959 SCTP_PF state and a SCTP_PF-state transport info can be got via
2961 SCTP_PEER_ADDR_CHANGE event will be sent and it returns -EACCES when
2962 trying to get a SCTP_PF-state transport info via SCTP_GET_PEER_ADDR_INFO
2973 addip_noauth_enable - BOOLEAN
2974 Dynamic Address Reconfiguration (ADD-IP) requires the use of
2977 would not be able to hijack associations. However, older
2978 implementations may not have implemented this requirement while
2979 allowing the ADD-IP extension. For reasons of interoperability,
2984 1 Allow ADD-IP extension to be used without authentication. This
2993 auth_enable - BOOLEAN
2995 provides the ability to send and receive authenticated chunks and is
2997 (ADD-IP) extension.
2999 - 1: Enable this extension.
3000 - 0: Disable this extension.
3004 prsctp_enable - BOOLEAN
3008 - 1: Enable extension
3009 - 0: Disable
3013 max_burst - INTEGER
3019 association_max_retrans - INTEGER
3026 max_init_retransmits - INTEGER
3027 The maximum number of retransmissions of INIT and COOKIE-ECHO chunks
3033 path_max_retrans - INTEGER
3041 pf_retrans - INTEGER
3049 http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
3057 ps_retrans - INTEGER
3059 from section-5 "Primary Path Switchover" in rfc7829. The primary path
3069 rto_initial - INTEGER
3076 rto_max - INTEGER
3082 rto_min - INTEGER
3088 hb_interval - INTEGER
3095 sack_timeout - INTEGER
3097 to send a SACK.
3101 valid_cookie_life - INTEGER
3107 cookie_preserve_enable - BOOLEAN
3111 - 1: Enable cookie lifetime extension.
3112 - 0: Disable
3116 cookie_hmac_alg - STRING
3118 a listening sctp socket to a connecting client in the INIT-ACK chunk.
3132 rcvbuf_policy - INTEGER
3143 - 1: rcvbuf space is per association
3144 - 0: rcvbuf space is per socket
3148 sndbuf_policy - INTEGER
3149 Similar to rcvbuf_policy above, this applies to send buffer space.
3151 - 1: Send buffer is tracked per association
3152 - 0: Send buffer is tracked per socket.
3156 sctp_mem - vector of 3 INTEGERs: min, pressure, max
3159 min: Below this number of pages SCTP is not bothered about its
3169 sctp_rmem - vector of 3 INTEGERs: min, default, max
3174 It is guaranteed to each SCTP socket (but not association) even
3179 sctp_wmem - vector of 3 INTEGERs: min, default, max
3183 min: Minimum size of send buffer that can be used by SCTP sockets.
3184 It is guaranteed to each SCTP socket (but not association) even
3189 addr_scope_policy - INTEGER
3190 Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
3192 - 0 - Disable IPv4 address scoping
3193 - 1 - Enable IPv4 address scoping
3194 - 2 - Follow draft but allow IPv4 private addresses
3195 - 3 - Follow draft but allow IPv4 link local addresses
3199 udp_port - INTEGER
3201 using the IANA-assigned UDP port number 9899 (sctp-tunneling).
3203 This UDP sock is used for processing the incoming UDP-encapsulated
3209 for the outgoing UDP-encapsulated SCTP packets. For the dest port,
3214 encap_port - INTEGER
3218 outgoing UDP-encapsulated SCTP packets by default. Users can also
3230 plpmtud_probe_interval - INTEGER
3242 reconf_enable - BOOLEAN
3248 - 1: Enable extension.
3249 - 0: Disable extension.
3253 intl_enable - BOOLEAN
3256 messages sent on different streams. With this feature enabled, I-DATA
3262 - 1: Enable extension.
3263 - 0: Disable extension.
3267 ecn_enable - BOOLEAN
3279 l3mdev_accept - BOOLEAN
3292 Please see: Documentation/admin-guide/sysctl/net.rst for descriptions of these entries.
3298 max_dgram_qlen - INTEGER