Lines Matching +full:can +full:- +full:disable
1 .. SPDX-License-Identifier: GPL-2.0
10 ip_forward - BOOLEAN
11 - 0 - disabled (default)
12 - not 0 - enabled
20 ip_default_ttl - INTEGER
25 ip_no_pmtu_disc - INTEGER
26 Disable Path MTU Discovery. If enabled in mode 1 and a
27 fragmentation-required ICMP is received, the PMTU to this
38 accept fragmentation-needed errors if the underlying protocol
39 can verify them besides a plain socket lookup. Current
48 Possible values: 0-3
52 min_pmtu - INTEGER
53 default 552 - minimum Path MTU. Unless this is changed manually,
56 ip_forward_use_pmtu - BOOLEAN
58 because they could be easily forged and can lead to unwanted
60 You only need to enable this if you have user-space software
69 - 0 - disabled
70 - 1 - enabled
72 fwmark_reflect - BOOLEAN
73 Controls the fwmark of kernel-generated IPv4 reply packets that are not
80 fib_multipath_use_neigh - BOOLEAN
90 - 0 - disabled
91 - 1 - enabled
93 fib_multipath_hash_policy - INTEGER
101 - 0 - Layer 3
102 - 1 - Layer 4
103 - 2 - Layer 3 or inner Layer 3 if present
104 - 3 - Custom multipath hash. Fields used for multipath hash calculation
107 fib_multipath_hash_fields - UNSIGNED INTEGER
134 fib_sync_mem - UNSIGNED INTEGER
135 Amount of dirty memory from fib entries that can be backlogged before
140 ip_forward_update_priority - INTEGER
143 according to an rt_tos2priority table (see e.g. man tc-prio).
149 - 0 - Do not update priority.
150 - 1 - Update priority.
152 route/max_size - INTEGER
162 neigh/default/gc_thresh1 - INTEGER
168 neigh/default/gc_thresh2 - INTEGER
175 neigh/default/gc_thresh3 - INTEGER
176 Maximum number of non-PERMANENT neighbor entries allowed. Increase
178 with large numbers of directly-connected peers.
182 neigh/default/unres_qlen_bytes - INTEGER
195 neigh/default/unres_qlen - INTEGER
208 neigh/default/interval_probe_time_ms - INTEGER
214 mtu_expires - INTEGER
217 min_adv_mss - INTEGER
221 fib_notify_on_flag_change - INTEGER
230 trapping packets can be "promoted" to perform decapsulation following
232 The notifications will indicate to user-space the state of the route.
238 - 0 - Do not emit notifications.
239 - 1 - Emit notifications.
240 - 2 - Emit notifications only for RTM_F_OFFLOAD_FAILED flag change.
244 ipfrag_high_thresh - LONG INTEGER
247 ipfrag_low_thresh - LONG INTEGER
248 (Obsolete since linux-4.17)
253 ipfrag_time - INTEGER
256 ipfrag_max_dist - INTEGER
257 ipfrag_max_dist is a non-negative integer value which defines the
264 is done on fragments before they are added to a reassembly queue - if
271 Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can
279 bc_forwarding - INTEGER
280 bc_forwarding enables the feature described in rfc1812#section-5.3.5.2
289 inet_peer_threshold - INTEGER
292 entries' time-to-live and time intervals between garbage collection
293 passes. More entries, less time-to-live, less GC interval.
295 inet_peer_minttl - INTEGER
296 Minimum time-to-live of entries. Should be enough to cover fragment
297 time-to-live on the reassembling side. This minimum time-to-live is
301 inet_peer_maxttl - INTEGER
302 Maximum time-to-live of entries. Unused entries will expire after
310 somaxconn - INTEGER
312 Defaults to 4096. (Was 128 before linux-5.4)
315 tcp_abort_on_overflow - BOOLEAN
321 option can harm clients of your server.
323 tcp_adv_win_scale - INTEGER
324 Obsolete since linux-6.6
326 (if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
329 Possible values are [-31, 31], inclusive.
333 tcp_allowed_congestion_control - STRING
334 Show/set the congestion control choices available to non-privileged
340 tcp_app_win - INTEGER
348 tcp_autocorking - BOOLEAN
354 queue. Applications can still use TCP_CORK for optimal behavior
359 tcp_available_congestion_control - STRING
364 tcp_base_mss - INTEGER
369 tcp_mtu_probe_floor - INTEGER
375 tcp_min_snd_mss - INTEGER
384 tcp_congestion_control - STRING
394 tcp_dsack - BOOLEAN
397 tcp_early_retrans - INTEGER
399 losses into fast recovery (draft-ietf-tcpm-rack). Note that
404 - 0 disables TLP
405 - 3 or 4 enables TLP
409 tcp_ecn - INTEGER
419 0 Disable ECN. Neither initiate nor accept ECN.
428 tcp_ecn_fallback - BOOLEAN
430 back to non-ECN. Currently, this knob implements the fallback
438 tcp_fack - BOOLEAN
441 tcp_fin_timeout - INTEGER
445 valid "receive only" state for an un-orphaned connection, an
453 tcp_frto - INTEGER
454 Enables Forward RTO-Recovery (F-RTO) defined in RFC5682.
455 F-RTO is an enhanced recovery algorithm for TCP retransmission
457 RTT fluctuates (e.g., wireless). F-RTO is sender-side only
460 By default it's enabled with a non-zero value. 0 disables F-RTO.
462 tcp_fwmark_accept - BOOLEAN
473 tcp_invalid_ratelimit - INTEGER
478 (a) out-of-window sequence number,
479 (b) out-of-window acknowledgment number, or
482 This can help mitigate simple "ack loop" DoS attacks, wherein
483 a buggy or malicious middlebox or man-in-the-middle can
489 Using 0 disables rate-limiting of dupacks in response to
495 tcp_keepalive_time - INTEGER
499 tcp_keepalive_probes - INTEGER
503 tcp_keepalive_intvl - INTEGER
509 tcp_l3mdev_accept - BOOLEAN
519 tcp_low_latency - BOOLEAN
522 tcp_max_orphans - INTEGER
534 tcp_max_syn_backlog - INTEGER
538 This is a per-listener limit.
548 tcp_max_tw_buckets - INTEGER
550 If this number is exceeded time-wait socket is immediately destroyed
556 tcp_mem - vector of 3 INTEGERs: min, pressure, max
570 tcp_min_rtt_wlen - INTEGER
577 Possible values: 0 - 86400 (1 day)
581 tcp_moderate_rcvbuf - BOOLEAN
582 If set, TCP performs receive buffer auto-tuning, attempting to
587 tcp_mtu_probing - INTEGER
588 Controls TCP Packetization-Layer Path MTU Discovery. Takes three
591 - 0 - Disabled
592 - 1 - Disabled by default, enabled when an ICMP black hole detected
593 - 2 - Always enabled, use initial MSS of tcp_base_mss.
595 tcp_probe_interval - UNSIGNED INTEGER
596 Controls how often to start TCP Packetization-Layer Path MTU
600 tcp_probe_threshold - INTEGER
601 Controls when TCP Packetization-Layer Path MTU Discovery probing
605 tcp_no_metrics_save - BOOLEAN
608 near future can use these to set initial conditions. Usually, this
613 tcp_no_ssthresh_metrics_save - BOOLEAN
618 tcp_orphan_retries - INTEGER
629 tcp_recovery - INTEGER
645 tcp_reflect_tos - BOOLEAN
655 tcp_reordering - INTEGER
657 TCP stack can then dynamically adjust flow reordering level
662 tcp_max_reordering - INTEGER
669 tcp_retrans_collapse - BOOLEAN
670 Bug-to-bug compatibility with some broken printers.
674 tcp_retries1 - INTEGER
683 tcp_retries2 - INTEGER
698 tcp_rfc1337 - BOOLEAN
705 tcp_rmem - vector of 3 INTEGERs: min, default, max
724 tcp_sack - BOOLEAN
727 tcp_comp_sack_delay_ns - LONG INTEGER
734 tcp_comp_sack_slack_ns - LONG INTEGER
742 tcp_comp_sack_nr - INTEGER
743 Max number of SACK that can be compressed.
748 tcp_backlog_ack_defer - BOOLEAN
755 tcp_slow_start_after_idle - BOOLEAN
763 tcp_stdurg - BOOLEAN
770 tcp_synack_retries - INTEGER
777 tcp_syncookies - INTEGER
792 to use TCP extensions, can result in serious degradation
799 network connections you can set this knob to 2 to enable
802 tcp_migrate_req - BOOLEAN
804 the initial SYN packet is received during the three-way handshake.
805 When a listener is closed, in-flight request sockets during the
823 disable this option.
827 tcp_fastopen - INTEGER
838 the option value being the length of the syn-data backlog.
846 application before 3-way handshake finishes.
849 0x200 (server) accept data-in-SYN w/o any cookie option present.
859 tcp_fastopen_blackhole_timeout_sec - INTEGER
860 Initial time period in second to disable Fastopen on active TCP sockets
863 get detected right after Fastopen is re-enabled and will reset to
865 0 to disable the blackhole detection.
869 tcp_fastopen_key - list of comma separated 32-digit hexadecimal INTEGERs
880 per-socket keys will be used instead of any keys that are specified via
883 A key is specified as 4 8-digit hexadecimal integers which are separated
884 by a '-' as: xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx. Leading zeros may be
889 tcp_syn_retries - INTEGER
897 tcp_timestamps - INTEGER
900 - 0: Disabled.
901 - 1: Enable timestamps as defined in RFC1323 and use random offset for
903 - 2: Like 1, but without random offsets.
907 tcp_min_tso_segs - INTEGER
910 Since linux-3.12, TCP does an automatic sizing of TSO frames,
918 tcp_tso_rtt_log - INTEGER
921 Starting from linux-5.18, TCP autosizing can be tweaked
927 tso_packet_size = sk->sk_pacing_rate / 1024;
934 This means that flows between very close hosts can use bigger
941 tcp_pacing_ss_ratio - INTEGER
942 sk->sk_pacing_rate is set by TCP stack using a ratio applied
945 to let TCP probe for bigger speeds, assuming cwnd can be
950 tcp_pacing_ca_ratio - INTEGER
951 sk->sk_pacing_rate is set by TCP stack using a ratio applied
958 tcp_syn_linear_timeouts - INTEGER
968 tcp_tso_win_divisor - INTEGER
970 can be consumed by a single TSO frame.
976 tcp_tw_reuse - INTEGER
977 Enable reuse of TIME-WAIT sockets for new connections when it is
980 - 0 - disable
981 - 1 - global enable
982 - 2 - enable for loopback traffic only
989 tcp_window_scaling - BOOLEAN
992 tcp_shrink_window - BOOLEAN
996 window can be offered, and that TCP implementations MUST ensure
999 - 0 - Disabled. The window is never shrunk.
1000 - 1 - Enabled. The window is shrunk when necessary to remain within
1002 This only occurs if a non-zero receive window
1007 tcp_wmem - vector of 3 INTEGERs: min, default, max
1028 tcp_notsent_lowat - UNSIGNED INTEGER
1029 A TCP socket can control the amount of unsent bytes in its write queue,
1041 tcp_workaround_signed_windows - BOOLEAN
1049 tcp_thin_linear_timeouts - BOOLEAN
1056 non-aggressive thin streams, often found to be time-dependent.
1058 Documentation/networking/tcp-thin.rst
1062 tcp_limit_output_bytes - INTEGER
1065 gets losses notifications. With SNDBUF autotuning, this can
1074 tcp_challenge_ack_limit - INTEGER
1076 in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
1077 Note that this per netns rate limit can allow some side channel
1082 tcp_ehash_entries - INTEGER
1089 tcp_child_ehash_entries - INTEGER
1107 Possible values: 0, 2^n (n: 0 - 24 (16Mi))
1111 tcp_plb_enabled - BOOLEAN
1122 field, and currently no-op for IPv4 headers. It is possible
1135 tcp_plb_idle_rehash_rounds - INTEGER
1137 a rehash can be performed, given there are no packets in flight.
1141 Possible Values: 0 - 31
1145 tcp_plb_rehash_rounds - INTEGER
1147 a forced rehash can be performed. Be careful when setting this
1152 Possible Values: 0 - 31
1156 tcp_plb_suspend_rto_sec - INTEGER
1164 Possible Values: 0 - 255
1168 tcp_plb_cong_thresh - INTEGER
1173 The 0-1 fraction range is mapped to 0-256 range to avoid floating
1182 Possible Values: 0 - 256
1186 tcp_pingpong_thresh - INTEGER
1189 "ping-pong" (request-response) connection for which delayed
1190 acknowledgments can provide benefits.
1195 Possible Values: 1 - 255
1202 udp_l3mdev_accept - BOOLEAN
1211 udp_mem - vector of 3 INTEGERs: min, pressure, max
1222 udp_rmem_min - INTEGER
1229 udp_wmem_min - INTEGER
1232 udp_hash_entries - INTEGER
1239 udp_child_ehash_entries - INTEGER
1254 Possible values: 0, 2^n (n: 7 (128) - 16 (64K))
1262 raw_l3mdev_accept - BOOLEAN
1274 cipso_cache_enable - BOOLEAN
1278 invalidated when required when means you can safely toggle this on and
1283 cipso_cache_bucket_size - INTEGER
1287 more CIPSO label mappings that can be cached. When the number of
1293 cipso_rbm_optfmt - BOOLEAN
1297 categories in order to make the packet data 32-bit aligned.
1301 cipso_rbm_structvalid - BOOLEAN
1314 ip_local_port_range - 2 INTEGERS
1323 ip_local_reserved_ports - list of comma separated ranges
1324 Specify the ports which are reserved for known third-party
1330 list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
1340 You can reserve ports which are not in the current
1356 ip_unprivileged_port_start - INTEGER
1357 This is a per-namespace sysctl. It defines the first
1360 To disable all privileged ports, set this to 0. They must not
1365 ip_nonlocal_bind - BOOLEAN
1366 If set, allows processes to bind() to non-local IP addresses,
1367 which can be quite useful - but may break some applications.
1371 ip_autobind_reuse - BOOLEAN
1380 ip_dynaddr - INTEGER
1381 If set non-zero, enables support for dynamic addresses.
1382 If set to a non-zero value larger than 1, a kernel log
1388 ip_early_demux - BOOLEAN
1394 reduces overall throughput, in such case you should disable it.
1398 ping_group_range - 2 INTEGERS
1405 tcp_early_demux - BOOLEAN
1410 udp_early_demux - BOOLEAN
1411 Enable early demux for connected UDP sockets. Disable this if
1416 icmp_echo_ignore_all - BOOLEAN
1417 If set non-zero, then the kernel will ignore all ICMP ECHO
1422 icmp_echo_enable_probe - BOOLEAN
1428 icmp_echo_ignore_broadcasts - BOOLEAN
1429 If set non-zero, then the kernel will ignore all ICMP ECHO and
1434 icmp_ratelimit - INTEGER
1437 0 to disable any limiting,
1444 icmp_msgs_per_sec - INTEGER
1452 icmp_msgs_burst - INTEGER
1459 icmp_ratemask - INTEGER
1486 icmp_ignore_bogus_error_responses - BOOLEAN
1494 icmp_errors_use_inbound_ifaddr - BOOLEAN
1499 If non-zero, the message will be sent with the primary address of
1502 a router. And it can make debugging complicated network layouts
1506 then the primary address of the first non-loopback interface that
1511 igmp_max_memberships - INTEGER
1512 Change the maximum number of multicast groups we can subscribe to.
1516 report in a single datagram (i.e. the report can't span multiple
1521 report entries you can fit into a single datagram of 65535 bytes.
1523 M = 65536-sizeof (ip header)/(sizeof(Group record))
1528 (65536-24) / 12 = 5459
1533 igmp_max_msf - INTEGER
1539 igmp_qrv - INTEGER
1546 force_igmp_version - INTEGER
1547 - 0 - (default) No enforcement of a IGMP version, IGMPv1/v2 fallback
1550 - 1 - Enforce to use IGMP version 1. Will also reply IGMPv1 report if
1552 - 2 - Enforce to use IGMP version 2. Will fallback to IGMPv1 if receive
1554 - 3 - Enforce to use IGMP version 3. The same react with default 0.
1570 log_martians - BOOLEAN
1576 accept_redirects - BOOLEAN
1580 - both conf/{all,interface}/accept_redirects are TRUE in the case
1585 - at least one of conf/{all,interface}/accept_redirects is TRUE in the
1592 - TRUE (host)
1593 - FALSE (router)
1595 forwarding - BOOLEAN
1597 received _on_ this interface can be forwarded.
1599 mc_forwarding - BOOLEAN
1605 medium_id - INTEGER
1607 are attached to. Two devices can have different id values when
1610 to its medium, value of -1 means that medium is not known.
1616 proxy_arp - BOOLEAN
1623 proxy_arp_pvlan - BOOLEAN
1641 Hewlett-Packard call it Source-Port filtering or port-isolation.
1642 Ericsson call it MAC-Forced Forwarding (RFC Draft).
1644 proxy_delay - INTEGER
1652 shared_media - BOOLEAN
1662 secure_redirects - BOOLEAN
1675 send_redirects - BOOLEAN
1684 bootp_relay - BOOLEAN
1695 accept_source_route - BOOLEAN
1702 - TRUE (router)
1703 - FALSE (host)
1705 accept_local - BOOLEAN
1707 suitable routing, this can be used to direct packets between two
1711 route_localnet - BOOLEAN
1717 rp_filter - INTEGER
1718 - 0 - No source validation.
1719 - 1 - Strict mode as defined in RFC3704 Strict Reverse Path
1723 - 2 - Loose mode as defined in RFC3704 Loose Reverse Path
1738 src_valid_mark - BOOLEAN
1739 - 0 - The fwmark of the packet is not included in reverse path
1744 - 1 - The fwmark of the packet is included in reverse path route
1757 arp_filter - BOOLEAN
1758 - 1 - Allows you to have multiple network interfaces on the same
1765 - 0 - (default) The kernel can respond to arp requests with addresses
1769 particular interfaces. Only for more complex setups like load-
1776 arp_announce - INTEGER
1781 - 0 - (default) Use any local address, configured on any interface
1782 - 1 - Try to avoid local addresses that are not in the target's
1791 - 2 - Always use the best local address for this target.
1808 arp_ignore - INTEGER
1812 - 0 - (default): reply for any local target IP address, configured
1814 - 1 - reply only if the target IP address is local address
1816 - 2 - reply only if the target IP address is local address
1819 - 3 - do not reply for local addresses configured with scope host,
1821 - 4-7 - reserved
1822 - 8 - do not reply for all local addresses
1827 arp_notify - BOOLEAN
1836 arp_accept - INTEGER
1840 - 0 - don't create new entries in the ARP table
1841 - 1 - create new entries in the ARP table
1842 - 2 - create new entries only if the source IP address is in the same
1853 arp_evict_nocarrier - BOOLEAN
1859 - 1 - (default): Clear the ARP cache on NOCARRIER events
1860 - 0 - Do not clear ARP cache on NOCARRIER events
1862 mcast_solicit - INTEGER
1867 ucast_solicit - INTEGER
1871 app_solicit - INTEGER
1876 mcast_resolicit - INTEGER
1880 disable_policy - BOOLEAN
1881 Disable IPSEC policy (SPD) for this interface
1883 disable_xfrm - BOOLEAN
1884 Disable IPSEC encryption on this interface, whatever the policy
1886 igmpv2_unsolicited_report_interval - INTEGER
1892 igmpv3_unsolicited_report_interval - INTEGER
1898 ignore_routes_with_linkdown - BOOLEAN
1901 promote_secondaries - BOOLEAN
1906 drop_unicast_in_l2_multicast - BOOLEAN
1907 Drop any unicast IP packets that are received in link-layer
1915 drop_gratuitous_arp - BOOLEAN
1923 tag - INTEGER
1924 Allows you to write a number, which can be used as required.
1928 xfrm4_gc_thresh - INTEGER
1929 (Obsolete since linux-4.14)
1934 igmp_link_local_mcast_reports - BOOLEAN
1945 - Andi Kleen
1947 - Nicolas Delon
1959 bindv6only - BOOLEAN
1964 - TRUE: disable IPv4-mapped address feature
1965 - FALSE: enable IPv4-mapped address feature
1969 flowlabel_consistency - BOOLEAN
1971 You have to disable it to use IPV6_FL_F_REFLECT flag on the
1974 - TRUE: enabled
1975 - FALSE: disabled
1979 auto_flowlabels - INTEGER
1987 1 automatic flow labels are enabled by default, they can be
1998 flowlabel_state_ranges - BOOLEAN
1999 Split the flow label number space into two ranges. 0-0x7FFFF is
2000 reserved for the IPv6 flow manager facility, 0x80000-0xFFFFF
2003 - TRUE: enabled
2004 - FALSE: disabled
2008 flowlabel_reflect - INTEGER
2012 https://tools.ietf.org/html/draft-wang-6man-flow-label-reflection-01
2016 - 1: enabled for established flows
2019 in "tcp: change IPv6 flow-label upon receiving spurious retransmission"
2022 - 2: enabled for TCP RESET packets (no active listener)
2026 - 4: enabled for ICMPv6 echo reply messages.
2030 fib_multipath_hash_policy - INTEGER
2037 - 0 - Layer 3 (source and destination addresses plus flow label)
2038 - 1 - Layer 4 (standard 5-tuple)
2039 - 2 - Layer 3 or inner Layer 3 if present
2040 - 3 - Custom multipath hash. Fields used for multipath hash calculation
2043 fib_multipath_hash_fields - UNSIGNED INTEGER
2070 anycast_src_echo_reply - BOOLEAN
2074 - TRUE: enabled
2075 - FALSE: disabled
2079 idgen_delay - INTEGER
2086 idgen_retries - INTEGER
2092 mld_qrv - INTEGER
2099 max_dst_opts_number - INTEGER
2100 Maximum number of non-padding TLVs allowed in a Destination
2107 max_hbh_opts_number - INTEGER
2108 Maximum number of non-padding TLVs allowed in a Hop-by-Hop
2115 max_dst_opts_length - INTEGER
2121 max_hbh_length - INTEGER
2122 Maximum length allowed for a Hop-by-Hop options extension
2127 skip_notify_on_dev_down - BOOLEAN
2136 nexthop_compat_mode - BOOLEAN
2143 understands the new API, this sysctl can be disabled to achieve full
2148 fib_notify_on_flag_change - INTEGER
2157 trapping packets can be "promoted" to perform decapsulation following
2159 The notifications will indicate to user-space the state of the route.
2165 - 0 - Do not emit notifications.
2166 - 1 - Emit notifications.
2167 - 2 - Emit notifications only for RTM_F_OFFLOAD_FAILED flag change.
2169 ioam6_id - INTEGER
2177 ioam6_id_wide - LONG INTEGER
2179 total. Can be different from ioam6_id.
2188 ip6frag_high_thresh - INTEGER
2194 ip6frag_low_thresh - INTEGER
2197 ip6frag_time - INTEGER
2201 Change the interface-specific default settings.
2207 Change all the interface-specific settings.
2211 conf/all/disable_ipv6 - BOOLEAN
2213 setting and also all per-interface ``disable_ipv6`` settings to the same
2217 whether IPv6 support is enabled or disabled. Returned value can be 1
2221 conf/all/forwarding - BOOLEAN
2232 proxy_ndp - BOOLEAN
2235 fwmark_reflect - BOOLEAN
2236 Controls the fwmark of kernel-generated IPv6 reply packets that are not
2249 accept_ra - INTEGER
2268 - enabled if local forwarding is disabled.
2269 - disabled if local forwarding is enabled.
2271 accept_ra_defrtr - BOOLEAN
2276 - enabled if accept_ra is enabled.
2277 - disabled if accept_ra is disabled.
2279 ra_defrtr_metric - UNSIGNED INTEGER
2289 accept_ra_from_local - BOOLEAN
2290 Accept RA with source-address that is found on local machine
2293 Default is to NOT accept these as it may be an un-intended
2298 - enabled if accept_ra_from_local is enabled
2300 - disabled if accept_ra_from_local is disabled
2303 accept_ra_min_hop_limit - INTEGER
2311 accept_ra_min_lft - INTEGER
2319 accept_ra_pinfo - BOOLEAN
2324 - enabled if accept_ra is enabled.
2325 - disabled if accept_ra is disabled.
2327 ra_honor_pio_life - BOOLEAN
2332 - If enabled, the PIO valid lifetime will always be honored.
2333 - If disabled, RFC4862 section 5.5.3e is used to determine
2338 accept_ra_rt_info_min_plen - INTEGER
2347 * -1 if accept_ra_rtr_pref is disabled.
2349 accept_ra_rt_info_max_plen - INTEGER
2358 * -1 if accept_ra_rtr_pref is disabled.
2360 accept_ra_rtr_pref - BOOLEAN
2365 - enabled if accept_ra is enabled.
2366 - disabled if accept_ra is disabled.
2368 accept_ra_mtu - BOOLEAN
2374 - enabled if accept_ra is enabled.
2375 - disabled if accept_ra is disabled.
2377 accept_redirects - BOOLEAN
2382 - enabled if local forwarding is disabled.
2383 - disabled if local forwarding is enabled.
2385 accept_source_route - INTEGER
2388 - >= 0: Accept only routing header type 2.
2389 - < 0: Do not accept routing header.
2393 autoconf - BOOLEAN
2399 - enabled if accept_ra_pinfo is enabled.
2400 - disabled if accept_ra_pinfo is disabled.
2402 dad_transmits - INTEGER
2407 forwarding - INTEGER
2408 Configure interface-specific Host/Router behaviour.
2417 - 0 Forwarding disabled
2418 - 1 Forwarding enabled
2444 hop_limit - INTEGER
2449 mtu - INTEGER
2454 ip_nonlocal_bind - BOOLEAN
2455 If set, allows processes to bind() to non-local IPv6 addresses,
2456 which can be quite useful - but may break some applications.
2460 router_probe_interval - INTEGER
2466 router_solicitation_delay - INTEGER
2472 router_solicitation_interval - INTEGER
2477 router_solicitations - INTEGER
2483 use_oif_addrs_only - BOOLEAN
2490 use_tempaddr - INTEGER
2493 * <= 0 : disable Privacy Extensions
2502 * -1 (for point-to-point devices and loopback devices)
2504 temp_valid_lft - INTEGER
2511 temp_prefered_lft - INTEGER
2520 keep_addr_on_down - INTEGER
2530 max_desync_factor - INTEGER
2538 regen_max_retry - INTEGER
2544 max_addresses - INTEGER
2552 disable_ipv6 - BOOLEAN
2553 Disable IPv6 operation. If accept_dad is set to 2, this value
2554 will be dynamically set to TRUE if DAD fails for the link-local
2560 it will dynamically create a link-local address on the given
2568 accept_dad - INTEGER
2572 0 Disable DAD
2574 2 Enable DAD, and disable IPv6 operation if MAC-based duplicate
2575 link-local address has been found.
2581 force_tllao - BOOLEAN
2582 Enable sending the target link-layer address option even when
2587 Quoting from RFC 2461, section 4.4, Target link-layer address:
2592 message. When responding to unicast solicitations, the option can be
2593 omitted since the sender of the solicitation has the correct link-
2595 solicitation in the first place. However, including the link-layer
2597 race condition where the sender deletes the cached link-layer address
2600 ndisc_notify - BOOLEAN
2603 * 0 - (default): do nothing
2604 * 1 - Generate unsolicited neighbour advertisements when device is brought
2607 ndisc_tclass - INTEGER
2611 These 8 bits can be interpreted as 6 high order bits holding the DSCP
2615 * 0 - (default)
2617 ndisc_evict_nocarrier - BOOLEAN
2623 - 1 - (default): Clear neighbor discover cache on NOCARRIER events.
2624 - 0 - Do not clear neighbor discovery cache on NOCARRIER events.
2626 mldv1_unsolicited_report_interval - INTEGER
2632 mldv2_unsolicited_report_interval - INTEGER
2638 force_mld_version - INTEGER
2639 * 0 - (default) No enforcement of a MLD version, MLDv1 fallback allowed
2640 * 1 - Enforce to use MLD version 1
2641 * 2 - Enforce to use MLD version 2
2643 suppress_frag_ndisc - INTEGER
2647 * 1 - (default) discard fragmented neighbor discovery packets
2648 * 0 - allow fragmented neighbor discovery packets
2650 optimistic_dad - BOOLEAN
2660 use_optimistic - BOOLEAN
2672 stable_secret - IPv6 address
2674 addresses for link-local addresses and autoconfigured
2676 be stable privacy ones by default. This can be changed via the
2677 addrgenmode ip-link. conf/default/stable_secret is used as the
2678 secret for the namespace, the interface specific ones can
2686 addr_gen_mode - INTEGER
2687 Defines how link-local and autoconf addresses are generated.
2691 1 do no generate a link-local address, use EUI64 for addresses
2698 drop_unicast_in_l2_multicast - BOOLEAN
2699 Drop any unicast IPv6 packets that are received in link-layer
2704 drop_unsolicited_na - BOOLEAN
2711 accept_untracked_na - INTEGER
2715 - 0 - (default) Do not accept unsolicited and untracked neighbor
2718 - 1 - Add a new neighbor cache entry in STALE state for routers on
2720 with target link-layer address option specified if no neighbor entry
2725 This is as per router-side behavior documented in RFC9131.
2729 This will optimize the return path for the initial off-link
2731 ensuring that the first-hop router which turns on this setting doesn't
2732 have to buffer the initial return packets to do neighbor-solicitation.
2738 - 2 - Extend option (1) to add a new neighbor cache entry only if the
2742 enhanced_dad - BOOLEAN
2755 ratelimit - INTEGER
2758 0 to disable any limiting,
2763 ratemask - list of comma separated ranges
2768 list of ranges (e.g. "0-127,129" for ICMPv6 message type 0 to 127 and
2772 Refer to: https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml
2776 Default: 0-1,3-127 (rate limit ICMPv6 errors except Packet Too Big)
2778 echo_ignore_all - BOOLEAN
2779 If set non-zero, then the kernel will ignore all ICMP ECHO
2784 echo_ignore_multicast - BOOLEAN
2785 If set non-zero, then the kernel will ignore all ICMP ECHO
2790 echo_ignore_anycast - BOOLEAN
2791 If set non-zero, then the kernel will ignore all ICMP ECHO
2796 error_anycast_as_unicast - BOOLEAN
2803 xfrm6_gc_thresh - INTEGER
2804 (Obsolete since linux-4.14)
2812 YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
2818 bridge-nf-call-arptables - BOOLEAN
2819 - 1 : pass bridged ARP traffic to arptables' FORWARD chain.
2820 - 0 : disable this.
2824 bridge-nf-call-iptables - BOOLEAN
2825 - 1 : pass bridged IPv4 traffic to iptables' chains.
2826 - 0 : disable this.
2830 bridge-nf-call-ip6tables - BOOLEAN
2831 - 1 : pass bridged IPv6 traffic to ip6tables' chains.
2832 - 0 : disable this.
2836 bridge-nf-filter-vlan-tagged - BOOLEAN
2837 - 1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
2838 - 0 : disable this.
2842 bridge-nf-filter-pppoe-tagged - BOOLEAN
2843 - 1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
2844 - 0 : disable this.
2848 bridge-nf-pass-vlan-input-dev - BOOLEAN
2849 - 1: if bridge-nf-filter-vlan-tagged is enabled, try to find a vlan
2851 vlan. This allows use of e.g. "iptables -i br0.1" and makes the
2852 REDIRECT target work with vlan-on-top-of-bridge interfaces. When no
2856 - 0: disable bridge netfilter vlan interface lookup.
2863 addip_enable - BOOLEAN
2864 Enable or disable extension of Dynamic Address Reconfiguration
2865 (ADD-IP) functionality specified in RFC5061. This extension provides
2871 0: Disable extension.
2875 pf_enable - INTEGER
2876 Enable or disable pf (pf is short for potentially failed) state. A value
2878 both pf_enable and pf_retrans > path_max_retrans can disable pf state.
2879 Since pf_retrans and path_max_retrans can be changed by userspace
2880 application, sometimes user expects to disable pf state by the value of
2884 and disable pf state. See:
2885 https://datatracker.ietf.org/doc/draft-ietf-tsvwg-sctp-failover for
2890 0: Disable pf.
2894 pf_expose - INTEGER
2895 Unset or enable/disable pf (pf is short for potentially failed) state
2896 exposure. Applications can control the exposure of the PF path state
2899 SCTP_ADDR_PF state will be sent and a SCTP_PF-state transport info
2900 can be got via SCTP_GET_PEER_ADDR_INFO sockopt; When it's enabled,
2902 SCTP_PF state and a SCTP_PF-state transport info can be got via
2904 SCTP_PEER_ADDR_CHANGE event will be sent and it returns -EACCES when
2905 trying to get a SCTP_PF-state transport info via SCTP_GET_PEER_ADDR_INFO
2910 1: Disable pf state exposure.
2916 addip_noauth_enable - BOOLEAN
2917 Dynamic Address Reconfiguration (ADD-IP) requires the use of
2922 allowing the ADD-IP extension. For reasons of interoperability,
2927 1 Allow ADD-IP extension to be used without authentication. This
2936 auth_enable - BOOLEAN
2937 Enable or disable Authenticated Chunks extension. This extension
2940 (ADD-IP) extension.
2942 - 1: Enable this extension.
2943 - 0: Disable this extension.
2947 prsctp_enable - BOOLEAN
2948 Enable or disable the Partial Reliability extension (RFC3758) which
2951 - 1: Enable extension
2952 - 0: Disable
2956 max_burst - INTEGER
2957 The limit of the number of new packets that can be initially sent. It
2958 controls how bursty the generated traffic can be.
2962 association_max_retrans - INTEGER
2963 Set the maximum number for retransmissions that an association can
2969 max_init_retransmits - INTEGER
2970 The maximum number of retransmissions of INIT and COOKIE-ECHO chunks
2976 path_max_retrans - INTEGER
2984 pf_retrans - INTEGER
2988 passes the pf_retrans threshold can still be used. Its only
2992 http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
2994 disables this feature. Since both pf_retrans and path_max_retrans can
2996 disable pf state.
3000 ps_retrans - INTEGER
3002 from section-5 "Primary Path Switchover" in rfc7829. The primary path
3008 and its value can't be less than 'pf_retrans' when changing by sysctl.
3012 rto_initial - INTEGER
3019 rto_max - INTEGER
3021 is the largest time interval that can elapse between retransmissions.
3025 rto_min - INTEGER
3027 is the smallest time interval the can elapse between retransmissions.
3031 hb_interval - INTEGER
3038 sack_timeout - INTEGER
3044 valid_cookie_life - INTEGER
3050 cookie_preserve_enable - BOOLEAN
3051 Enable or disable the ability to extend the lifetime of the SCTP cookie
3054 - 1: Enable cookie lifetime extension.
3055 - 0: Disable
3059 cookie_hmac_alg - STRING
3061 a listening sctp socket to a connecting client in the INIT-ACK chunk.
3075 rcvbuf_policy - INTEGER
3086 - 1: rcvbuf space is per association
3087 - 0: rcvbuf space is per socket
3091 sndbuf_policy - INTEGER
3094 - 1: Send buffer is tracked per association
3095 - 0: Send buffer is tracked per socket.
3099 sctp_mem - vector of 3 INTEGERs: min, pressure, max
3112 sctp_rmem - vector of 3 INTEGERs: min, default, max
3122 sctp_wmem - vector of 3 INTEGERs: min, default, max
3126 min: Minimum size of send buffer that can be used by SCTP sockets.
3132 addr_scope_policy - INTEGER
3133 Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
3135 - 0 - Disable IPv4 address scoping
3136 - 1 - Enable IPv4 address scoping
3137 - 2 - Follow draft but allow IPv4 private addresses
3138 - 3 - Follow draft but allow IPv4 link local addresses
3142 udp_port - INTEGER
3144 using the IANA-assigned UDP port number 9899 (sctp-tunneling).
3146 This UDP sock is used for processing the incoming UDP-encapsulated
3152 for the outgoing UDP-encapsulated SCTP packets. For the dest port,
3157 encap_port - INTEGER
3161 outgoing UDP-encapsulated SCTP packets by default. Users can also
3173 plpmtud_probe_interval - INTEGER
3185 reconf_enable - BOOLEAN
3186 Enable or disable extension of Stream Reconfiguration functionality
3191 - 1: Enable extension.
3192 - 0: Disable extension.
3196 intl_enable - BOOLEAN
3197 Enable or disable extension of User Message Interleaving functionality
3199 messages sent on different streams. With this feature enabled, I-DATA
3205 - 1: Enable extension.
3206 - 0: Disable extension.
3210 ecn_enable - BOOLEAN
3218 0: Disable ecn.
3222 l3mdev_accept - BOOLEAN
3235 Please see: Documentation/admin-guide/sysctl/net.rst for descriptions of these entries.
3241 max_dgram_qlen - INTEGER