So, i also noticed that some of the parameters represented as boolean have no value constrain checks and accept integer values due to u8 implementation, so i wrote a note for every boolean parameter that have no constrain checks in code. and fixed a typo in fmwark instead of fwmark. Added notes for 19 confirmed parameters, Verified by code inspection and runtime testing. - No changes for v2 in this patch , still waiting to be reviewed. Signed-off-by: Abdelrahman Fekry <abdelrahmanfekry375@xxxxxxxxx> --- v2: - No change. v1: - Added notes for booleans that accept 0-255 not only 0/1. Documentation/networking/ip-sysctl.rst | 70 ++++++++++++++++++++------ 1 file changed, 55 insertions(+), 15 deletions(-) diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index 68778532faa5..38f2981290d6 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -70,6 +70,8 @@ ip_forward_use_pmtu - BOOLEAN - 0 - disabled - 1 - enabled + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. fwmark_reflect - BOOLEAN Controls the fwmark of kernel-generated IPv4 reply packets that are not @@ -91,6 +93,8 @@ fib_multipath_use_neigh - BOOLEAN - 0 - disabled - 1 - enabled + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. fib_multipath_hash_policy - INTEGER Controls which hash policy to use for multipath routes. Only valid @@ -490,7 +494,9 @@ tcp_fwmark_accept - BOOLEAN have a fwmark set via setsockopt(SOL_SOCKET, SO_MARK, ...) are unaffected. - Default: 0 + Default: 0 (disabled) + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. tcp_invalid_ratelimit - INTEGER Limit the maximal rate for sending duplicate acknowledgments @@ -605,6 +611,8 @@ tcp_moderate_rcvbuf - BOOLEAN automatically size the buffer (no greater than tcp_rmem[2]) to match the size required by the path for full throughput. Enabled by default. + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. tcp_mtu_probing - INTEGER Controls TCP Packetization-Layer Path MTU Discovery. Takes three @@ -638,6 +646,8 @@ tcp_no_ssthresh_metrics_save - BOOLEAN Controls whether TCP saves ssthresh metrics in the route cache. Default is 1, which disables ssthresh metrics. + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. tcp_orphan_retries - INTEGER This value influences the timeout of a locally closed TCP connection, @@ -705,7 +715,9 @@ tcp_retries1 - INTEGER RFC 1122 recommends at least 3 retransmissions, which is the default. - + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. + tcp_retries2 - INTEGER This value influences the timeout of an alive TCP connection, when RTO retransmissions remain unacknowledged. @@ -728,7 +740,7 @@ tcp_rfc1337 - BOOLEAN we are not conforming to RFC, but prevent TCP TIME_WAIT assassination. - Default: 0 + Default: 0 (disabled) tcp_rmem - vector of 3 INTEGERs: min, default, max min: Minimal size of receive buffer used by TCP sockets. @@ -753,6 +765,8 @@ tcp_sack - BOOLEAN Enable select acknowledgments (SACKS). Default: 1 (enabled) + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. tcp_comp_sack_delay_ns - LONG INTEGER TCP tries to reduce number of SACK sent, using a timer @@ -788,7 +802,9 @@ tcp_slow_start_after_idle - BOOLEAN the current RTO. If unset, the congestion window will not be timed out after an idle period. - Default: 1 + Default: 1 (enabled) + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. tcp_stdurg - BOOLEAN Use the Host requirements interpretation of the TCP urgent pointer field. @@ -796,6 +812,8 @@ tcp_stdurg - BOOLEAN Linux might not communicate correctly with them. Default: 0 (disabled) + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. tcp_synack_retries - INTEGER Number of times SYNACKs for a passive TCP connection attempt will @@ -852,7 +870,7 @@ tcp_migrate_req - BOOLEAN migration by returning SK_DROP in the type of eBPF program, or disable this option. - Default: 0 + Default: 0 (disabled) tcp_fastopen - INTEGER Enable TCP Fast Open (RFC7413) to send and accept data in the opening @@ -1036,6 +1054,8 @@ tcp_window_scaling - BOOLEAN - 1 - Enabled. Default: 1 (enabled) + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. tcp_shrink_window - BOOLEAN This changes how the TCP receive window is calculated. @@ -1050,7 +1070,9 @@ tcp_shrink_window - BOOLEAN This only occurs if a non-zero receive window scaling factor is also in effect. - Default: 0 + Default: 0 (disabled) + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. tcp_wmem - vector of 3 INTEGERs: min, default, max min: Amount of memory reserved for send buffers for TCP sockets. @@ -1092,7 +1114,7 @@ tcp_workaround_signed_windows - BOOLEAN If unset, assume the remote TCP is not broken even if we do not receive a window scaling option from them. - Default: 0 + Default: 0 (disabled) tcp_thin_linear_timeouts - BOOLEAN Enable dynamic triggering of linear timeouts for thin streams. @@ -1105,8 +1127,10 @@ tcp_thin_linear_timeouts - BOOLEAN For more information on thin streams, see Documentation/networking/tcp-thin.rst - Default: 0 - + Default: 0 (disabled) + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. + tcp_limit_output_bytes - INTEGER Controls TCP Small Queue limit per tcp socket. TCP bulk sender tends to increase packets in flight until it @@ -1350,7 +1374,7 @@ cipso_cache_enable - BOOLEAN invalidated when required when means you can safely toggle this on and off and the cache will always be "safe". - Default: 1 + Default: 1 (enabled) cipso_cache_bucket_size - INTEGER The CIPSO label cache consists of a fixed size hash table with each @@ -1368,7 +1392,10 @@ cipso_rbm_optfmt - BOOLEAN This means that when set the CIPSO tag will be padded with empty categories in order to make the packet data 32-bit aligned. - Default: 0 + Default: 0 (disabled) + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. + cipso_rbm_strictvalid - BOOLEAN If set, do a very strict check of the CIPSO option when @@ -1378,7 +1405,10 @@ cipso_rbm_strictvalid - BOOLEAN result in less work (i.e. it should be faster) but could cause problems with other implementations that require strict checking. - Default: 0 + Default: 0 (disabled) + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. + IP Variables ============ @@ -1439,6 +1469,9 @@ ip_nonlocal_bind - BOOLEAN which can be quite useful - but may break some applications. Default: 0 + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. + ip_autobind_reuse - BOOLEAN By default, bind() does not select the ports automatically even if @@ -1449,6 +1482,8 @@ ip_autobind_reuse - BOOLEAN option should only be set by experts. Default: 0 + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. + ip_dynaddr - INTEGER If set non-zero, enables support for dynamic addresses. If set to a non-zero value larger than 1, a kernel log @@ -1478,13 +1513,16 @@ tcp_early_demux - BOOLEAN Enable early demux for established TCP sockets. Default: 1 + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. + udp_early_demux - BOOLEAN Enable early demux for connected UDP sockets. Disable this if your system could experience more unconnected load. Default: 1 - + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. + icmp_echo_ignore_all - BOOLEAN If set non-zero, then the kernel will ignore all ICMP ECHO requests sent to it. @@ -1817,7 +1855,7 @@ src_valid_mark - BOOLEAN lookup. This permits rp_filter to function when the fwmark is used for routing traffic in both directions. - This setting also affects the utilization of fmwark when + This setting also affects the utilization of fwmark when performing source address selection for ICMP replies, or determining addresses stored for the IPOPT_TS_TSANDADDR and IPOPT_RR IP options. @@ -2326,7 +2364,9 @@ fwmark_reflect - BOOLEAN fwmark of the packet they are replying to. Default: 0 - + + note: Accepts integer values (0-255) but only 0/1 have defined behaviour. + ``conf/interface/*``: Change special settings per interface. -- 2.25.1
