Lines Matching +full:can +full:- +full:disable
1 .. SPDX-License-Identifier: GPL-2.0
10 ip_forward - BOOLEAN
11 - 0 - disabled (default)
12 - not 0 - enabled
20 ip_default_ttl - INTEGER
25 ip_no_pmtu_disc - INTEGER
26 Disable Path MTU Discovery. If enabled in mode 1 and a
27 fragmentation-required ICMP is received, the PMTU to this
38 accept fragmentation-needed errors if the underlying protocol
39 can verify them besides a plain socket lookup. Current
48 Possible values: 0-3
52 min_pmtu - INTEGER
53 default 552 - minimum Path MTU. Unless this is changed manually,
56 ip_forward_use_pmtu - BOOLEAN
58 because they could be easily forged and can lead to unwanted
60 You only need to enable this if you have user-space software
69 - 0 - disabled
70 - 1 - enabled
72 fwmark_reflect - BOOLEAN
73 Controls the fwmark of kernel-generated IPv4 reply packets that are not
80 fib_multipath_use_neigh - BOOLEAN
90 - 0 - disabled
91 - 1 - enabled
93 fib_multipath_hash_policy - INTEGER
101 - 0 - Layer 3
102 - 1 - Layer 4
103 - 2 - Layer 3 or inner Layer 3 if present
104 - 3 - Custom multipath hash. Fields used for multipath hash calculation
107 fib_multipath_hash_fields - UNSIGNED INTEGER
134 fib_multipath_hash_seed - UNSIGNED INTEGER
140 internal random-generated one.
142 The actual hashing algorithm is not specified -- there is no guarantee
148 fib_sync_mem - UNSIGNED INTEGER
149 Amount of dirty memory from fib entries that can be backlogged before
154 ip_forward_update_priority - INTEGER
157 according to an rt_tos2priority table (see e.g. man tc-prio).
163 - 0 - Do not update priority.
164 - 1 - Update priority.
166 route/max_size - INTEGER
176 neigh/default/gc_thresh1 - INTEGER
182 neigh/default/gc_thresh2 - INTEGER
189 neigh/default/gc_thresh3 - INTEGER
190 Maximum number of non-PERMANENT neighbor entries allowed. Increase
192 with large numbers of directly-connected peers.
196 neigh/default/unres_qlen_bytes - INTEGER
209 neigh/default/unres_qlen - INTEGER
222 neigh/default/interval_probe_time_ms - INTEGER
228 mtu_expires - INTEGER
231 min_adv_mss - INTEGER
235 fib_notify_on_flag_change - INTEGER
244 trapping packets can be "promoted" to perform decapsulation following
246 The notifications will indicate to user-space the state of the route.
252 - 0 - Do not emit notifications.
253 - 1 - Emit notifications.
254 - 2 - Emit notifications only for RTM_F_OFFLOAD_FAILED flag change.
258 ipfrag_high_thresh - LONG INTEGER
261 ipfrag_low_thresh - LONG INTEGER
262 (Obsolete since linux-4.17)
267 ipfrag_time - INTEGER
270 ipfrag_max_dist - INTEGER
271 ipfrag_max_dist is a non-negative integer value which defines the
278 is done on fragments before they are added to a reassembly queue - if
285 Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can
293 bc_forwarding - INTEGER
294 bc_forwarding enables the feature described in rfc1812#section-5.3.5.2
303 inet_peer_threshold - INTEGER
306 entries' time-to-live and time intervals between garbage collection
307 passes. More entries, less time-to-live, less GC interval.
309 inet_peer_minttl - INTEGER
310 Minimum time-to-live of entries. Should be enough to cover fragment
311 time-to-live on the reassembling side. This minimum time-to-live is
315 inet_peer_maxttl - INTEGER
316 Maximum time-to-live of entries. Unused entries will expire after
324 somaxconn - INTEGER
326 Defaults to 4096. (Was 128 before linux-5.4)
329 tcp_abort_on_overflow - BOOLEAN
335 option can harm clients of your server.
337 tcp_adv_win_scale - INTEGER
338 Obsolete since linux-6.6
340 (if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
343 Possible values are [-31, 31], inclusive.
347 tcp_allowed_congestion_control - STRING
348 Show/set the congestion control choices available to non-privileged
354 tcp_app_win - INTEGER
362 tcp_autocorking - BOOLEAN
368 queue. Applications can still use TCP_CORK for optimal behavior
373 tcp_available_congestion_control - STRING
378 tcp_base_mss - INTEGER
383 tcp_mtu_probe_floor - INTEGER
389 tcp_min_snd_mss - INTEGER
398 tcp_congestion_control - STRING
408 tcp_dsack - BOOLEAN
411 tcp_early_retrans - INTEGER
413 losses into fast recovery (draft-ietf-tcpm-rack). Note that
418 - 0 disables TLP
419 - 3 or 4 enables TLP
423 tcp_ecn - INTEGER
433 0 Disable ECN. Neither initiate nor accept ECN.
442 tcp_ecn_fallback - BOOLEAN
444 back to non-ECN. Currently, this knob implements the fallback
452 tcp_fack - BOOLEAN
455 tcp_fin_timeout - INTEGER
459 valid "receive only" state for an un-orphaned connection, an
467 tcp_frto - INTEGER
468 Enables Forward RTO-Recovery (F-RTO) defined in RFC5682.
469 F-RTO is an enhanced recovery algorithm for TCP retransmission
471 RTT fluctuates (e.g., wireless). F-RTO is sender-side only
474 By default it's enabled with a non-zero value. 0 disables F-RTO.
476 tcp_fwmark_accept - BOOLEAN
487 tcp_invalid_ratelimit - INTEGER
492 (a) out-of-window sequence number,
493 (b) out-of-window acknowledgment number, or
496 This can help mitigate simple "ack loop" DoS attacks, wherein
497 a buggy or malicious middlebox or man-in-the-middle can
503 Using 0 disables rate-limiting of dupacks in response to
509 tcp_keepalive_time - INTEGER
513 tcp_keepalive_probes - INTEGER
517 tcp_keepalive_intvl - INTEGER
523 tcp_l3mdev_accept - BOOLEAN
533 tcp_low_latency - BOOLEAN
536 tcp_max_orphans - INTEGER
548 tcp_max_syn_backlog - INTEGER
552 This is a per-listener limit.
562 tcp_max_tw_buckets - INTEGER
564 If this number is exceeded time-wait socket is immediately destroyed
570 tcp_mem - vector of 3 INTEGERs: min, pressure, max
584 tcp_min_rtt_wlen - INTEGER
591 Possible values: 0 - 86400 (1 day)
595 tcp_moderate_rcvbuf - BOOLEAN
596 If set, TCP performs receive buffer auto-tuning, attempting to
601 tcp_mtu_probing - INTEGER
602 Controls TCP Packetization-Layer Path MTU Discovery. Takes three
605 - 0 - Disabled
606 - 1 - Disabled by default, enabled when an ICMP black hole detected
607 - 2 - Always enabled, use initial MSS of tcp_base_mss.
609 tcp_probe_interval - UNSIGNED INTEGER
610 Controls how often to start TCP Packetization-Layer Path MTU
614 tcp_probe_threshold - INTEGER
615 Controls when TCP Packetization-Layer Path MTU Discovery probing
619 tcp_no_metrics_save - BOOLEAN
622 near future can use these to set initial conditions. Usually, this
627 tcp_no_ssthresh_metrics_save - BOOLEAN
632 tcp_orphan_retries - INTEGER
643 tcp_recovery - INTEGER
659 tcp_reflect_tos - BOOLEAN
669 tcp_reordering - INTEGER
671 TCP stack can then dynamically adjust flow reordering level
676 tcp_max_reordering - INTEGER
683 tcp_retrans_collapse - BOOLEAN
684 Bug-to-bug compatibility with some broken printers.
688 tcp_retries1 - INTEGER
697 tcp_retries2 - INTEGER
712 tcp_rfc1337 - BOOLEAN
719 tcp_rmem - vector of 3 INTEGERs: min, default, max
738 tcp_sack - BOOLEAN
741 tcp_comp_sack_delay_ns - LONG INTEGER
748 tcp_comp_sack_slack_ns - LONG INTEGER
756 tcp_comp_sack_nr - INTEGER
757 Max number of SACK that can be compressed.
762 tcp_backlog_ack_defer - BOOLEAN
769 tcp_slow_start_after_idle - BOOLEAN
777 tcp_stdurg - BOOLEAN
784 tcp_synack_retries - INTEGER
791 tcp_syncookies - INTEGER
806 to use TCP extensions, can result in serious degradation
813 network connections you can set this knob to 2 to enable
816 tcp_migrate_req - BOOLEAN
818 the initial SYN packet is received during the three-way handshake.
819 When a listener is closed, in-flight request sockets during the
837 disable this option.
841 tcp_fastopen - INTEGER
852 the option value being the length of the syn-data backlog.
860 application before 3-way handshake finishes.
863 0x200 (server) accept data-in-SYN w/o any cookie option present.
873 tcp_fastopen_blackhole_timeout_sec - INTEGER
874 Initial time period in second to disable Fastopen on active TCP sockets
877 get detected right after Fastopen is re-enabled and will reset to
879 0 to disable the blackhole detection.
883 tcp_fastopen_key - list of comma separated 32-digit hexadecimal INTEGERs
894 per-socket keys will be used instead of any keys that are specified via
897 A key is specified as 4 8-digit hexadecimal integers which are separated
898 by a '-' as: xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx. Leading zeros may be
903 tcp_syn_retries - INTEGER
911 tcp_timestamps - INTEGER
914 - 0: Disabled.
915 - 1: Enable timestamps as defined in RFC1323 and use random offset for
917 - 2: Like 1, but without random offsets.
921 tcp_min_tso_segs - INTEGER
924 Since linux-3.12, TCP does an automatic sizing of TSO frames,
932 tcp_tso_rtt_log - INTEGER
935 Starting from linux-5.18, TCP autosizing can be tweaked
941 tso_packet_size = sk->sk_pacing_rate / 1024;
948 This means that flows between very close hosts can use bigger
955 tcp_pacing_ss_ratio - INTEGER
956 sk->sk_pacing_rate is set by TCP stack using a ratio applied
959 to let TCP probe for bigger speeds, assuming cwnd can be
964 tcp_pacing_ca_ratio - INTEGER
965 sk->sk_pacing_rate is set by TCP stack using a ratio applied
972 tcp_syn_linear_timeouts - INTEGER
982 tcp_tso_win_divisor - INTEGER
984 can be consumed by a single TSO frame.
990 tcp_tw_reuse - INTEGER
991 Enable reuse of TIME-WAIT sockets for new connections when it is
994 - 0 - disable
995 - 1 - global enable
996 - 2 - enable for loopback traffic only
1003 tcp_tw_reuse_delay - UNSIGNED INTEGER
1004 The delay in milliseconds before a TIME-WAIT socket can be reused by a
1005 new connection, if TIME-WAIT socket reuse is enabled. The actual reuse
1017 tcp_window_scaling - BOOLEAN
1020 tcp_shrink_window - BOOLEAN
1024 window can be offered, and that TCP implementations MUST ensure
1027 - 0 - Disabled. The window is never shrunk.
1028 - 1 - Enabled. The window is shrunk when necessary to remain within
1030 This only occurs if a non-zero receive window
1035 tcp_wmem - vector of 3 INTEGERs: min, default, max
1056 tcp_notsent_lowat - UNSIGNED INTEGER
1057 A TCP socket can control the amount of unsent bytes in its write queue,
1069 tcp_workaround_signed_windows - BOOLEAN
1077 tcp_thin_linear_timeouts - BOOLEAN
1084 non-aggressive thin streams, often found to be time-dependent.
1086 Documentation/networking/tcp-thin.rst
1090 tcp_limit_output_bytes - INTEGER
1093 gets losses notifications. With SNDBUF autotuning, this can
1102 tcp_challenge_ack_limit - INTEGER
1104 in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
1105 Note that this per netns rate limit can allow some side channel
1110 tcp_ehash_entries - INTEGER
1117 tcp_child_ehash_entries - INTEGER
1135 Possible values: 0, 2^n (n: 0 - 24 (16Mi))
1139 tcp_plb_enabled - BOOLEAN
1150 field, and currently no-op for IPv4 headers. It is possible
1163 tcp_plb_idle_rehash_rounds - INTEGER
1165 a rehash can be performed, given there are no packets in flight.
1169 Possible Values: 0 - 31
1173 tcp_plb_rehash_rounds - INTEGER
1175 a forced rehash can be performed. Be careful when setting this
1180 Possible Values: 0 - 31
1184 tcp_plb_suspend_rto_sec - INTEGER
1192 Possible Values: 0 - 255
1196 tcp_plb_cong_thresh - INTEGER
1201 The 0-1 fraction range is mapped to 0-256 range to avoid floating
1210 Possible Values: 0 - 256
1214 tcp_pingpong_thresh - INTEGER
1217 "ping-pong" (request-response) connection for which delayed
1218 acknowledgments can provide benefits.
1223 Possible Values: 1 - 255
1227 tcp_rto_min_us - INTEGER
1236 Possible Values: 1 - INT_MAX
1243 udp_l3mdev_accept - BOOLEAN
1252 udp_mem - vector of 3 INTEGERs: min, pressure, max
1263 udp_rmem_min - INTEGER
1270 udp_wmem_min - INTEGER
1273 udp_hash_entries - INTEGER
1280 udp_child_ehash_entries - INTEGER
1295 Possible values: 0, 2^n (n: 7 (128) - 16 (64K))
1303 raw_l3mdev_accept - BOOLEAN
1315 cipso_cache_enable - BOOLEAN
1319 invalidated when required when means you can safely toggle this on and
1324 cipso_cache_bucket_size - INTEGER
1328 more CIPSO label mappings that can be cached. When the number of
1334 cipso_rbm_optfmt - BOOLEAN
1338 categories in order to make the packet data 32-bit aligned.
1342 cipso_rbm_structvalid - BOOLEAN
1355 ip_local_port_range - 2 INTEGERS
1364 ip_local_reserved_ports - list of comma separated ranges
1365 Specify the ports which are reserved for known third-party
1371 list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
1381 You can reserve ports which are not in the current
1397 ip_unprivileged_port_start - INTEGER
1398 This is a per-namespace sysctl. It defines the first
1401 To disable all privileged ports, set this to 0. They must not
1406 ip_nonlocal_bind - BOOLEAN
1407 If set, allows processes to bind() to non-local IP addresses,
1408 which can be quite useful - but may break some applications.
1412 ip_autobind_reuse - BOOLEAN
1421 ip_dynaddr - INTEGER
1422 If set non-zero, enables support for dynamic addresses.
1423 If set to a non-zero value larger than 1, a kernel log
1429 ip_early_demux - BOOLEAN
1435 reduces overall throughput, in such case you should disable it.
1439 ping_group_range - 2 INTEGERS
1446 tcp_early_demux - BOOLEAN
1451 udp_early_demux - BOOLEAN
1452 Enable early demux for connected UDP sockets. Disable this if
1457 icmp_echo_ignore_all - BOOLEAN
1458 If set non-zero, then the kernel will ignore all ICMP ECHO
1463 icmp_echo_enable_probe - BOOLEAN
1469 icmp_echo_ignore_broadcasts - BOOLEAN
1470 If set non-zero, then the kernel will ignore all ICMP ECHO and
1475 icmp_ratelimit - INTEGER
1478 0 to disable any limiting,
1485 icmp_msgs_per_sec - INTEGER
1493 icmp_msgs_burst - INTEGER
1500 icmp_ratemask - INTEGER
1527 icmp_ignore_bogus_error_responses - BOOLEAN
1535 icmp_errors_use_inbound_ifaddr - BOOLEAN
1540 If non-zero, the message will be sent with the primary address of
1543 a router. And it can make debugging complicated network layouts
1547 then the primary address of the first non-loopback interface that
1552 igmp_max_memberships - INTEGER
1553 Change the maximum number of multicast groups we can subscribe to.
1557 report in a single datagram (i.e. the report can't span multiple
1562 report entries you can fit into a single datagram of 65535 bytes.
1564 M = 65536-sizeof (ip header)/(sizeof(Group record))
1569 (65536-24) / 12 = 5459
1574 igmp_max_msf - INTEGER
1580 igmp_qrv - INTEGER
1587 force_igmp_version - INTEGER
1588 - 0 - (default) No enforcement of a IGMP version, IGMPv1/v2 fallback
1591 - 1 - Enforce to use IGMP version 1. Will also reply IGMPv1 report if
1593 - 2 - Enforce to use IGMP version 2. Will fallback to IGMPv1 if receive
1595 - 3 - Enforce to use IGMP version 3. The same react with default 0.
1611 log_martians - BOOLEAN
1617 accept_redirects - BOOLEAN
1621 - both conf/{all,interface}/accept_redirects are TRUE in the case
1626 - at least one of conf/{all,interface}/accept_redirects is TRUE in the
1633 - TRUE (host)
1634 - FALSE (router)
1636 forwarding - BOOLEAN
1638 received _on_ this interface can be forwarded.
1640 mc_forwarding - BOOLEAN
1646 medium_id - INTEGER
1648 are attached to. Two devices can have different id values when
1651 to its medium, value of -1 means that medium is not known.
1657 proxy_arp - BOOLEAN
1664 proxy_arp_pvlan - BOOLEAN
1682 Hewlett-Packard call it Source-Port filtering or port-isolation.
1683 Ericsson call it MAC-Forced Forwarding (RFC Draft).
1685 proxy_delay - INTEGER
1693 shared_media - BOOLEAN
1703 secure_redirects - BOOLEAN
1716 send_redirects - BOOLEAN
1725 bootp_relay - BOOLEAN
1736 accept_source_route - BOOLEAN
1743 - TRUE (router)
1744 - FALSE (host)
1746 accept_local - BOOLEAN
1748 suitable routing, this can be used to direct packets between two
1752 route_localnet - BOOLEAN
1758 rp_filter - INTEGER
1759 - 0 - No source validation.
1760 - 1 - Strict mode as defined in RFC3704 Strict Reverse Path
1764 - 2 - Loose mode as defined in RFC3704 Loose Reverse Path
1779 src_valid_mark - BOOLEAN
1780 - 0 - The fwmark of the packet is not included in reverse path
1785 - 1 - The fwmark of the packet is included in reverse path route
1798 arp_filter - BOOLEAN
1799 - 1 - Allows you to have multiple network interfaces on the same
1806 - 0 - (default) The kernel can respond to arp requests with addresses
1810 particular interfaces. Only for more complex setups like load-
1817 arp_announce - INTEGER
1822 - 0 - (default) Use any local address, configured on any interface
1823 - 1 - Try to avoid local addresses that are not in the target's
1832 - 2 - Always use the best local address for this target.
1849 arp_ignore - INTEGER
1853 - 0 - (default): reply for any local target IP address, configured
1855 - 1 - reply only if the target IP address is local address
1857 - 2 - reply only if the target IP address is local address
1860 - 3 - do not reply for local addresses configured with scope host,
1862 - 4-7 - reserved
1863 - 8 - do not reply for all local addresses
1868 arp_notify - BOOLEAN
1877 arp_accept - INTEGER
1881 - 0 - don't create new entries in the ARP table
1882 - 1 - create new entries in the ARP table
1883 - 2 - create new entries only if the source IP address is in the same
1894 arp_evict_nocarrier - BOOLEAN
1900 - 1 - (default): Clear the ARP cache on NOCARRIER events
1901 - 0 - Do not clear ARP cache on NOCARRIER events
1903 mcast_solicit - INTEGER
1908 ucast_solicit - INTEGER
1912 app_solicit - INTEGER
1917 mcast_resolicit - INTEGER
1921 disable_policy - BOOLEAN
1922 Disable IPSEC policy (SPD) for this interface
1924 disable_xfrm - BOOLEAN
1925 Disable IPSEC encryption on this interface, whatever the policy
1927 igmpv2_unsolicited_report_interval - INTEGER
1933 igmpv3_unsolicited_report_interval - INTEGER
1939 ignore_routes_with_linkdown - BOOLEAN
1942 promote_secondaries - BOOLEAN
1947 drop_unicast_in_l2_multicast - BOOLEAN
1948 Drop any unicast IP packets that are received in link-layer
1956 drop_gratuitous_arp - BOOLEAN
1964 tag - INTEGER
1965 Allows you to write a number, which can be used as required.
1969 xfrm4_gc_thresh - INTEGER
1970 (Obsolete since linux-4.14)
1975 igmp_link_local_mcast_reports - BOOLEAN
1986 - Andi Kleen
1988 - Nicolas Delon
2000 bindv6only - BOOLEAN
2005 - TRUE: disable IPv4-mapped address feature
2006 - FALSE: enable IPv4-mapped address feature
2010 flowlabel_consistency - BOOLEAN
2012 You have to disable it to use IPV6_FL_F_REFLECT flag on the
2015 - TRUE: enabled
2016 - FALSE: disabled
2020 auto_flowlabels - INTEGER
2028 1 automatic flow labels are enabled by default, they can be
2039 flowlabel_state_ranges - BOOLEAN
2040 Split the flow label number space into two ranges. 0-0x7FFFF is
2041 reserved for the IPv6 flow manager facility, 0x80000-0xFFFFF
2044 - TRUE: enabled
2045 - FALSE: disabled
2049 flowlabel_reflect - INTEGER
2053 https://tools.ietf.org/html/draft-wang-6man-flow-label-reflection-01
2057 - 1: enabled for established flows
2060 in "tcp: change IPv6 flow-label upon receiving spurious retransmission"
2063 - 2: enabled for TCP RESET packets (no active listener)
2067 - 4: enabled for ICMPv6 echo reply messages.
2071 fib_multipath_hash_policy - INTEGER
2078 - 0 - Layer 3 (source and destination addresses plus flow label)
2079 - 1 - Layer 4 (standard 5-tuple)
2080 - 2 - Layer 3 or inner Layer 3 if present
2081 - 3 - Custom multipath hash. Fields used for multipath hash calculation
2084 fib_multipath_hash_fields - UNSIGNED INTEGER
2111 anycast_src_echo_reply - BOOLEAN
2115 - TRUE: enabled
2116 - FALSE: disabled
2120 idgen_delay - INTEGER
2127 idgen_retries - INTEGER
2133 mld_qrv - INTEGER
2140 max_dst_opts_number - INTEGER
2141 Maximum number of non-padding TLVs allowed in a Destination
2148 max_hbh_opts_number - INTEGER
2149 Maximum number of non-padding TLVs allowed in a Hop-by-Hop
2156 max_dst_opts_length - INTEGER
2162 max_hbh_length - INTEGER
2163 Maximum length allowed for a Hop-by-Hop options extension
2168 skip_notify_on_dev_down - BOOLEAN
2177 nexthop_compat_mode - BOOLEAN
2184 understands the new API, this sysctl can be disabled to achieve full
2188 Note that as a backward-compatible mode, dumping of modern features
2195 fib_notify_on_flag_change - INTEGER
2204 trapping packets can be "promoted" to perform decapsulation following
2206 The notifications will indicate to user-space the state of the route.
2212 - 0 - Do not emit notifications.
2213 - 1 - Emit notifications.
2214 - 2 - Emit notifications only for RTM_F_OFFLOAD_FAILED flag change.
2216 ioam6_id - INTEGER
2224 ioam6_id_wide - LONG INTEGER
2226 total. Can be different from ioam6_id.
2235 ip6frag_high_thresh - INTEGER
2241 ip6frag_low_thresh - INTEGER
2244 ip6frag_time - INTEGER
2248 Change the interface-specific default settings.
2254 Change all the interface-specific settings.
2258 conf/all/disable_ipv6 - BOOLEAN
2260 setting and also all per-interface ``disable_ipv6`` settings to the same
2264 whether IPv6 support is enabled or disabled. Returned value can be 1
2268 conf/all/forwarding - BOOLEAN
2279 proxy_ndp - BOOLEAN
2282 fwmark_reflect - BOOLEAN
2283 Controls the fwmark of kernel-generated IPv6 reply packets that are not
2296 accept_ra - INTEGER
2315 - enabled if local forwarding is disabled.
2316 - disabled if local forwarding is enabled.
2318 accept_ra_defrtr - BOOLEAN
2323 - enabled if accept_ra is enabled.
2324 - disabled if accept_ra is disabled.
2326 ra_defrtr_metric - UNSIGNED INTEGER
2336 accept_ra_from_local - BOOLEAN
2337 Accept RA with source-address that is found on local machine
2340 Default is to NOT accept these as it may be an un-intended
2345 - enabled if accept_ra_from_local is enabled
2347 - disabled if accept_ra_from_local is disabled
2350 accept_ra_min_hop_limit - INTEGER
2358 accept_ra_min_lft - INTEGER
2366 accept_ra_pinfo - BOOLEAN
2371 - enabled if accept_ra is enabled.
2372 - disabled if accept_ra is disabled.
2374 ra_honor_pio_life - BOOLEAN
2379 - If enabled, the PIO valid lifetime will always be honored.
2380 - If disabled, RFC4862 section 5.5.3e is used to determine
2385 ra_honor_pio_pflag - BOOLEAN
2386 The Prefix Information Option P-flag indicates the network can
2387 allocate a unique IPv6 prefix per client using DHCPv6-PD.
2388 This sysctl can be enabled when a userspace DHCPv6-PD client
2389 is running to cause the P-flag to take effect: i.e. the
2390 P-flag suppresses any effects of the A-flag within the same
2393 - If disabled, the P-flag is ignored.
2394 - If enabled, the P-flag will disable SLAAC autoconfiguration
2399 accept_ra_rt_info_min_plen - INTEGER
2408 * -1 if accept_ra_rtr_pref is disabled.
2410 accept_ra_rt_info_max_plen - INTEGER
2419 * -1 if accept_ra_rtr_pref is disabled.
2421 accept_ra_rtr_pref - BOOLEAN
2426 - enabled if accept_ra is enabled.
2427 - disabled if accept_ra is disabled.
2429 accept_ra_mtu - BOOLEAN
2435 - enabled if accept_ra is enabled.
2436 - disabled if accept_ra is disabled.
2438 accept_redirects - BOOLEAN
2443 - enabled if local forwarding is disabled.
2444 - disabled if local forwarding is enabled.
2446 accept_source_route - INTEGER
2449 - >= 0: Accept only routing header type 2.
2450 - < 0: Do not accept routing header.
2454 autoconf - BOOLEAN
2460 - enabled if accept_ra_pinfo is enabled.
2461 - disabled if accept_ra_pinfo is disabled.
2463 dad_transmits - INTEGER
2468 forwarding - INTEGER
2469 Configure interface-specific Host/Router behaviour.
2478 - 0 Forwarding disabled
2479 - 1 Forwarding enabled
2505 hop_limit - INTEGER
2510 mtu - INTEGER
2515 ip_nonlocal_bind - BOOLEAN
2516 If set, allows processes to bind() to non-local IPv6 addresses,
2517 which can be quite useful - but may break some applications.
2521 router_probe_interval - INTEGER
2527 router_solicitation_delay - INTEGER
2533 router_solicitation_interval - INTEGER
2538 router_solicitations - INTEGER
2544 use_oif_addrs_only - BOOLEAN
2551 use_tempaddr - INTEGER
2554 * <= 0 : disable Privacy Extensions
2563 * -1 (for point-to-point devices and loopback devices)
2565 temp_valid_lft - INTEGER
2567 minimum required lifetime (typically 5-7 seconds), temporary addresses
2572 temp_prefered_lft - INTEGER
2575 5-7 seconds), the preferred lifetime is the minimum required. If
2581 keep_addr_on_down - INTEGER
2591 max_desync_factor - INTEGER
2599 regen_min_advance - INTEGER
2609 regen_max_retry - INTEGER
2615 max_addresses - INTEGER
2623 disable_ipv6 - BOOLEAN
2624 Disable IPv6 operation. If accept_dad is set to 2, this value
2625 will be dynamically set to TRUE if DAD fails for the link-local
2631 it will dynamically create a link-local address on the given
2639 accept_dad - INTEGER
2643 0 Disable DAD
2645 2 Enable DAD, and disable IPv6 operation if MAC-based duplicate
2646 link-local address has been found.
2652 force_tllao - BOOLEAN
2653 Enable sending the target link-layer address option even when
2658 Quoting from RFC 2461, section 4.4, Target link-layer address:
2663 message. When responding to unicast solicitations, the option can be
2664 omitted since the sender of the solicitation has the correct link-
2666 solicitation in the first place. However, including the link-layer
2668 race condition where the sender deletes the cached link-layer address
2671 ndisc_notify - BOOLEAN
2674 * 0 - (default): do nothing
2675 * 1 - Generate unsolicited neighbour advertisements when device is brought
2678 ndisc_tclass - INTEGER
2682 These 8 bits can be interpreted as 6 high order bits holding the DSCP
2686 * 0 - (default)
2688 ndisc_evict_nocarrier - BOOLEAN
2694 - 1 - (default): Clear neighbor discover cache on NOCARRIER events.
2695 - 0 - Do not clear neighbor discovery cache on NOCARRIER events.
2697 mldv1_unsolicited_report_interval - INTEGER
2703 mldv2_unsolicited_report_interval - INTEGER
2709 force_mld_version - INTEGER
2710 * 0 - (default) No enforcement of a MLD version, MLDv1 fallback allowed
2711 * 1 - Enforce to use MLD version 1
2712 * 2 - Enforce to use MLD version 2
2714 suppress_frag_ndisc - INTEGER
2718 * 1 - (default) discard fragmented neighbor discovery packets
2719 * 0 - allow fragmented neighbor discovery packets
2721 optimistic_dad - BOOLEAN
2731 use_optimistic - BOOLEAN
2743 stable_secret - IPv6 address
2745 addresses for link-local addresses and autoconfigured
2747 be stable privacy ones by default. This can be changed via the
2748 addrgenmode ip-link. conf/default/stable_secret is used as the
2749 secret for the namespace, the interface specific ones can
2757 addr_gen_mode - INTEGER
2758 Defines how link-local and autoconf addresses are generated.
2762 1 do no generate a link-local address, use EUI64 for addresses
2769 drop_unicast_in_l2_multicast - BOOLEAN
2770 Drop any unicast IPv6 packets that are received in link-layer
2775 drop_unsolicited_na - BOOLEAN
2782 accept_untracked_na - INTEGER
2786 - 0 - (default) Do not accept unsolicited and untracked neighbor
2789 - 1 - Add a new neighbor cache entry in STALE state for routers on
2791 with target link-layer address option specified if no neighbor entry
2796 This is as per router-side behavior documented in RFC9131.
2800 This will optimize the return path for the initial off-link
2802 ensuring that the first-hop router which turns on this setting doesn't
2803 have to buffer the initial return packets to do neighbor-solicitation.
2809 - 2 - Extend option (1) to add a new neighbor cache entry only if the
2813 enhanced_dad - BOOLEAN
2826 ratelimit - INTEGER
2829 0 to disable any limiting,
2834 ratemask - list of comma separated ranges
2839 list of ranges (e.g. "0-127,129" for ICMPv6 message type 0 to 127 and
2843 Refer to: https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml
2847 Default: 0-1,3-127 (rate limit ICMPv6 errors except Packet Too Big)
2849 echo_ignore_all - BOOLEAN
2850 If set non-zero, then the kernel will ignore all ICMP ECHO
2855 echo_ignore_multicast - BOOLEAN
2856 If set non-zero, then the kernel will ignore all ICMP ECHO
2861 echo_ignore_anycast - BOOLEAN
2862 If set non-zero, then the kernel will ignore all ICMP ECHO
2867 error_anycast_as_unicast - BOOLEAN
2874 xfrm6_gc_thresh - INTEGER
2875 (Obsolete since linux-4.14)
2883 YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
2889 bridge-nf-call-arptables - BOOLEAN
2890 - 1 : pass bridged ARP traffic to arptables' FORWARD chain.
2891 - 0 : disable this.
2895 bridge-nf-call-iptables - BOOLEAN
2896 - 1 : pass bridged IPv4 traffic to iptables' chains.
2897 - 0 : disable this.
2901 bridge-nf-call-ip6tables - BOOLEAN
2902 - 1 : pass bridged IPv6 traffic to ip6tables' chains.
2903 - 0 : disable this.
2907 bridge-nf-filter-vlan-tagged - BOOLEAN
2908 - 1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
2909 - 0 : disable this.
2913 bridge-nf-filter-pppoe-tagged - BOOLEAN
2914 - 1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
2915 - 0 : disable this.
2919 bridge-nf-pass-vlan-input-dev - BOOLEAN
2920 - 1: if bridge-nf-filter-vlan-tagged is enabled, try to find a vlan
2922 vlan. This allows use of e.g. "iptables -i br0.1" and makes the
2923 REDIRECT target work with vlan-on-top-of-bridge interfaces. When no
2927 - 0: disable bridge netfilter vlan interface lookup.
2934 addip_enable - BOOLEAN
2935 Enable or disable extension of Dynamic Address Reconfiguration
2936 (ADD-IP) functionality specified in RFC5061. This extension provides
2942 0: Disable extension.
2946 pf_enable - INTEGER
2947 Enable or disable pf (pf is short for potentially failed) state. A value
2949 both pf_enable and pf_retrans > path_max_retrans can disable pf state.
2950 Since pf_retrans and path_max_retrans can be changed by userspace
2951 application, sometimes user expects to disable pf state by the value of
2955 and disable pf state. See:
2956 https://datatracker.ietf.org/doc/draft-ietf-tsvwg-sctp-failover for
2961 0: Disable pf.
2965 pf_expose - INTEGER
2966 Unset or enable/disable pf (pf is short for potentially failed) state
2967 exposure. Applications can control the exposure of the PF path state
2970 SCTP_ADDR_PF state will be sent and a SCTP_PF-state transport info
2971 can be got via SCTP_GET_PEER_ADDR_INFO sockopt; When it's enabled,
2973 SCTP_PF state and a SCTP_PF-state transport info can be got via
2975 SCTP_PEER_ADDR_CHANGE event will be sent and it returns -EACCES when
2976 trying to get a SCTP_PF-state transport info via SCTP_GET_PEER_ADDR_INFO
2981 1: Disable pf state exposure.
2987 addip_noauth_enable - BOOLEAN
2988 Dynamic Address Reconfiguration (ADD-IP) requires the use of
2993 allowing the ADD-IP extension. For reasons of interoperability,
2998 1 Allow ADD-IP extension to be used without authentication. This
3007 auth_enable - BOOLEAN
3008 Enable or disable Authenticated Chunks extension. This extension
3011 (ADD-IP) extension.
3013 - 1: Enable this extension.
3014 - 0: Disable this extension.
3018 prsctp_enable - BOOLEAN
3019 Enable or disable the Partial Reliability extension (RFC3758) which
3022 - 1: Enable extension
3023 - 0: Disable
3027 max_burst - INTEGER
3028 The limit of the number of new packets that can be initially sent. It
3029 controls how bursty the generated traffic can be.
3033 association_max_retrans - INTEGER
3034 Set the maximum number for retransmissions that an association can
3040 max_init_retransmits - INTEGER
3041 The maximum number of retransmissions of INIT and COOKIE-ECHO chunks
3047 path_max_retrans - INTEGER
3055 pf_retrans - INTEGER
3059 passes the pf_retrans threshold can still be used. Its only
3063 http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
3065 disables this feature. Since both pf_retrans and path_max_retrans can
3067 disable pf state.
3071 ps_retrans - INTEGER
3073 from section-5 "Primary Path Switchover" in rfc7829. The primary path
3079 and its value can't be less than 'pf_retrans' when changing by sysctl.
3083 rto_initial - INTEGER
3090 rto_max - INTEGER
3092 is the largest time interval that can elapse between retransmissions.
3096 rto_min - INTEGER
3098 is the smallest time interval the can elapse between retransmissions.
3102 hb_interval - INTEGER
3109 sack_timeout - INTEGER
3115 valid_cookie_life - INTEGER
3121 cookie_preserve_enable - BOOLEAN
3122 Enable or disable the ability to extend the lifetime of the SCTP cookie
3125 - 1: Enable cookie lifetime extension.
3126 - 0: Disable
3130 cookie_hmac_alg - STRING
3132 a listening sctp socket to a connecting client in the INIT-ACK chunk.
3146 rcvbuf_policy - INTEGER
3157 - 1: rcvbuf space is per association
3158 - 0: rcvbuf space is per socket
3162 sndbuf_policy - INTEGER
3165 - 1: Send buffer is tracked per association
3166 - 0: Send buffer is tracked per socket.
3170 sctp_mem - vector of 3 INTEGERs: min, pressure, max
3183 sctp_rmem - vector of 3 INTEGERs: min, default, max
3193 sctp_wmem - vector of 3 INTEGERs: min, default, max
3197 min: Minimum size of send buffer that can be used by SCTP sockets.
3203 addr_scope_policy - INTEGER
3204 Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
3206 - 0 - Disable IPv4 address scoping
3207 - 1 - Enable IPv4 address scoping
3208 - 2 - Follow draft but allow IPv4 private addresses
3209 - 3 - Follow draft but allow IPv4 link local addresses
3213 udp_port - INTEGER
3215 using the IANA-assigned UDP port number 9899 (sctp-tunneling).
3217 This UDP sock is used for processing the incoming UDP-encapsulated
3223 for the outgoing UDP-encapsulated SCTP packets. For the dest port,
3228 encap_port - INTEGER
3232 outgoing UDP-encapsulated SCTP packets by default. Users can also
3244 plpmtud_probe_interval - INTEGER
3256 reconf_enable - BOOLEAN
3257 Enable or disable extension of Stream Reconfiguration functionality
3262 - 1: Enable extension.
3263 - 0: Disable extension.
3267 intl_enable - BOOLEAN
3268 Enable or disable extension of User Message Interleaving functionality
3270 messages sent on different streams. With this feature enabled, I-DATA
3276 - 1: Enable extension.
3277 - 0: Disable extension.
3281 ecn_enable - BOOLEAN
3289 0: Disable ecn.
3293 l3mdev_accept - BOOLEAN
3306 Please see: Documentation/admin-guide/sysctl/net.rst for descriptions of these entries.
3312 max_dgram_qlen - INTEGER