/proc/sys/net/ipv4/tcp_syn_retries
This file indicates the number of times the machine initiates TCP SYN connection timeout retransmissions, which should not be higher than 255; this value is only for outgoing connections, and is controlled by tcp_retries1 for incoming connections.
Default setting: 5
/proc/sys/net/ipv4/tcp_keepalive_probes
This file indicates the maximum number of TCP keepalive detections before discarding the TCP connection.
Keepalives are only sent when the SO_KEEPALIVE socket option is turned on.
Default setting: 9 (times)
/proc/sys/net/ipv4/tcp_keepalive_time
This file represents the number of seconds between when no more data is sent and when a keepalive signal is sent to the connection.
Default setting: 7200 (2 hours)
/proc/sys/net/ipv4/tcp_keepalive_intvl
This file indicates the frequency of sending TCP probes, multiplied by tcp_keepalive_probes to indicate the time to disconnect without a corresponding TCP connection.
Default setting: 75 (seconds)
/proc/sys/net/ipv4/tcp_retries1
This file indicates the number of retransmissions before giving up responding to a TCP connection request.
Default setting: 3
/proc/sys/net/ipv4/tcp_retries2
This file indicates the number of retransmissions before giving up a TCP packet in an established communication state.
Default setting: 15
/proc/sys/net/ipv4/tcp_orphan_retries
How many retries to make before the near end drops the TCP connection. The default value is 7, which is equivalent to 50 seconds –
16 minutes, depending on the RTO. You may need
to such sockets can consume a lot of resources. Also refer to
tcp_max_orphans.
/proc/sys/net/ipv4/tcp_fin_timeout
For the socket connection disconnected by the local end, the time that TCP remains in the FIN-WAIT-2 state. The other party
may disconnect or never end the connection or the process may die unexpectedly. The default value is 60 seconds. It used
to be 180 seconds in the 2.2 kernel. You can set this value, but be aware that if your machine is a heavily
loaded web server, you may risk filling up memory with lots of invalid datagrams,
FIN-WAIT-2 sockets are less dangerous than FIN -WAIT-1 because they only eat up to 1.5K
of memory, but they live longer. Also refer to tcp_max_orphans.
Default setting: 60 (seconds)
/proc/sys/net/ipv4/tcp_max_tw_buckets
The maximum number of timewait sockets processed by the system at the same time. If this number is exceeded, the
time-wait socket will be killed immediately and a warning message will be displayed. The reason for setting this limit is
purely to defend against simple DoS attacks, never artificially lower this limit, but if
network conditions require more than the default value, you can increase it (perhaps with more memory) .
Default setting: 180000
/proc/sys/net/ipv4/tcp_tw_recyle enables
fast TIME-WAIT sockets recycling. Please do not modify this value unless
advised .
Default setting: 0
/proc/sys/net/ipv4/tcp_tw_reuse
This file indicates whether to allow reapplication of sockets in TIME-WAIT state for new TCP connections.
Default setting: 0
/proc/sys/net/ipv4/tcp_max_orphans
The maximum number of TCP sockets the system can handle that does not belong to any process. If this number is exceeded, connections
that do not belong to any process will be reset immediately, and a warning message will be displayed at the same time. The reason to set
this limit is purely to defend against those simple DoS attacks, do not rely on this or artificially
lower this limit.
Default setting: 8192
/proc/sys/net/ipv4/tcp_abort_on_overflow
When the daemon is too busy to accept new connections, it sends a reset message to the other party. The default value is false.
This means that when the cause of the overflow is due to an accidental burst, then the connection will be restored. Turn on this option only if you are sure
that the daemon is really unable to complete the connection request, this option will affect the use of the client.
Default setting: 0
Semi-link queue and full link queue problem;
/proc/sys/net/ipv4/tcp_syncookies
This file indicates whether to open the TCP synchronization label (syncookie), the kernel must open the CONFIG_SYN_COOKIES item to compile. Synchronization tags (syncookies) prevent a socket from overloading when too many connection attempts arrive.
Default setting: 0
/proc/sys/net/ipv4/tcp_stdurg
uses the host request interpretation function in the TCP urg pointer field. Most hosts use the old
BSD interpreter, so if you open it in Linux, you may not be able to communicate with them properly.
Default setting: 0
/proc/sys/net/ipv4/tcp_max_syn_backlog
For those connection requests that have not yet been acknowledged by the client, the maximum number that needs to be stored in the queue. The default value is 1024 for systems with
more than 128Mb of memory, and 128 for systems with less than 128Mb of memory. If the
server is frequently overloaded, try increasing this number. Warning! If you set this value to be greater than
1024, it is better to modify TCP_SYNQ_HSIZE in include/net/tcp.h to keep
TCP_SYNQ_HSIZE*16 0) or bytes-bytes/2^(-tcp_adv_win_scale) (
if tcp_adv_win_scale is 128Mb 32768 -610000), the system will ignore all ICMP ECHO requests sent to
itself or those sent to the broadcast address.
Default setting: 1024
/proc/sys/net/ipv4/tcp_window_scaling
This file indicates whether the sliding window size of the tcp/ip session is variable. The parameter value is a Boolean value, which is variable when it is 1, and immutable when it is 0. The window usually used by tcp/ip can reach up to 65535 bytes. For high-speed networks, this value may be too small. At this time, if this function is enabled, the size of the sliding window of tcp/ip can be increased by several orders of magnitude, thereby improving data transmission. Ability.
Default setting: 1
/proc/sys/net/ipv4/tcp_sack
This file indicates whether Selective Acknowledgment is enabled, which can improve performance by selectively acknowledging packets received out of order (this allows the sender to send only lost segment); (for WAN communication) this option should be enabled, but this will increase the CPU usage.
Default setting: 1
/proc/sys/net/ipv4/tcp_timestamps
This file indicates whether to enable the calculation of RTT in a more precise way than timeout retransmission (see RFC 1323); this option should be enabled for better performance.
Default setting: 1
/proc/sys/net/ipv4/tcp_fack
This file indicates whether to enable FACK congestion avoidance and fast retransmission.
Default setting: 1
/proc/sys/net/ipv4/tcp_dsack
This file indicates whether TCP is allowed to send "two identical" SACKs.
Default setting: 1
/proc/sys/net/ipv4/tcp_ecn
This file indicates whether to enable the direct congestion notification function of TCP.
Default setting: 0
/proc/sys/net/ipv4/tcp_reordering
This file represents the maximum number of reordered datagrams in a TCP stream.
Default setting: 3
/proc/sys/net/ipv4/tcp_retrans_collapse
This file indicates whether to provide compatibility for some buggy printers.
Default setting: 1
/proc/sys/net/ipv4/tcp_wmem
This file contains 3 integer values: min, default, max
Min: The minimum value of memory reserved for the TCP socket for sending buffers. Every TCP socket can use it.
Default: The amount of memory reserved for sending buffers for TCP sockets. By default, this value will affect the default value in net.core.wmem used by other protocols, and is generally lower than the default value in net.core.wmem.
Max: The maximum amount of memory reserved for the TCP socket for sending buffers. This value does not affect net.core.wmem_max, and the parameter SO_SNDBUF is not affected by this value. The default is 128K.
Default setting: 4096 16384 131072
/proc/sys/net/ipv4/tcp_rmem
This file contains 3 integer values, namely: min, default, max
Min: The amount of memory reserved for the TCP socket for receiving buffers, even when the memory is tight for the TCP socket will have at least this amount of memory for receive buffering.
Default: The amount of memory reserved for receiving buffers for TCP sockets. By default, this value affects the default value in net.core.wmem used by other protocols. This value determines the TCP window size of 65535 in the default case of tcp_adv_win_scale, tcp_app_win and tcp_app_win.
Max: The maximum amount of memory reserved for the TCP socket for receive buffering. This value will not affect the value of max in net.core.wmem, and the parameter SO_SNDBUF is not affected by this value.
Default setting: 4096 87380 174760
/proc/sys/net/ipv4/tcp_mem
This file contains 3 integer values, namely: low, pressure, high
Low: When TCP uses the number of memory pages lower than this value, TCP will not consider releasing the memory.
Pressure: When TCP uses more memory pages than this value, TCP tries to stabilize its memory usage, enters pressure mode, and exits pressure state when memory consumption is lower than the low value.
High: The amount of pages that all tcp sockets are allowed to use to queue buffered datagrams.
Typically these values are calculated at system startup based on the amount of system memory.
Default setting: 24576 32768 49152
/proc/sys/net/ipv4/tcp_app_win
This file indicates that the max(window/2^tcp_app_win, mss) number of windows is reserved due to application buffering. When 0, no buffering is required.
Default setting: 31
/proc/sys/net/ipv4/tcp_adv_win_scale
This file represents the calculation buffer overhead bytes/2^tcp_adv_win_scale (if tcp_adv_win_scale >; 0) or bytes-bytes/2^(-tcp_adv_win_scale) (if tcp_adv_win_scale).
Default setting: 2
/proc/sys/net/ipv4/ip_local_port_range
This file represents the local port number opened by the TCP/UDP protocol.
Default setting: 1024 4999
Recommended setting: 32768 61000
/proc/sys/net/ipv4/ip_nonlocal_bind
This file indicates whether a process is allowed to bind to a non-local address.
Default setting: 0
/proc/sys/net/ipv4/ip_dynaddr
This parameter is usually used in the case of using a dial-up connection. It can enable the system to immediately change the source address of the ip packet to the ip address, and at the same time interrupt the original tcp conversation and use the new address to restart. Send a syn request packet to start a new tcp conversation. When using ip spoofing, this parameter can immediately change the spoofed address to a new ip address. This file indicates whether to allow dynamic addresses. If the value is not 0, it means that it is allowed; if the value is greater than 1, the kernel will record dynamic address rewriting information through the log.
Default setting: 0
/proc/sys/net/ipv4/icmp_echo_ignore_all
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
This file indicates whether the kernel ignores all ICMP ECHO requests, or ignores broadcast and multicast requests.
0, respond to the request
1, ignore the request
Default setting: 0
Recommended setting: 1
/proc/sys/net/ipv4/icmp_ratelimit
/proc/sys/net/ipv4/icmp_ratemask
/proc/sys/net/ipv4/icmp_ignore_bogus_error_reponses
Some routers violate the RFC1122 standard by sending bogus responses in response to broadcast frames. Such violations
are usually recorded in the system log as an alert. If this option is set to True, the kernel will not
log such warning messages.
Default setting: 0
/proc/sys/net/ipv4/igmp_max_memberships
This file represents the maximum number of members in a multicast group.
Default setting: 20