The sysctl command is used to dynamically modify the kernel's operating parameters while the kernel is running. The available kernel parameters are in the directory /proc/sys. It contains some advanced options for the TCP/ip stack and virtual memory system, and more than five hundred system variables can be read and set with sysctl.
sysctl command
用法:
sysctl [options] [variable[=value] …]
Common options:
-n: only print the value when printing, not the parameter name;
-e: ignore the unknown keyword error;
-N: only print the parameter name when printing, not the value;
-w: set the value of the parameter (but it seems It can also be set directly without this option);
-p: load kernel parameter settings from the configuration file "/etc/sysctl.conf";
-a: print all kernel parameter variables;
-A: print all kernel parameter variables in tabular form.
Example
1. Set the maximum socket receive buffer (rmem_max) to 212992 bytes
sudo sysctl -w net.core.rmem_max=2129922. View the maximum socket receive buffer (rmem_max)
sysctl net.core.rmem_maxThe kernel parameters that sysctl can set and view are all in the directory /proc/sys, each file records a parameter, and the sysctl command actually records the relative path of the parameter. Just replace . with / is the file path, such as recording net The file .core.rmem_max is /proc/sys/net/core/rmem_max, so you can also directly view the content of the file to read the value of the parameter
cat /proc/sys/net/core/rmem_maxYou can also do this if you don't know the parameter path:
sysctl -a | grep rmem_maxPlacement sysctl
Edit this file vi /etc/sysctl.conf
If the file is empty, enter the following, otherwise adjust it according to the situation (copied from http://man.linuxde.net/sysctl ):
# Controls source route verification
# Default should work for all interfaces
net.ipv4.conf.default.rp_filter = 1
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.lo.rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 1
# Disables IP source routing
# Default should work for all interfaces
net.ipv4.conf.default.accept_source_route = 0
# net.ipv4.conf.all.accept_source_route = 0
# net.ipv4.conf.lo.accept_source_route = 0
# net.ipv4.conf.eth0.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Increase maximum amount of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864
# Disable ICMP Redirect Acceptance
# Default should work for all interfaces
net.ipv4.conf.default.accept_redirects = 0
# net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.lo.accept_redirects = 0
# net.ipv4.conf.eth0.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
# Default should work for all interfaces
net.ipv4.conf.default.log_martians = 1
# net.ipv4.conf.all.log_martians = 1
# net.ipv4.conf.lo.log_martians = 1
# net.ipv4.conf.eth0.log_martians = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 25
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1200
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Turn on the tcp_sack
net.ipv4.tcp_sack = 1
# tcp_fack should be on because of sack
net.ipv4.tcp_fack = 1
# Turn on the tcp_timestamps
net.ipv4.tcp_timestamps = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000
# Set TCP Re-Ordering value in kernel to ‘5′
net.ipv4.tcp_reordering = 5
# Lower syn retry rates
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3
# Set Max SYN Backlog to ‘2048′
net.ipv4.tcp_max_syn_backlog = 2048
# Various Settings
net.core.netdev_max_backlog = 1024
# Increase the maximum number of skb-heads to be cached
net.core.hot_list_length = 256
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 360000
# This will increase the amount of memory available for socket input/output queues
net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960If you want to block others from pinging your host, add the following code:
# Disable ping requests
net.ipv4.icmp_echo_ignore_all = 1After editing, execute the following command to make the changes take effect immediately:
/sbin/sysctl -p
/sbin/sysctl -w net.ipv4.route.flush=1TCP/IP parameters
All TCP/IP parameters are located in the /proc/sys/net directory (please note that changes to the contents of the /proc/sys/net directory are temporary, and any changes will be lost after a system restart), such as the following Important parameters:
| Parameters (path + file) | describe |
|---|---|
| /proc/sys/net/core/rmem_default | Default TCP data receive window size (bytes). |
| /proc/sys/net/core/rmem_max | Maximum TCP data receive window (bytes). |
| /proc/sys/net/core/wmem_default | Default TCP data sending window size (bytes). |
| /proc/sys/net/core/wmem_max | Maximum TCP data send window (bytes). |
| /proc/sys/net/core/netdev_max_backlog | The maximum number of packets allowed to be sent to the queue when each network interface is receiving packets faster than the kernel can process them. |
| /proc/sys/net/core/somaxconn | Defines the length of the maximum listening queue for each port in the system, which is a global parameter. |
| /proc/sys/net/core/optmem_max | Indicates the maximum buffer size allowed per socket. |
| /proc/sys/net/ipv4/tcp_mem | Determines how the TCP stack should reflect memory usage, each value in units of memory pages (usually 4KB). The first value is the lower limit for memory usage; the second value is the upper limit at which memory pressure mode starts to apply pressure to buffer usage; the third value is the upper limit for memory usage. Packets can be discarded at this level, thereby reducing memory usage. These values can be increased for larger BDPs (note that they are in pages rather than bytes). |
| /proc/sys/net/ipv4/tcp_rmem | Defines the memory used by sockets for automatic tuning. The first value is the minimum number of bytes allocated for the socket receive buffer; the second value is the default value (this value will be overwritten by rmem_default), and the buffer can grow to this value when the system is not under heavy load; The three values are the maximum bytes of receive buffer space (this value will be overwritten by rmem_max). |
| /proc/sys/net/ipv4/tcp_wmem | Defines the memory used by sockets for automatic tuning. The first value is the minimum number of bytes allocated for the socket send buffer; the second value is the default value (this value will be overwritten by wmem_default), the buffer can grow to this value when the system load is not heavy; The three values are the maximum number of bytes of send buffer space (this value will be overwritten by wmem_max). |
| /proc/sys/net/ipv4/tcp_keepalive_time | The interval (in seconds) for TCP to send keepalive detection messages, which is used to confirm whether the TCP connection is valid. |
| /proc/sys/net/ipv4/tcp_keepalive_intvl | The interval (in seconds) for resending a probe message when it does not get a response. |
| /proc/sys/net/ipv4/tcp_keepalive_probes | The maximum number of keepalive probe messages sent before the TCP connection is deemed invalid. |
| /proc/sys/net/ipv4/tcp_sack | Enable selective acknowledgment (1 means enable), which improves performance by selectively acknowledging out-of-order received packets, allowing the sender to send only missing segments, (for WAN traffic) this option should be enabled, But it will increase the CPU usage. |
| / proc / sys / net / ipv4 / tcp_fack | Enable forward acknowledgment, which can perform selective acknowledgment (SACK) to reduce the occurrence of congestion, this option should also be enabled. |
| /proc/sys/net/ipv4/tcp_timestamps | The TCP timestamp (which adds 12 bytes to the TCP header) enables the calculation of the RTT in a more precise way than the transmit timeout (refer to RFC 1323). This option should be enabled for better performance. |
| /proc/sys/net/ipv4/tcp_window_scaling | Enable window scaling defined by RFC 1323. To support TCP windows exceeding 64KB, this value must be enabled (1 means enable). The maximum TCP window is 1GB, and it takes effect when both sides of the TCP connection are enabled. |
| /proc/sys/net/ipv4/tcp_syncookies | Indicates whether to open the TCP synchronization tag |
| /proc/sys/net/ipv4/tcp_tw_reuse | Indicates whether the socket in the TIME-WAIT state (the port of TIME-WAIT) is allowed to be used for new TCP connections. |
| /proc/sys/net/ipv4/tcp_tw_recycle | Ability to recycle TIME-WAIT sockets faster. |
| /proc/sys/net/ipv4/tcp_fin_timeout | The time (in seconds) that TCP remains in the FIN-WAIT-2 state for the socket connection disconnected by the local end. The other party may disconnect or never end the connection or unpredictably process death. |
| /proc/sys/net/ipv4/ip_local_port_range | Indicates the local port number allowed by the TCP/UDP protocol |
| /proc/sys/net/ipv4/tcp_max_syn_backlog | The maximum number of connection requests that can be stored in the queue for connection requests that have not yet been acknowledged by the other party. If the server is frequently overloaded, try increasing this number. |
| /proc/sys/net/ipv4/tcp_low_latency | To allow the TCP/IP stack to adapt to low latency in high throughput situations, this option should be disabled. |
| /proc/sys/net/ipv4/tcp_westwood | Enables a sender-side congestion control algorithm that maintains an estimate of throughput and attempts to optimize overall bandwidth utilization. This option should be enabled for WAN traffic. |
| /proc/sys/net/ipv4/tcp_bic | Enable Binary Increase Congestion for fast long-distance networks to make better use of links operating at GB speeds, this option should be enabled for WAN traffic. |