Documentation/networking/ip-sysctl.rst

Source file repositories/reference/linux-study-clean/Documentation/networking/ip-sysctl.rst

File Facts

System
Linux kernel
Corpus path
Documentation/networking/ip-sysctl.rst
Extension
.rst
Size
126368 bytes
Lines
3826
Domain
Support Tooling And Documentation
Bucket
Documentation
Inferred role
Support Tooling And Documentation: documentation
Status
atlas-only

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

.. SPDX-License-Identifier: GPL-2.0

=========
IP Sysctl
=========

/proc/sys/net/ipv4/* Variables
==============================

ip_forward - BOOLEAN
	Forward Packets between interfaces.

	This variable is special, its change resets all configuration
	parameters to their default state (RFC1122 for hosts, RFC1812
	for routers)

	Possible values:

	- 0 (disabled)
	- 1 (enabled)

	Default: 0 (disabled)

ip_default_ttl - INTEGER
	Default value of TTL field (Time To Live) for outgoing (but not
	forwarded) IP packets. Should be between 1 and 255 inclusive.
	Default: 64 (as recommended by RFC1700)

ip_no_pmtu_disc - INTEGER
	Disable Path MTU Discovery. If enabled in mode 1 and a
	fragmentation-required ICMP is received, the PMTU to this
	destination will be set to the smallest of the old MTU to
	this destination and min_pmtu (see below). You will need
	to raise min_pmtu to the smallest interface MTU on your system
	manually if you want to avoid locally generated fragments.

	In mode 2 incoming Path MTU Discovery messages will be
	discarded. Outgoing frames are handled the same as in mode 1,
	implicitly setting IP_PMTUDISC_DONT on every created socket.

	Mode 3 is a hardened pmtu discover mode. The kernel will only
	accept fragmentation-needed errors if the underlying protocol
	can verify them besides a plain socket lookup. Current
	protocols for which pmtu events will be honored are TCP and
	SCTP as they verify e.g. the sequence number or the
	association. This mode should not be enabled globally but is
	only intended to secure e.g. name servers in namespaces where
	TCP path mtu must still work but path MTU information of other
	protocols should be discarded. If enabled globally this mode
	could break other protocols.

	Possible values: 0-3

	Default: FALSE

min_pmtu - INTEGER
	default 552 - minimum Path MTU. Unless this is changed manually,
	each cached pmtu will never be lower than this setting.

ip_forward_use_pmtu - BOOLEAN
	By default we don't trust protocol path MTUs while forwarding
	because they could be easily forged and can lead to unwanted
	fragmentation by the router.
	You only need to enable this if you have user-space software
	which tries to discover path mtus by itself and depends on the
	kernel honoring this information. This is normally not the
	case.

	Possible values:

Annotation

Implementation Notes