TCP/IP parameters
The parameters that control the operation of
TCP/IP are defined in the file /etc/default/inet.
The parameters are grouped according to function:
You should read the description for a parameter
before you change it using
inconfig(ADMN)
as described in
``Using inconfig to change global TCP/IP parameters''.
The default values of the parameters are configured to work
efficiently in most situations.
NOTE:
Never edit the settings for these parameters in the file
/etc/default/inet; always use inconfig to
change them.
Address Resolution Protocol (ARP) parameters
The following parameters control the behavior of the
Address Resolution Protocol (ARP).
arpprintfs-
Controls logging of warnings
from the kernel ARP driver.
These are displayed on the console.
If set to 0 (the default), debugging information is not displayed.
arp_maxretries-
Sets the maximum number of retries for
the address resolution protocol (ARP) before it gives up.
The default value is 5;
the minimum and maximum configurable values are 1 and 128.
arpt_down-
Sets the time to hold onto an incomplete ARP
cache entry if ARP lookup fails.
The default value is 20 seconds;
the minimum and maximum configurable values are 1 and 600 seconds.
arpt_keep-
Sets the time to keep a valid entry in the ARP cache.
The default value is 1200 seconds;
the minimum and maximum configurable values are 1 and 2400 seconds.
arpt_prune-
Sets the interval between scanning the ARP table for
stale entries.
The default value is 300 seconds;
the minimum and maximum configurable values are 1 and 1800 seconds.
The number of ARP units is controlled by
the value of the defined constant ARP_UNITS.
asyh module parameters
The following parameter controls the behavior of the
asynchronous High-Level Data Link Control (HDLC)
module (asyh) used by PPP (see
asyhdlc(ADMP)
for more information).
ahdlcmtu-
Sets the maximum transmission unit (MTU)
for an asynchronous PPP link.
This is normally set on a per-system basis in the
/etc/ppphosts file -- if not defined there,
this value is used.
The default value of ahdlcmtu is 296 bytes;
the minimum and maximum configurable values are 128 and 2048 bytes.
Internet Control Message Protocol (ICMP) parameters
The following parameters control the behavior of
the Internet Control Message Protocol (ICMP).
icmp_answermask-
If set to 1, the system will respond to ICMP
subnet mask request messages.
This variable must be set to 1 to support diskless workstations.
The default value is 0, do not respond,
as specified in RFC 1122.
icmpprintfs-
Controls logging of warnings from
the kernel ICMP driver.
These are displayed on the console.
If set to 0 (the default), debugging information is not displayed.
Internet Group Management Protocol (IGMP) parameters
The following parameter controls the behavior of
the Internet Group Management Protocol (IGMP).
igmpprintfs-
Controls logging of warnings from the kernel IGMP
driver. These are displayed on the console.
If set to 0 (the default), debugging information is not displayed.
Configuring the in-kernel network terminal (IKNT) driver
The number of IKNT driver units is determined by
the number of pseudo-ttys configured on the system.
Use mkdev ptty to tune the number of pseudo-ttys.
Internet Protocol (IP) parameters
The following parameters control the behavior of
the Internet Protocol (IP).
The number of interfaces supported by IP is dynamic
and does not need tuning.
NOTE:
The value of the parameters in_fullsize,
in_recvspace, and in_sendspace
affect the systemwide interface defaults.
Their values may be overridden on a per-interface basis by
ifconfig(ADMN).
This allows you to mix fast and slow network
hardware on the same system with optimal performance
parameters defined for each interface.
in_fullsize-
Controls the systemwide default TCP behavior for attempting to
negotiate the use of full-sized segments. If set to 1 (the
default), TCP attempts to use a segment size equal to the
interface MTU minus the size of the TCP/IP
headers. If set to 0, TCP rounds the segment size down
to the nearest power of 2.
in_loglimit-
Controls how many bytes of the error packet to display when
debugging. Note that the appropriate xxxprintfs
parameter (such as tcpprintfs)
must be set to a non-zero value to enable logging.
The default value is 64. The minimum and maximum
configurable values are 1 and 255.
in_recvspace-
Sets the systemwide default size of the TCP/IP receive
window in bytes.
The default value is 4096 bytes.
The minimum and maximum configurable values are
2048 and 65535 bytes.
in_sendspace-
Sets the systemwide default size of the TCP/IP send window
in bytes.
This should be at least as large as the loopback MTU.
The default value is 8192 bytes.
The minimum and maximum configurable values are 2048 and 65535 bytes.
ip_checkbroadaddr-
Controls whether IP validates broadcast addresses.
If set to 1 (the default as specified in RFC 1122),
IP discards non-broadcast packets sent to a link-level broadcast
address. In the unlikely event that a data-link driver does not
support this, packets may be discarded erroneously.
If the netstat -sp ip command shows that many
packets cannot be forwarded, set this parameter to 0
to turn off checking.
ip_dirbroadcast-
If set to 1 (the default),
allows receipt of broadcast packets only if they match one of the
broadcast addresses configured for the interface upon which the
packet was received.
If set to 0, allows receipt of broadcast packets that
match any configured broadcast address.
ip_perform_pmtu-
IP performs Path MTU (PMTU)
discovery as specified in RFC 1191
if set to 1 (the default). This causes IP to
send packets with the ``do not fragment'' bit set so that
routers will generate ``Fragmentation Required'' messages.
If this causes interoperability problems, a value of 0
disables PMTU.
If you disable PMTU,
you should also set
tcp_offer_big_mss (described in
``Transmission Control Protocol (TCP) parameters'')
to 0.
ip_pmtu_decrease_age-
Controls how many seconds IP will wait (while performing
PMTU) after decreasing an MTU estimate before
it starts raising it.
The default value is 600 seconds.
The maximum configurable value is 32667.
If set to
0xffffffff, the estimate is never raised;
this is useful if there is only one path out of your local
network and its MTU is known to be constant.
ip_pmtu_increase_age-
Sets the number of seconds between increasing the MTU
estimate for a destination once it starts to increase.
The default value is 120 seconds. The minimum and maximum
configurable values are 0 and 600 seconds.
ip_settos-
If set to 1 (the default), IP
sets type-of service TOS information
(as specified in RFS 1122) in packets that it
sends down to the data-link layer.
Set this to 0 if your network card link-level driver cannot handle this.
ip_subnetsarelocal-
The default value of 1 specifies that other subnets of the network
are to be considered as local -- that is,
TCP assumes them to be connected via high-MSS paths
and adjusts its idea of the MSS to be negotiated.
Otherwise, TCP uses the default MSS specified by
tcp_mssdflt (described in
``Transmission Control Protocol (TCP) parameters'')
-- this is typically 512 bytes in
accordance with RFC 793 and 1122.
By default, the parameter
tcp_offer_big_mss
is non-zero so that Path MTU discovery will provide the maximum
benefit. If the value of tcp_offer_big_mss is zero,
the value of ip_subnetsarelocal is not checked.
This allows for good local performance even when PMTU
discovery is not used.
The message ``ICMP Host Unreachable'' is
generated for local subnet routing failures.
When this value is set to 0, the packet size is set to 576 bytes, as
specified in RFC 1122.
The default value of 1 enables this feature; if set to 0, it
is disabled.
ip_ttl-
Sets the time to live (TTL) of an IP
packet as a number of hops. This value is used by all kernel
drivers that need it (including TCP).
The default value is 64 as recommended by RFC 1340.
The minimum and maximum configurable values are 1 and 255.
ipforwarding-
ipsendredirects-
If you want to use your machine as a gateway,
set both these parameters to 1.
ipforwarding controls whether the system will forward
packets sent to it which are destined for another system (that
is, act as a router). The default value is 0 (off) as
defined by RFC 1122. A system acting as a host will
still forward source-routed datagrams unless
ipnonlocalsrcroute
is set to 0.
ipsendredirects controls whether IP will
redirect hosts when forwarding a packet out of the same interface
on which it was received. This should be set to 1 if
ipforwarding is set to 1.
The Network Configuration Manager
configures these values when additional drivers are added.
This feature usually makes it unnecessary to change
ipforwarding and ipsendredirects
with inconfig.
ipnonlocalsrcroute-
Controls whether source-routed datagrams will be forwarded if
they are not destined for the local system.
On hosts, the default value is 0 (off).
If your machine is acting as a router
(ipforwarding is set to 1),
the Network Configuration Manager
sets its value to 1.
Set its value back to 0 if you are concerned that this may
open a security hole.
ipprintfs-
Controls logging of warnings from the kernel IP
driver. These are displayed on the console.
If set to 0 (the default), debugging information is not displayed.
mbcl driver parameters
The following parameter controls the behavior of
the message block to clist conversion driver
(mbcl) used by PPP (see
mbcl(ADMP)
for more information).
mbclprintfs-
Controls logging of warnings from the kernel MBCL
driver which converts STREAMS messages
(mblock) to character lists (clist).
The warnings are displayed on the console.
If set to 0 (the default), debugging information is not displayed.
NetBIOS parameters
The following parameters control the behavior of
NetBIOS.
nb_sendkeepalives-
Turns NetBIOS level keepalives on or off.
When turned on, NetBIOS keepalives are sent periodically on
dormant NetBIOS connections.
NetBIOS keepalives are independent of TCP/IP keepalives, and are useful for
systems that do not use TCP/IP keepalives.
This parameter is set to 0 (turned off) by default. Set it to 1
to enable NetBIOS keepalives.
nbprintfs-
Controls logging of warnings from the kernel NetBIOS
driver as specified in RFC 1001/2.
The warnings are displayed on the console.
If set to 0 (the default), debugging information is not displayed.
Transmission Control Protocol (TCP) parameters
The following parameters control the behavior of the
Transmission Control Protocol (TCP).
You can increase the number of TCP units beyond
the default number (256) using the Network Configuration Manager
for the appropriate sco_tcp chain.
tcp_delay_acks-
Selects TCP delayed acknowledgements (ACKs)
if set to 1 (default),
and selects immediate ACKs if set to 0.
If delayed ACKs are set, TCP does not send an
ACK immediately on receiving data.
TCP normally delays sending an
ACK to improve the chance that it can bundle it
with transmitted data.
tcp_initial_timeout-
Sets the TCP/IP retransmit time for an initial
SYN segment.
The default value is 180 seconds as defined by RFC 1122.
The minimum and maximum configurable values are 1 and 7200 seconds.
tcp_keepidle-
Sets the idle time before TCP/IP keepalives are sent
(if enabled). The default value is 7200 seconds.
The minimum and maximum configurable values are 300 and 86400
seconds.
tcp_keepintvl-
Sets the TCP/IP keepalive interval between keepalive
packets once they start being sent.
The default value is 75 seconds.
The minimum and maximum configurable values are 1 and 43200
seconds.
tcp_mss_sw_threshold-
Defines the small window threshold for interface MTUs.
If the MTU of an interface is small enough to force
TCP to use an MSS smaller than this threshold,
then TCP will use the receive window size specified by
tcp_small_recvspace. This is an optimization to avoid
buffering too much data on low-speed links such as SLIP
and PPP.
The default value is 1024 bytes. The minimum and maximum
configurable values are 512 and 4096 bytes.
tcp_mssdflt-
Sets the default TCP segment size to use on interfaces
for which no MSS and Path MTU information is
available.
The default and minimum value is 512 bytes. The maximum
configurable values is 32768. You should keep the value of this
parameter small if possible.
tcp_nkeep-
Sets the number of TCP/IP keepalives that will be sent
before giving up.
The default value is 8. The minimum and maximum
configurable values are 1 and 256.
tcp_offer_big_mss-
In order to get the maximum benefit out of Path MTU
(PMTU) discovery, TCP normally offers an
MSS that is derived from the local interface
MTU (after subtracting the packet header sizes).
This allows the remote system to send the biggest segments that
the network can handle. Set this parameter to 0 for systems that
cannot handle this, or that do not implement PMTU
discovery. This causes TCP to offer a smaller
MTU for non-local connections (see
ip_subnetsarelocal in
``Internet Protocol (IP) parameters'').
The default value of 1 (offer it) allows maximum benefit to be
gained from PMTU discovery; a value of 0 disables this.
tcp_q0limit-
Sets the maximum length of the pending (3-way handshake
incomplete) connection queue for a TCP endpoint.
This protects a server against SYN flood attacks.
When the pending connection
queue is full and a new connection request arrives, the kernel
will randomly drop an outstanding partial connection from the
pending queue and add the new connection to the queue.
Setting tcp_q0limit modifies the system behavior as follows:
-
The backlog parameter to
listen(SSC)
specifies the maximum
number of established (3-way handshake complete) connections
that the kernel will queue for a given socket while
accept(SSC)
is processing them. In previous releases,
backlog specified the maximum length of both the pending and
established queues for a socket.
-
If a pending connection is dropped, the connection is
terminated (by sending RST) and the client will receive an
appropriate error (usually ECONNRESET).
-
At least 800 bytes of memory are allocated to each partial
connection. This implies that each listening port could
potentially use tcp_q0limit * 800 bytes.
The default value of 0 provides the same behavior as in
previous releases. The minimum and maximum configurable values
are 1 and 65535 pending partial connections per listening port.
If you set tcp_q0limit to a non-zero value,
it should be greater than 1. The value must be high enough to cope
with peak demand by incoming connection requests. You should
also set the value even higher if most of the physical links
are low speed and/or high latency.
tcp_qlimit_scale-
If set to 1, increase the
listen(SSC)
backlog limit for incoming
connections by 50%. If set to 0 (the default), the backlog
limit is not scaled.
tcp_secret-
tcp_seqbits-
To protect against IP address spoofing attacks, a random
element is introduced into how TCP chooses the initial send
sequence number and its increment.
tcp_secret seeds the random number sequence. Its value
can be set to any integer from 0 through 2147483647.
tcp_seqbits selects the number of bits
of tcp_secret that are used to seed
the sequence number increment value.
The default value of tcp_seqbits is 21; its minimum and maximum
values are 16 and 26. The default value represents a compromise between
security and the uniqueness of the sequence number.
If the value of tcp_seqbits is small, this increases the
possibility that an attacker can guess the random number.
A large value for tcp_seqbits decreases the time
before a given sequence number occurs again.
In an IP address spoofing attack,
the attacking machine (alpha) pretends to be an
authentic machine (beta) by setting beta's
IP address as the source IP address
in the header of IP packets that it
transmits. In this way, alpha can initiate
a TCP connection with a third machine (gamma),
posing as beta. gamma then replies to
beta but not to alpha. To send the correct
acknowledgement to gamma, alpha must
either examine directly (``sniff'') or
correctly guess the value of the initial
send sequence number that gamma placed in
its reply's TCP header.
If it guesses correctly, alpha continues
the attack by sending more messages to compromise
gamma's security.
tcp_small_recvspace-
Sets the receive window size to use on interfaces that require
small windows (see also
tcp_mss_sw_threshold).
MTU is less than tcp_mss_sw_threshold.
The default value is 4096 bytes. The minimum and maximum
configurable values are 1024 and 16384 bytes.
tcp_urgbehavior-
Controls how TCP interprets the urgent pointer.
If set to 0, it interprets it in RFC 1122 mode;
if set to 1 (the default), it interprets it in BSD mode.
tcpalldebug-
If non-zero, captures trace information for all connections.
The default value is 0 which causes TCP to trace
only those connections that set the SO_DEBUG option.
This information can be retrieved using the
trpt(ADMN)
command, or displayed on the console if tcpconsdebug is set.
tcpconsdebug-
Directs TCP/IP connection trace output to the console if
set to 1 (see also tcpalldebug).
The default value is 0.
tcpprintfs-
Controls logging of warnings from the kernel TCP
driver. These are displayed on the console.
If set to 0 (the default), debugging information is not displayed.
User Datagram Protocol (UDP) parameters
The following parameter controls the behavior of the
User Datagram Protocol (UDP).
udpprintfs-
Controls logging of warnings from the kernel UDP
driver. These are displayed on the console.
If set to 0 (the default), debugging information is not displayed.
Previous topic:
Using inconfig to change global TCP/IP parameters
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003