FreeBSD Bugzilla – Attachment 222432 Details for
Bug 243532
kern.ipc.maxsockets wrong init value
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
sysctl.conf
sysctl.conf (text/plain), 14.34 KB, created by
Ivan Rozhuk
on 2021-02-14 13:08:44 UTC
(
hide
)
Description:
sysctl.conf
Filename:
MIME Type:
Creator:
Ivan Rozhuk
Created:
2021-02-14 13:08:44 UTC
Size:
14.34 KB
patch
obsolete
>### Rozhuk Ivan 2009.06 - 2021 >### sysctl.conf >### 12.x ># $FreeBSD: stable/12/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $ > > >#kern.securelevel=2 # Current secure level > > ># Debug kernel >debug.minidump=1 # Enable mini crash dumps >kern.sync_on_panic=0 # Do a sync before rebooting from a panic / 0 - required for coredump write >kern.panic_reboot_wait_time=16 # Seconds to wait before rebooting after a panic >kern.kerneldump_gzlevel=3 # Kernel crash dump compression level > ># Debug userspace >kern.logsigexit=1 # Log processes quitting on abnormal signals to syslog(3). >kern.forcesigexit=1 # Force trap signal to be handled. >kern.lognosys=1 # Log invalid syscalls >kern.sugid_coredump=1 # Allow setuid and setgid processes to dump core >kern.capmode_coredump=1 # Allow processes in capability mode to dump core. >kern.coredump=1 # Enable/Disable coredumps. >kern.nodump_coredump=1 # Enable setting the NODUMP flag on coredump files. >kern.coredump_devctl=1 # Generate a devctl notification when processes coredump. >kern.corefile=/tmp/%N.%I.core # Process corefile name format string >kern.compress_user_cores=1 # Compression of user corefiles >kern.compress_user_cores_level=3 # Corefile compression level >debug.ncores=16 # Limiting the number of corefiles generated by a particular process > > > ># SECURITY >security.bsd.map_at_zero=0 # Permit processes to map an object at virtual address 0. >security.bsd.suser_enabled=1 # processes with uid 0 have privilege >security.bsd.unprivileged_mlock=0 # Allow non-root users to call mlock(2) >security.bsd.see_other_uids=1 # prevent users from seeing processes that are being run under another UID. >security.bsd.see_other_gids=1 # disable is break some scripts, like rc.d scripts. >security.bsd.conservative_signals=0 # disable some signals for setuid/setgid processes >security.bsd.unprivileged_proc_debug=0 # disable debug for unprivileged users >security.bsd.unprivileged_idprio=0 # Allow non-root users to set an idle priority >security.bsd.unprivileged_read_msgbuf=0 # Unprivileged processes may read the kernel message buffer >security.bsd.hardlink_check_uid=1 # Unprivileged processes cannot create hard links to files owned by other users >security.bsd.hardlink_check_gid=1 # Unprivileged processes cannot create hard links to files owned by other groups >security.bsd.unprivileged_get_quota=0 # Unprivileged processes may retrieve quotas for other uids and gids >security.bsd.stack_guard_page=1 # Insert stack guard page ahead of the growable segments. > >kern.randompid=1 # Random PID modulus >vfs.usermount=0 # disable mount for unprivileged users > >kern.elf64.nxstack=1 # enable non-executable stack > >net.inet.tcp.log_in_vain=0 # Log all incoming TCP segments to closed ports >net.inet.udp.log_in_vain=0 # Log all incoming UDP packets > >net.link.bridge.inherit_mac=1 # Inherit MAC address from the first bridge member >net.link.ether.inet.log_arp_permanent_modify=1 # log arp replies from MACs different than the one in the permanent arp entry >net.link.ether.inet.log_arp_movements=1 # log arp replies from MACs different than the one in the cache >net.link.ether.inet.log_arp_wrong_iface=1 # log arp packets arriving on the wrong interface >net.link.log_link_state_change=1 # log interface link state change events >net.link.tap.up_on_open=1 # Bring interface up when /dev/tap is opened >net.inet.ip.sourceroute=0 # Enable forwarding source routed IP packets >net.inet.ip.accept_sourceroute=0 # Enable accepting source routed IP packets >net.inet.ip.random_id=1 # random IP packet identifier >net.inet.ip.redirect=0 # generate ICMP REDIRECT >net.inet6.ip6.redirect=0 # generate ICMP6 REDIRECT >net.inet6.ip6.auto_linklocal=0 # do not generate a link-local automatically: nd6 options=<AUTO_LINKLOCAL> >net.inet6.ip6.use_tempaddr=0 # Privacy extension >net.inet6.ip6.temppltime=86400 # >net.inet6.ip6.tempvltime=604800 # >net.inet6.icmp6.nd6_debug=1 # >net.inet.icmp.log_redirect=0 # log ICMP REDIRECT packets >net.inet.icmp.drop_redirect=1 # drop ICMP REDIRECT packets >net.inet.icmp.maskrepl=0 # Reply to ICMP Address Mask Request packets >net.inet.icmp.maskfake=1 # Fake reply to ICMP Address Mask Request packets. >net.inet.icmp.bmcastecho=0 # disable broadcast ping reply >net.inet.icmp.icmplim=100 # rate limit per sec for dst unrch/tcp-rst messages >net.inet.tcp.drop_synfin=1 # Drop TCP packets with SYN+FIN set >net.inet.tcp.blackhole=2 # Do not send RST on segments to closed ports >net.inet.udp.blackhole=1 # Do not send port unreachables for refused connects > > > ># BASE KERNEL >kern.random.harvest.mask=65535 # UMA,FS_ATIME,SWI,INTERRUPT,NET_NG,NET_ETHER,NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED >kern.random.fortuna.minpoolsize=64 # Restore strong entropy value. >kern.vt.kbd_panic=0 # Enable request to panic. See kbdmap(5) to configure. >kern.vt.kbd_debug=0 # Enable key combination to enter debugger. See kbdmap(5) to configure (typically Ctrl-Alt-Esc). >kern.vt.kbd_reboot=0 # Enable reboot keyboard combination. See kbdmap(5) to configure (typically Ctrl-Alt-Delete). >kern.vt.kbd_poweroff=0 # Enable Power Off keyboard combination. See kbdmap(5) to configure. >kern.vt.kbd_halt=0 # Enable halt keyboard combination. See kbdmap(5) to configure. >kern.vt.suspendswitch=0 # Switch to VT0 before suspend >kern.vt.deadtimer=15 # Time to wait busy process in VT_PROCESS mode >kern.vt.debug=0 # vt(9) debug level >kern.vt.enable_bell=0 # Enable bell >kern.vt.enable_altgr=1 # Enable AltGr key (Do not assume R.Alt as Alt) ># Signal queue: POSIX real time signal >kern.sigqueue.max_pending_per_proc=1024 # Max pending signals per proc. > > ># BASE VM >vm.overcommit=0 # Configure virtual memory overcommit behavior. See tuning(7) for details. >vm.pageout_update_period=20 # Maximum active LRU update period (seconds) >vm.lowmem_period=2 # Low memory callback period (seconds) >vm.swap_enabled=0 # Enable entire process swapout >vm.swap_idle_enabled=1 # >vm.swap_idle_threshold1=4 # Guaranteed swapped in time for a process >vm.swap_idle_threshold2=16 # Time before a process will be swapped out >vm.disable_swapspace_pageouts=0 # Disallow swapout of dirty pages > > ># BASE NET TUNINGS (for any resourses) >net.isr.dispatch=deferred # direct / hybrid / deffered // Interrupt handling via multiple CPU, but with context switch. >#net.isr.bindthreads=1 # Bind netisr threads to CPUs >net.route.netisr_maxqlen=65536 # maximum routing socket dispatch queue length >net.inet.ip.intr_queue_maxlen=65536 # Maximum size of the IP input queue. Should be increased until net.inet.ip.intr_queue_drops is zero > >#net.link.ether.inet.proxyall=1 # Enable proxy ARP for all suitable requests >net.link.ether.inet.max_age=120 # ARP entry lifetime in seconds, def 1200 >#net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces IPv4: gateway_enable="YES" >#net.inet6.ip6.forwarding=1 # enable routing IPv6: ipv6_gateway_enable="YES" >net.inet.ip.portrange.randomized=1 # Disable randomizing of ports to avoid false RST >net.inet.ip.portrange.first=1024 # Increase portrange >net.inet.ip.portrange.last=65535 # For outgoing connections only. Good for seed-boxes and ftp servers. >net.inet.ip.ttl=128 # Maximum TTL on IP packets. Default is 64 >net.inet.tcp.rfc1323=1 # Enable rfc1323 (high performance TCP) extensions. This should be enabled if you going to use big spaces (>64k) >net.inet.tcp.rfc3042=1 # Enable RFC 3042 (Limited Transmit) >net.inet.tcp.rfc3390=1 # Enable RFC 3390 (Increasing TCP's Initial Congestion Window) >net.inet.tcp.rfc3465=1 # Enable RFC 3465 (Appropriate Byte Counting) >net.inet.tcp.rfc6675_pipe=1 # Use calculated pipe/in-flight bytes per RFC 6675 >net.inet.tcp.mssdflt=65500 # Default TCP Maximum Segment Size >net.inet.tcp.v6mssdflt=65500 # Default TCP Maximum Segment Size for IPv6 >net.inet.tcp.minmss=512 # Minimum TCP Maximum Segment Size >net.inet.tcp.msl=15000 # Maximum segment lifetime. ACK waiting time in miliseconds (default: 30000 from RFC) >net.inet.tcp.nolocaltimewait=1 # Do not create compressed TCP TIME_WAIT entries for local connections >net.inet.tcp.fast_finwait2_recycle=1 # FIN_WAIT_2 state fast recycle >net.inet.tcp.always_keepalive=1 # Assume SO_KEEPALIVE on all TCP connections >net.inet.tcp.keepidle=60000 # Time before tcp keepalive probe is sent default is 2 hours (7200000) >net.inet.tcp.ecn.enable=0 # (8.0+) Explicit Congestion Notification (see http://en.wikipedia.org/wiki/Explicit_Congestion_Notification) >net.inet.tcp.cc.abe=1 # Enable draft-ietf-tcpm-alternativebackoff-ecn (TCP Alternative Backoff with ECN) >net.inet.tcp.syncookies=1 # Use TCP SYN cookies if the syncache overflows >net.inet.tcp.syncookies_only=0 # Use only TCP SYN cookies >net.inet.tcp.sack.enable=1 # Enable/Disable TCP SACK support >net.inet.tcp.sack.maxholes=1024 # Maximum number of TCP SACK holes allowed per connection >net.inet.tcp.sack.globalmaxholes=65536 # Global maximum number of TCP SACK holes >net.inet.tcp.delayed_ack=1 # Delay ACK to try and piggyback it onto a data packet. Turn this off on highspeed, lossless connections (LAN 1Gbit+) >net.inet.tcp.delacktime=10 # Time before a delayed ACK is sent >net.inet.tcp.syncache.rexmtlimit=7 # Limit on SYN/ACK retransmissions >net.inet.tcp.per_cpu_timers=1 # run tcp timers on all cpus >#net.inet.tcp.functions_default=rack # Use TCP stack: freebsd / rack >net.inet.tcp.cc.algorithm=htcp # TCP cognestion algoritm >net.inet.tcp.cc.htcp.rtt_scaling=1 # enable H-TCP RTT scaling >net.inet.tcp.cc.htcp.adaptive_backoff=1 # enable H-TCP adaptive backoff >net.inet.tcp.tso=0 # Enable TCP Segmentation Offload >net.inet.tcp.fastopen.client_enable=1 # Enable/disable TCP Fast Open client functionality >net.inet.tcp.fastopen.server_enable=1 # Enable/disable TCP Fast Open server functionality >net.inet.tcp.fastopen.autokey=120 # Number of seconds between auto-generation of a new key; zero disables >net.inet.tcp.fastopen.acceptany=0 # Accept any non-empty cookie >net.inet.tcp.hpts.skip_swi=1 # Do we have the callout call directly to the hpts? >net.inet.udp.checksum=1 # compute udp checksum >net.inet.udp.maxdgram=65507 # Maximum outgoing UDP datagram size >net.inet.igmp.default_version=2 # Default version of IGMP to run on each interface >net.inet.igmp.legacysupp=1 # Allow v1/v2 reports to suppress v3 group responses > ># ng_socket >net.graph.maxdgram=262144 # Maximum outgoing Netgraph datagram size / really max datagram size >net.graph.recvspace=262144 # Maximum space for incoming Netgraph datagrams / > > > > ># RESOURCE TUNINGS > ># Every socket is a file, so increase them >#kern.maxproc=2048 # Maximum number of processes >kern.maxfiles=262144 # Maximum files >kern.maxfilesperproc=262144 # Maximum files allowed open per process >kern.maxvnodes=262144 # Maximum number of vnodes >kern.ipc.maxsockbuf=33554432 # Do not use lager sockbufs on 8.0+ >kern.ipc.maxsockets=262144 # Maximum number of sockets avaliable >kern.ipc.nmbjumbop=262144 # Maximum number of mbuf page size jumbo clusters allowed. pagesize(4k/8k) >kern.ipc.nmbclusters=262144 # Maximum number of mbuf clusters allowed // netstat -m >kern.ipc.nmbjumbo9=262144 # Maximum number of mbuf 9k jumbo clusters allowed >kern.ipc.nmbjumbo16=262144 # Maximum number of mbuf 16k jumbo clusters allowed >kern.ipc.soacceptqueue=4096 # (somaxconn) Maximum listen socket pending connection accept queue size > > ># NET TUNINGS >net.inet.tcp.sendspace=2097152 # Initial send socket buffer size >net.inet.tcp.sendbuf_auto=0 # Enable automatic send buffer sizing >net.inet.tcp.sendbuf_inc=65536 # Incrementor step size of automatic send buffer >net.inet.tcp.sendbuf_max=4194304 # Max size of automatic send buffer >net.inet.tcp.recvspace=2097152 # Initial receive socket buffer size >net.inet.tcp.recvbuf_auto=0 # Enable automatic receive buffer sizing >net.inet.tcp.recvbuf_inc=65536 # Incrementor step size of automatic receive buffer >net.inet.tcp.recvbuf_max=4194304 # Max size of automatic receive buffer >net.inet.tcp.maxtcptw=40960 # Maximum number of compressed TCP TIME_WAIT entries >net.inet.udp.recvspace=4194304 # Maximum space for incoming UDP datagrams >net.inet.raw.maxdgram=4194304 # Maximum outgoing raw IP datagram size >net.inet.raw.recvspace=4194304 # Maximum space for incoming raw IP datagrams >net.local.stream.recvspace=8388608 # Default stream receive space. >net.local.stream.sendspace=8388608 # Default stream send space. >net.local.dgram.recvspace=8388608 # Default datagram receive space. >net.local.dgram.maxdgram=8388608 # Default datagram send space. >net.local.seqpacket.recvspace=8388608 # Default seqpacket receive space. >net.local.seqpacket.maxseqpacket=8388608 # Default seqpacket send space. >net.raw.recvspace=4194304 # Default raw socket receive space >net.raw.sendspace=4194304 # Default raw socket send space > > ># FILE SYSTEM >vfs.ufs.dirhash_docheck=0 # enable extra sanity tests >vfs.ufs.dirhash_minsize=8388608 # minimum directory size in bytes for which to use hashed lookup >vfs.ufs.dirhash_maxmem=67108864 # Should be increased when you have A LOT of files on server (Increase until vfs.ufs.dirhash_mem becames lower) >vfs.read_max=32 # Cluster read-ahead max block count >vfs.write_behind=1 # Cluster write-behind; 0: disable, 1: enable, 2: backed off >vfs.buf_pager_relbuf=1 # Make buffer pager release buffers after reading >vfs.vmiodirenable=1 # Use the VM system for directory writes >vfs.hirunningspace=67108864 # Maximum amount of space to use for in-progress I/O >vfs.nfsd.enable_stringtouid=1 # Enable nfsd to accept numeric owner_names > > ># AIO: Async IO management >vfs.aio.target_aio_procs=4 # Preferred number of ready kernel threads for async IO >vfs.aio.max_aio_procs=4 # Maximum number of kernel threads to use for handling async IO >vfs.aio.aiod_lifetime=30000 # Maximum lifetime for idle aiod >vfs.aio.max_aio_queue=65536 # Maximum number of aio requests to queue, globally >vfs.aio.max_aio_queue_per_proc=65536 # Maximum queued aio requests per process (stored in the process) >vfs.aio.max_aio_per_proc=8192 # Maximum active aio requests per process (stored in the process) >vfs.aio.max_buf_aio=8192 # Maximum buf aio requests per process (stored in the process) > > ># POWER SAVING: https://wiki.freebsd.org/TuningPowerConsumption >hw.pci.do_power_nodriver=3 # off power on devices without driver >hw.pci.do_power_resume=3 # Transition from D3 -> D0 on resume > ># Do this to keep suspend from hanging the system at resume. >hw.usb.no_suspend_wait=1 # No USB device waiting at system suspend. >hw.pci.do_power_suspend=0 # Transition from D0 -> D3 on suspend. > > ># HARDWARE TUNINGS >hw.intr_storm_threshold=32000 # Number of consecutive interrupts before storm protection is enabled >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=222432">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 243532
: 222432