/proc/sys/net/ipv4/* ѿ

ip_forward - 
        0 - ̵ ()
        0 ʳ - ͭ

        ѥåȤ򥤥󥿡ե֤ǥե () ޤ

        ѿ̤ʤΤǡѹϤ٤Ƥͤξ֤
        ᤷޤ (ۥ RFC1122롼 RFC1812 ˽äơʲ
        ҤˤͤϤˤ 0 ʤۥȡ0 ʳʤ롼
        ͤȤʤޤ)

ip_default_ttl - 
         64

ip_no_pmtu_disc - 
        Path MTU Discovery ̵ˤޤ
         FALSE

IP ե饰ơ (ʬ)

ipfrag_high_thresh - 
        IP ե饰Ȥκƹ˻Ȥκ͡ŪѤ
	꤬ ipfrag_high_thresh ХȳƤ줿硢ե饰
	ȥϥɥ ipfrag_low_thresh ãޤǡѥåȤꤲ
	ߤޤ

ipfrag_low_thresh - 
        ipfrag_high_thresh 򻲾ȤƤ

ipfrag_time - 
         IP ե饰Ȥݻÿ

INET peer storage (ε)

inet_peer_threshold - 
        Τ褽礭ΤͤۤȡȥϤ
        ѶŪ˴褦ˤʤޤΤͤϤޤ
         TTL (time-to-live: ¸) ȥ٥쥯ֳ
        (GC intaerval) ꤷޤȥ꤬ TTL ȥ
        쥯ֳ֤ûʤޤ

inet_peer_minttl - 
        ȥ TTL κǾ͡Ω¦ (reassembling side) ǥե饰
        Ȥ򥫥С˽ʬ TTL ǤʤФʤޤ󡣤 TTL
        κǾͤϡס륵 inet_peer_threshold 꾮硢
        ݾڤޤ
        Jiffies Ƿפޤ

inet_peer_maxttl - 
        ȥ TTL κ͡סΥ٤ʤ (Ĥޤס
	ΥȥοȤƤ⾮) 硢δ֤θ塢̤Ѥ
	ȥϲޤ
        Jiffies Ƿפޤ

inet_peer_gc_mintime - 
        ٥쥯ѥ֤κǾδֳ֡δֳ֤ϥסΥ
        ٤⤤ͭǤ
        Jiffies Ƿפޤ

inet_peer_gc_maxtime - 
        ٥쥯ѥ֤κδֳ֤Ǥδֳ֤ϥס
        Υ٤㤤 (뤤̵) ͭǤ
        Jiffies Ƿפޤ

TCP ѿ

tcp_syn_retries - 
        ǽưŪ TCP ͥߤ뤿˽ SYN 
        255 Ķ٤ǤϤޤ󡣴ͤ 5 ǡ 180 ä
        ޤ

tcp_synack_retries - 
        ưŪ TCP ͥߤ뤿 SYNACK 
        255 Ķ٤ǤϤޤ󡣴ͤ 5 ǡ 180 ä
        ޤ

tcp_keepalive_time - 
        ץ饤ͭTCP ץ饤֥åФ
        ֳ֡
        ͡ 2 ֡

tcp_keepalive_probes - 
        ͥ󤬲줿ȤꤹޤǤΥץ饤֥ץ
        в͡9

tcp_keepalive_interval - 
        ץ֤Фtcp_keepalive_probes 
        tcp_keepalive_interval ξ軻ͤϡץֳϸʤʤ
        ͥλ뤿λ֤Ǥ͡75 áĤޤꡢ
        ͥϺ 11 ʬ˰۾ｪλǤ礦

tcp_retries1 - 
        ȷκǡε路ͥåȥ
        𤹤ɬפޤǾ RFC ͤ 3 ǡ줬ͤǡ
        RTO ˰¸ 3 ä 8 ʬޤ

tcp_retries2 - 
        ¸ TCP ͥλκǤRFC1122 
        ϡ100 ðʾ¤٤ȽҤ٤ƤޤϤȤƤ
        ʿǤͤ 15 ǡRTO ˰¸ 13  30 ʬ
        ޤ

tcp_orphan_retries - 
        ¦饯줿 TCP ͥλκ
        ͤ 7 ǡRTO ˰¸ 50 ä 16 ʬǤޥ
	󤬥֥Фܤʤ顢Τ褦ʥåȤ꥽
	񤹤뤫⤷ʤΤǡͤ㤯뤳Ȥθ٤
	Ǥtcp_max_orphans 򻲾ȤƤ

tcp_fin_timeout - 
        åȤ¦饯줿ΥåȤ
        FIN-WAIT-2 ֤ݻ֡¦
        Ƥʤ۾ｪλʤɤβǽޤͤ 60
        äǤ2.2 ̾Ѥͤ 180  ʤΤǤᤷ
        פ뤫⤷ޤ󤬡ޥ٤㤤֥ФǤ
        ȤƤ⡢ʿΥǥåɥåȤˤ꤬Хե
        뤳ȤФƤƤFIN-WAIT-2 ϥ
        ⡹ 1.5k ʤΤǴ FIN-WAIT-1 㤤
        Ǥξ֤Ĺ³ޤtcp_max_orphans 
        ȤƤ

tcp_max_tw_buckets - 
        ƥˤäƱݻ time-wait åȤκ
        οĶ᤹硢time-wait åȤľ˴졢ٹ
        Ϥޤ¤ñ DoS ɤ¸
        ͰŪ¤㤯ƤϤʤޤ󡣤ͥåȥξ
        ˤͰʾɬפȤϡ¿䤷Ƥ (
        ֤󥤥󥹥ȡ뤵줿䤷)

tcp_tw_recycle - 
        TIME-WAIT åȤ᤯Ѥ뤳Ȥͭˤޤ
         1 ǤŪʥѡȤν/׵ʤѹƤϤʤ
        ޤ

tcp_max_orphans - 
        ƥݻ줿桼եϥɥΤˤ³
        Ƥʤ TCP åȤκοۤȸΩͥ
        ľ˥ꥻåȤ졢ٹ𤬽Ϥޤ¤ñ
         DoS ɤ¸ߤΤǤͤ򤦤Τ
        ˤꡢͰŪ¤㤯ƤϤʤޤ󡣥ͥåȥξ
        ˤͰʾ夬ɬפȤʤä (֤󥤥󥹥ȡ뤵줿
        䤷)ͤ¿䤷Ƥߤޤ礦Ȥϥͥ
        ȥӥĴơΤ褦ʾ֤ĤäƤΤ
        Ū˲ƤƤӶĴƤޤΩƥ
        Ϻ 64k ΥåפǤʤ񤹤ΤǤ

tcp_abort_on_overflow - 
        Ե (listen) ӥοͥμ (accept) 
        ȤƤ٤硢ꥻåȤޤξ֤ FALSE 
        СեСȤˤ굯Сͥϲ
        ȤȤ̣ޤͥä᤯
        褦ԵǡĴǤʤȳοƤ
        ΥץͭˤƤΥץͭˤ
        ȤϡʤΥФΥ饤Ȥ˰ƶͿǽ
        ޤ

tcp_syncookies - 
        ͥ뤬 CONFIG_SYNCOOKIES 򥻥åȤѥ뤵줿
        ̣åȤ syn backlog queue դ줿
        syncookie ФޤϤ褯 'syn flood ' ɻ
        뤿ΤΤǤ
        ͡FALSE

        ޤsyncookies ͽŪʵǽǤ뤳ȤդƤ
        ٤ΥФʿΥͥ򤵤ФΤ뤿
        ˻ѤƤϤʤޤ󡣥 synflood ηٹ𤬵ϿƤ
        ĴƤʥͥ󤬲٤򵯤Ƥ褦˸
        ϡηٹ𤬾äޤ̤Υѥ᡼Ĵ٤Ǥ
        tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow
        򻲾ȤƤ

        ΤȤ syncookie  TCP ץȥ˰ȿTCP ĥλ
        Ѥ륵ӥο㲼Ȥ̤ˤʤǽ
        ꡢ줬ȽΤϤʤǤϤʤ³ߤ륯饤Ȥ졼
        Ǥºݤˤ flood ⤵ƤʤΤ˥ synflood ٹ
        Ͽʤ顢ʤΥФϿʸ꤬ޤ

tcp_stdurg - 
        TCP urg ݥ󥿥եɤHost requirements (rfc1122) ˤ
        äƲᤷޤʬΥۥȤϸŤ BSD βȤΤǡ
        Linux Ǥ򥻥åȤ̿Ǥʤ⤷ޤ
        ͡FALSE 

tcp_max_syn_backlog - 
        Фͥ׵򵭲ǡ׵Ϥޤ
        ³褫ǧ (acknowledgement) äƤʤΤǤ
        ͤϡ128Mb ʾΥޥ 1024ξʤޥ
        128 ǤФ٤˶줷ϡοäƤߤ
        ٹ1024 Ķʤ顢
        TCP_SYNQ_HSIZE*16<=tcp_max_syn_backlog ݤĤˡ
        include/net/tcp.h TCP_SYNQ_HSIZE ѹͥ
        ѥ뤷Ǥ礦

tcp_window_scaling - 
        RFC1323 줿ɥĴͭˤޤ

tcp_timestamps - 
        RFC1323 줿ॹפͭˤޤ

tcp_sack - 
        Ū (SACK) ͭˤޤ

tcp_fack - 
        FACK Բ򤪤®ͭˤޤ
        tcp_sack ͭǤʤСͤϻѤޤ

tcp_dsack - 
        TCP ʣ (duplicate) SACK 뤳Ȥǽˤޤ

tcp_ecn - 
        TCP  Explicit Congestion Notification (Ū) 
        ͭˤޤ

tcp_reordering - 
        TCP ȥ꡼ˤѥåȤκ (դ) κ
        ͡3

tcp_retrans_collapse - 
        [ԤϢƤѹƤޤ]
        ĤΤץȥƥФ Bug-to-bug ߴ
        0:  TCP åΥХн褹뤿ᡢ˾ʥѥ
           ȤΤޤ (collapse ʤ) äƤߤޤ
        1: ˡcollapse 礭ʥѥåȤäƤߤޤ
        ͤ 1 Ǥ

tcp_wmem - Ĥ٥ȥ롧min, default,max
        min: TCP åȸХåեѤͽ󤵤줿̡
         TCP åȤϤλ¤ˤꤽѤ븢
        Ƥޤ
        ͡4K

        default: TCP åȸХåեѤ˵Υ
        եȤ̡ͤ¾ΥץȥǻѤ
        net.core.wmem_default 񤭤̤
        net.core.wmem_default 꾮ͤǤ
        ͡16K

        max: TCP åȸХåեѤ˼ư֤ȤΤǤ
        κ̡ͤ net.core.wmem_max 񤭤
        SO_SNDBUF 𤹤 "static" selection ϤȤޤ
        ͡128K

tcp_rmem - Ĥ٥ȥ롧min, default,max
        min: TCP åȤȤХåեκǾ礭
        ޤƤƤ⡢礭ϳ TCP åȤݾڤޤ
        ͡8K

        default: TCP åȤȤХåեΥǥեȤ礭
        ͤ¾Υץȥ뤬Ȥ net.core.rmem_default 񤭤
        ޤ
        ͡87380 ХȡͤϷ̤Ȥ tcp_adv_win_scale 
        ǥե Window  65535 ˡtcp_app_win  0 ޤϥ
        եȤäȾʤޤѿˤĤƤϲ
        ȤƤ

        max: TCP åȸμХåեѤ˼ư֤ȤΤǤ
        κ̡ͤ net.core.rmem_max 񤭤
        SO_SNDBUF 𤹤 "static" selection ϤȤޤ
        ͡87380*2 Х

tcp_mem - Ĥ٥ȥ롧low, pressure, high
        low: Υڡ̤ǤСTCP ϼʬȤΤΥ
	ʤԤޤ

        pressure: TCP ˤäƳƤ줿̤ΥڡĶ
        硢TCP ϼȤΥޤ٥⡼ɤꡢ
         "low" ˳ˤΥ⡼ɤȴޤ

        high: TCP åȤ塼󥰤Ǥڡ

        ͤϥ֡ȻѲǽʥ̤׻ޤ

tcp_app_win - 
        ץꥱХåեѤͽ󤵤 window κ
        (window/2^tcp_app_win, mss) 0 ̤ǡͽ󤷤ʤ
        ̣ޤ
        ͡31

tcp_adv_win_scale - 
        Хåե˥Хإåɤޤ
        tcp_adv_win_scale  0 Ķ bytes/2^tcp_adv_win_scale
        0 ʲξ bytes-bytes/2^(-tcp_adv_win_scale)
        ͡2

tcp_rfc1337 - 
        åȤʤ顢TCP å RFC1337 ˽äƿ񤤤ޤå
        ǤʤСRFC ˽ޤ TCP TIME_WAIT asassination 
        ޤ
        ͡0

ip_local_port_range - Ĥ
        ݡȤ֤Ȥ TCP  UDP ˤäƻȤ
        ݡȤϰϤޤǽοϥݡȤλϤ
        ܤοϺǸοǤͤϥƥѲǽ
        ̤˰ͤޤ -
          128Mb ʾ 32768-61000
          128Mb ̤ 1024-4999 (⤷ϤäȾʤ)
        οϤΥƥब TCP ĥ (ॹ) 򥵥ݡȤ
        ƤʤƥƱȯԤǤǽưŪʥͥο
        ޤtcp_tw_recycle ͭ (Ĥޤǥե) ǡ1024-4999
        ϰϤϥॹפ򥵥ݡȤ륷ƥ 2000 ޤǥ
        ͥȯԤΤ˽ʬǤ

ip_nonlocal_bind - 
        åȤʤ顢ץǤʤ IP ɥ쥹 bind() 
        ȤĤޤϤȤƤΩޤ - ޤưʤ
        ץꥱ󤬤뤫⤷ޤ
        ͡0

ip_dynaddr - 
        0 ʳʤ顢ưŪ (dynamic) ɥ쥹ΥݡȤͭˤޤ1
        礭ͤʤСưŪɥ쥹ν񤭴ˡ
        åϤǤ礦
        ͡0

icmp_echo_ignore_all - 
icmp_echo_ignore_broadcasts - 
        ɤ餫 true ꤹȡͥƤ ICMP ECHO
        request 򤹤٤̵뤹뤫Τ֥ɥ㥹Ȥȥޥ
        㥹Ȥ̵뤹뤫줾ɤ餫ư򤷤ޤ

icmp_destunreach_rate - 
icmp_paramprob_rate - 
icmp_timeexceed_rate - 
icmp_echoreply_rate -  (ǥեȤͭǤϤʤ)
        Ф ICMP ѥåȤХ졼Ȥκͤ¤
        0 ̵¡ʳ jiffies(1) ˤä졼Ȥˤʤ
        ޤܤϥ򻲾ȤƤ

icmp_ignore_bogus_error_responses - 
        ĤΥ롼ϥ֥ɥ㥹ȥե졼Ф뵶ʪα
        뤳Ȥ RFC 1122 ˰ȿƤޤΤ褦ʰȿ̥
        ͥηٹ (warning) ȤƵϿޤ줬 TRUE ꤵ
        줿硢Τ褦ʷٹФե뤬ߤˤʤ
        ɤȤǤޤ
        ͡FALSE

(1) JiffiesͥΥ˥åȡi386 ʤ 1/100 áAlpha
ʤ 1/1024 äǤƥΤͤΤꤿ硢
/usr/include/asm/param.h  HZ 򻲾ȤƤ

igmp_max_memberships - 
        ͽǤޥ㥹ȥ롼פκѹޤ
        ͡20

conf/all/*:
        Ϥ٤ƤΥ󥿡եȿǤޤ

conf/interface/*
        󥿡ե̤ѹޤ

log_martians - 
        ͭʤɥ쥹äѥåȤ򥫡ͥΥ˵Ͽޤ

accept_redirects - 
        ICMP redirect message ޤ
         TRUE (ۥ)
               FALSE (롼)

forwarding - 
        Υ󥿡ե IP forwarding ͭˤޤ

mc_forwarding - 
        ޥ㥹Ȥ롼ƥ󥰤ޤͥ
        CONFIG_IP_MROUTE ꤷѥ뤵Ƥ뤳Ȥɬפǡ
        ˡޥ㥹ȥ롼ƥ󥰥ǡɬפˤʤޤ

proxy_arp - 
        proxy arp Ԥޤ

shared_media - 
        RFC1620 shared media redirect 򡢥롼ʤꡢۥȤʤ
        ޤip_secure_redirects 񤭤ޤ
         TRUE

secure_redirects - 
        ǥեȥȥꥹȤ˵ܤ줿ȥ
        ICMP redirect message ޤ
         TRUE

send_redirects - 
        롼ʤ redirect ޤ͡TRUE

bootp_relay - 
        ͥåȥΥۥȤǤϤ뤬ΥۥȰƤǤʤ
        ɥ쥹 0.b.c.d äѥåȤޤBOOTP 졼
        ǡ󤬤Τ褦ʥѥåȤޤեɤ뤳Ȥ
        ޤ

         FALSE
        ޤƤޤ

accept_source_route - 
        SRR ץäѥåȤޤ
         TRUE (롼)
               FALSE (ۥ)

rp_filter - 
        1 - RFC1812 ǻꤵ줿 reversed path ˤ륽
            ǧ򤷤ޤ󥰥ۡ [ؤηϩҤȤĤ
            äƤʤ] ۥȤȥ֥ͥåȥ롼˿侩
            줿ץǤ(RIP Τ褦) ٤Τʤץ
            ȥ¹Ԥ⤷ϥƥå롼Ѥ (롼
            ץե꡼Ǥʤ) ʣʥͥåȥξ꤬뤳Ȥ
            ޤ

        0 - ǧ򤷤ޤ

        ͤ 0 Ǥstartip ץȤǡͭˤǥ
        ȥӥ塼⤢ΤդƤ

    ԡAlexey Kuznetsov <kuznet@ms2.inr.ac.ru>
    Andi Kleen <ak@muc.de>
ܸܹ <hng@ps.ksky.ne.jp>
    Ŀ餵 <trueheart@anet.ne.jp>
          ʿ <takavoid@palette.plala.or.jp>
          帶 <mizuhara@acm.org>
          ѱѤ <hotta@net-newbie.com>






/proc/sys/net/ipv6/* ѿ

IPv6  tcp_* Τ褦ʥХѿäƤޤipv4/  tcp_*
 IPv6 ˤƤϤޤޤ [XXX?]

conf/default/*
        󥿡ե˸ͭʴͤѹޤ

conf/all/*:
        ٤ƤΥ󥿡ե˸ͭѹޤ

        [XXX: ̤ʵǽ forwarding ¾ˤ뤫ʡ]

conf/all/forwarding - 
        ٤ƤΥ󥿡ե֤ΥХ IPv6 forwarding ͭ
        ˤޤ

         IPv4  IPv6 ϰۤʤư򤷤ޤ - 㤨ФɤΥ󥿡
        եѥåȤ뤫ɤ줬ʤ椹
         netfilter ѤʤФʤޤ

        ˤϤ٤ƤΥ󥿡եΥեǥ󥰤˷
        ۥȡ롼ꤵ줿ͤˤޤܤϰʲ򻲾Ȥ
        Ƥ

        ϥХեǥ󥰤ȸƤФޤ

conf/interface/*:
        󥿡ե̤ѹޤ

        ǤεǽŪʿ񤤤ϥեǥ󥰤ͭ
        ̵ˤۤʤޤ

accept_ra - 
        Router Advertisement ޤ - autoconfigure Ϥ
        ޤ

        ǽŪʴư - եǥ󥰤̵ʤ顢ͭ
                           եǥ󥰤ͭʤ顢̵

accept_redirects - 
        redirect ޤ

        ǽŪʴư - եǥ󥰤̵ʤ顢ͭ
                           եǥ󥰤ͭʤ顢̵

autoconf - 
        󥯤ΤΥ륢ɥ쥹 L2 ϡɥɥ쥹
        򤷤ޤ
        ͡TRUE

dad_transmits - 
        Duplicate Address Detection (ʣɥ쥹) Υץ֤
        Ф
        ͡1

forwarding - 
        󥿡ե˸ͭʥۥȡ롼ο񤤤ꤷޤ

         - ٤ƤΥ󥿡եƱˤ뤳Ȥ侩
	 - 롼ۥȤ򺮺ߤ륷ʥꥪϤȤǤ

        FALSE:

        ͤǡۥȤο񤤤ꤵޤϼΤȤ̣
        ޤ

        1. IsRouter ե饰 Neighbour Advertisement ꤵޤ
        2. ɬפʤ顢Router Solicitation ޤ
        3. accept_ra  TRUE () ʤ顢 Router Advertisement 
           ޤ ( autoconfiguration Ԥޤ)
        4. accept_redirects  TRUE () ʤ顢Redirect 
           ޤ

        TRUE:

        եǥ󥰤ͭʤ顢롼ο񤤤ꤵ
        Ͼ嵭ȤޤäդΤȤ̣ޤ

        1. IsRouter ե饰 Neighbour Advertisement ꤵޤ
        2. Router Solicitation ޤ
        3. Router Advertisement ̵뤵ޤ
        4. Redirect ̵뤵ޤ

        ͡Хեǥ󥰤̵ʤ () FALSE
                Ǥʤ TRUE

hop_limit - 
        ǥեȤ Hop Limit ꤷޤ
        ͡64

mtu - 
        ǥեȤ Maximum Transfer Unit
        ͡1280 (IPv6 ɬפʺǾ)

router_solicitation_delay - 
        󥿡եưƤ Router Solicitation 
        Ԥÿ
        ͡1

router_solicitation_interval - 
        Router Solicitation ֤Ԥÿ
        ͡4

router_solicitations - 
        롼¸ߤʤꤹޤ Router Solicitation 
        
        ͡3

IPv6Pekka Savola <pekkas@netcore.fi>
ܸܹ <hng@ps.ksky.ne.jp>
    ѱѤ <hotta@net-newbie.com>
