|
|
楼主 |
发表于 2022-7-16 07:26:40
|
显示全部楼层
sysctl.conf文件配置详解
: y& p! B6 C2 m) `临时生效/ ?( a! p- }) b. W& _" }
#修改后,马上生效,重启或者service network restart失效
3 C# `- m) |' [3 D, k+ Usysctl -w fs.file-max=999999: Q7 J9 S1 I- `& \8 a
9 |6 m7 X: U& \) o永久生效
6 Y( }* {) [) v. t3 `#vim /etc/sysctl.conf& b5 I4 s8 ~ s; O6 w
fs.file-max=999999
3 A' Q6 Q/ e* r- y: F0 X/ _# k# O#保存后,执行sysctl -p 或者重启服务器生效
. f/ \+ I& x4 V6 _, X7 }5 c查看配置* N: ^+ z# K: H( J
sysctl -a #消失全部配置
, r: ~4 |- U% u2 i( `/ u6 X8 Bsysctl fs.file-max #显示fs.file-max的值
9 S0 z- n5 {0 ^5 T! |# sysctl -a | grep file #模糊查找) t* d# [ [0 @$ t: G
参考资料:Linux Tcp参数设置: p( I7 k) M; Q
. @' Q7 n) j- `% R' Bkernel.sched_child_runs_first = 0% d+ `9 R! k" D$ k$ X0 F f6 J
( d& g. R W" G/ C: x, fkernel.sched_min_granularity_ns = 3000000
, X9 D8 \7 Q7 W- k* e3 {/ xkernel.sched_latency_ns = 15000000
6 M1 u) F5 n; i& L6 v3 k+ S1 ckernel.sched_wakeup_granularity_ns = 3000000" r/ [- }4 A: C3 l
kernel.sched_tunable_scaling = 1
; j* S) Q1 U6 ?8 f! X! D' v- G% N5 S j5 Y/ c" R& v+ t
kernel.sched_features = 3183. a, o' ?, Q- Q& B ]' a
kernel.sched_migration_cost = 500000
- m8 P" Z1 l! y4 qkernel.sched_nr_migrate = 32
3 N' S6 h' a d3 h# {kernel.sched_time_avg = 1000
3 z7 ]5 [3 i4 |) Ekernel.sched_shares_window = 10000000: A5 O# w. ^! o5 ~0 S4 t, q
kernel.timer_migration = 1$ M. Q2 ` x, ~6 ~
kernel.sched_rt_period_us = 1000000
$ t+ K4 t0 Q6 w, u1 L& p: Ikernel.sched_rt_runtime_us = 950000
+ ^/ K5 L1 {3 T2 U) w5 b$ ukernel.sched_compat_yield = 0
/ A; G- E, A8 K% p/ ~9 [) n* C* t' vkernel.sched_rr_timeslice_ms = 100/ Q5 a8 Z, E' l" i1 g# S9 v
kernel.sched_autogroup_enabled = 0
% O; ?8 {& c; O) P! F/ Fkernel.sched_cfs_bandwidth_slice_us = 5000
* G: Y' x9 Q8 o m8 |kernel.panic = 0
/ [* w( J i- F9 p6 \8 K. v) P0 tkernel.exec-shield = 1) E6 T0 w) G: p$ x1 w
kernel.core_uses_pid = 1! D6 J, a: N! h' j( J5 T
kernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e
5 v( j/ x1 W" h2 ?. K0 Z. _# Mkernel.core_pipe_limit = 4
' l$ `5 p) z3 |kernel.tainted = 0% f, a2 k( V' B* Q2 U% H, _
kernel.real-root-dev = 0
, g4 i6 R6 D/ H$ [ T9 i5 b% Jkernel.print-fatal-signals = 0/ G3 n( m2 C, f3 \5 N- {
kernel.ctrl-alt-del = 0
" _' n# I. J3 F+ S* E: O0 Dkernel.ftrace_enabled = 1
, c7 v( |4 J9 Akernel.stack_tracer_enabled = 0# D# ]& W1 a$ {8 W' }$ B! y: ^
kernel.ftrace_dump_on_oops = 0! [9 {5 q' n9 X1 e
kernel.modprobe = /sbin/modprobe
( E* g: p: r; }. ^: e) \kernel.modules_disabled = 0
" \3 s3 e4 b; j5 M: d; t; a# Z/ M4 _3 Gkernel.kexec_load_disabled = 0
( O1 U5 S, ]$ F- _+ mkernel.hotplug =. s& P I, ?7 j* H( S5 t
kernel.acct = 4 2 30. U; M' f2 ~+ x' Y" S8 L9 o" l
kernel.sysrq = 07 _ J" {% n0 a. l6 U" M0 p
kernel.cad_pid = 1
x. j: D; ^5 L) Q8 X) O% mkernel.threads-max = 60719
r" L3 Z* P" L; R$ ekernel.random.poolsize = 40962 B% F2 ^- X! \* W5 L! {- |
kernel.random.entropy_avail = 455
6 \$ O5 r9 i5 \kernel.random.read_wakeup_threshold = 642 F4 s( l8 P) z# n6 s3 S
kernel.random.write_wakeup_threshold = 128
1 n7 l' E, {5 Z# s# l6 fkernel.random.boot_id = 7ed1dbbb-9671-4ee2-8d81-58c58ba824ac1 _1 k M+ L }# z. L" x
kernel.random.uuid = d1f372bb-bca8-4338-9d48-b9855a4ec41a! W5 ?4 w. U/ C$ i4 ^2 S
kernel.usermodehelper.bset = 4294967295 4294967295& _ }9 F. D' W1 U" I+ ^+ T. m/ C" U/ `5 A
kernel.usermodehelper.inheritable = 4294967295 4294967295
/ [8 U7 Z% f4 l: p, Pkernel.overflowuid = 65534
& P; O9 c6 Z7 i, w" `kernel.overflowgid = 65534) |5 ~8 U# a4 R$ w) a
kernel.pid_max = 131072
: U0 }% f& q5 T0 U1 ]" S/ v zkernel.panic_on_oops = 1! ^5 i' N0 x/ f' O8 y3 L
kernel.printk = 4 4 1 7
2 R% @# P4 `6 s6 Y+ l4 r \kernel.printk_ratelimit = 5
8 g6 \$ ?2 Y# S- M5 lkernel.printk_ratelimit_burst = 10& C' ?1 G! _2 i! d
kernel.printk_delay = 0
! o6 k+ g: M' E& ckernel.dmesg_restrict = 0
! g1 A# J. b0 C8 {3 Gkernel.kptr_restrict = 1
7 Z( @1 E9 h7 i0 pkernel.ngroups_max = 65536
- h5 E k q7 O9 lkernel.watchdog = 1
6 W7 l# a* C1 vkernel.watchdog_thresh = 60
% y$ V; C% |" a, e2 ~0 Nkernel.softlockup_panic = 00 k: Z+ [( v+ e3 S
kernel.nmi_watchdog = 1' o2 B3 `$ L4 o& A, e) |/ Y' {/ m; o
kernel.unknown_nmi_panic = 0
, O$ ?, l' C4 f+ i( F0 dkernel.panic_on_unrecovered_nmi = 0. l: e' i9 q ^% L1 E
kernel.panic_on_io_nmi = 0
+ @+ h- O& S6 e9 N g" m% A5 Akernel.bootloader_type = 1138 s- X3 _4 l, {8 y
kernel.bootloader_version = 1
4 s8 N8 d, y3 t4 _" p. c8 J3 xkernel.kstack_depth_to_print = 12
6 n1 j" r- y6 [$ k0 \) Bkernel.io_delay_type = 0- e1 b" C8 q; C& h5 c% p: x* Y
kernel.randomize_va_space = 2
7 v( T9 |0 N& [: q3 _kernel.acpi_video_flags = 0
5 h3 M+ }- P# Q2 Tkernel.hung_task_panic = 00 ?2 B' G: S O1 ~
kernel.hung_task_check_count = 4194304! b# i6 y" j+ R4 e* y) p
kernel.hung_task_timeout_secs = 120
: ]1 `7 U: e; ]# V" |0 g3 P) ]kernel.hung_task_warnings = 10$ U* M6 C3 I: H0 J9 a# @
kernel.compat-log = 1& p9 Y; y* V: N
kernel.max_lock_depth = 1024
/ j. K0 R3 G: t9 L4 Qkernel.poweroff_cmd = /sbin/poweroff
" s2 H3 c6 R" f) m! wkernel.keys.maxkeys = 200
F( G) y3 \# @, K0 h, kkernel.keys.maxbytes = 200002 Q# I: d" [& b2 k0 e
kernel.keys.root_maxkeys = 1000000
! c( P" F1 {: J( y+ ~. ^kernel.keys.root_maxbytes = 25000000
) b5 q& ?3 p. r* K' _* i, k" gkernel.keys.gc_delay = 300
( t; W- P/ d: M4 M3 ^kernel.slow-work.min-threads = 25 F8 y- a5 V; I9 g$ I
kernel.slow-work.max-threads = 128
# [$ @" E$ _/ D; p' }% Mkernel.slow-work.vslow-percentage = 50
) o, b4 `1 G" U/ B1 L! c& i vkernel.perf_event_paranoid = 1
. u: M2 b1 w( g& Tkernel.perf_event_mlock_kb = 516, F) W6 x" p( T4 v
kernel.perf_event_max_sample_rate = 100000( N% g2 ?- g6 V- h7 H- V; f X
kernel.blk_iopoll = 1: i# _' i1 F) Y0 _) W7 O
kernel.sched_domain.cpu0.domain0.min_interval = 1
0 i) o( _8 k5 Vkernel.sched_domain.cpu0.domain0.max_interval = 4
& E5 u$ m* v7 K( }kernel.sched_domain.cpu0.domain0.busy_idx = 2 H) K6 ]! ?! m. Q) L% P
kernel.sched_domain.cpu0.domain0.idle_idx = 1* k9 s9 t+ s1 ^3 C# _$ X
kernel.sched_domain.cpu0.domain0.newidle_idx = 0. Z! Y( ^* _6 b0 X/ j8 ]
kernel.sched_domain.cpu0.domain0.wake_idx = 0
8 Q( k, d% p7 h) E. akernel.sched_domain.cpu0.domain0.forkexec_idx = 0
/ M8 _4 {% C/ T U* D9 d* Jkernel.sched_domain.cpu0.domain0.busy_factor = 64; u% e, W! v( v; F5 M' ~ m( v
kernel.sched_domain.cpu0.domain0.imbalance_pct = 1254 w5 i- M3 p% ?! W, r
kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1) R" _: O3 Y! k7 q% M% N
kernel.sched_domain.cpu0.domain0.flags = 4143! J' i7 r# \$ c5 k
kernel.sched_domain.cpu0.domain0.name = CPU
o* b9 S8 _/ J, Q% H+ {1 D9 jkernel.sched_domain.cpu1.domain0.min_interval = 1
4 n4 s# Z8 b/ `$ Z$ U" u9 ^7 bkernel.sched_domain.cpu1.domain0.max_interval = 49 ^9 {( I4 r; G; W: G ^
kernel.sched_domain.cpu1.domain0.busy_idx = 2; Y2 Z( y8 o0 V! J' X# R1 r$ u
kernel.sched_domain.cpu1.domain0.idle_idx = 1
( J. m. b/ m: [# W$ \* o' A# X& Y# Okernel.sched_domain.cpu1.domain0.newidle_idx = 0
* ?9 h& M, A1 x3 O6 E" R; f# okernel.sched_domain.cpu1.domain0.wake_idx = 0
# _" V- m3 ~3 q% c' ekernel.sched_domain.cpu1.domain0.forkexec_idx = 0 ?- M* X0 P2 F4 Y
kernel.sched_domain.cpu1.domain0.busy_factor = 64
! Y, C7 D0 d! s0 O% A' Q. fkernel.sched_domain.cpu1.domain0.imbalance_pct = 125
/ H& p& B8 {3 ]kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1
% r! N; @' s+ x% i# c0 k+ |+ Wkernel.sched_domain.cpu1.domain0.flags = 41439 X% S! P% _& a2 i% J
kernel.sched_domain.cpu1.domain0.name = CPU6 {# H" f# R" Z2 w
kernel.sched_domain.cpu2.domain0.min_interval = 1# N! U8 l; C1 i
kernel.sched_domain.cpu2.domain0.max_interval = 45 M1 `# S% J) |) B
kernel.sched_domain.cpu2.domain0.busy_idx = 2! ^" k+ i( d8 |7 u
kernel.sched_domain.cpu2.domain0.idle_idx = 1, c3 K% Z! W4 n' l9 R
kernel.sched_domain.cpu2.domain0.newidle_idx = 0% r4 {% n, E9 Z, v- J6 r0 q
kernel.sched_domain.cpu2.domain0.wake_idx = 0
7 G" E8 V! U9 m# Kkernel.sched_domain.cpu2.domain0.forkexec_idx = 0/ n9 A# B9 g. `* s! }5 d* j8 t
kernel.sched_domain.cpu2.domain0.busy_factor = 649 K' k" N8 D: Z$ j% F# E3 X
kernel.sched_domain.cpu2.domain0.imbalance_pct = 125 l7 C2 n* m: L% z, Q% X3 H, I/ o
kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
2 g& d" \* _" s$ C/ u6 K6 tkernel.sched_domain.cpu2.domain0.flags = 4143
1 ?4 X7 L* o6 G: Z, Fkernel.sched_domain.cpu2.domain0.name = CPU) |* Z) B- t' G1 [7 y" v
kernel.sched_domain.cpu3.domain0.min_interval = 1* A) M4 Q6 P2 y+ z& y
kernel.sched_domain.cpu3.domain0.max_interval = 4
! p3 \2 }+ _ W3 B+ zkernel.sched_domain.cpu3.domain0.busy_idx = 2
' K; K$ H/ g. Lkernel.sched_domain.cpu3.domain0.idle_idx = 1
. N; T" S# B7 b, {6 Fkernel.sched_domain.cpu3.domain0.newidle_idx = 0* ~: c, I: D9 _* \, Q
kernel.sched_domain.cpu3.domain0.wake_idx = 0# L7 J3 r# m: U2 c# z
kernel.sched_domain.cpu3.domain0.forkexec_idx = 0$ J( `' f2 a, @9 O* j
kernel.sched_domain.cpu3.domain0.busy_factor = 64* q, N9 }4 \3 P3 s% ^
kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
: B, z" w6 N" Z( m/ \0 P0 Nkernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
, Z8 N* a T Rkernel.sched_domain.cpu3.domain0.flags = 4143
! A' P& M& s2 D( I7 m0 Wkernel.sched_domain.cpu3.domain0.name = CPU i. w5 d" N, L# C9 a% x# G
kernel.vsyscall64 = 1! @1 h: ~( {" e9 P1 P- G
kernel.ostype = Linux. `( x3 y7 p" ^0 I4 `
kernel.osrelease = 2.6.32-504.el6.x86_647 t7 |, G7 e2 R7 Y. W0 H. o) o& o7 l
kernel.version = #1 SMP Wed Oct 15 04:27:16 UTC 2014# _) Q8 Y% S. [1 M- _! v8 e7 c
kernel.hostname = xapi.128.com
5 @1 P7 x! _) k2 g8 L( b; }6 Pkernel.domainname = (none)
% C4 d* E& {, Z! ?: u3 ^+ R% |+ W, Mkernel.pty.max = 4096# d u I' H' E, A
kernel.pty.nr = 1
6 h# H1 R& l( Jkernel.shmmax = 687194767362 `0 y. x5 @- r
kernel.shmall = 4294967296% R F. I8 o0 a* c
kernel.shmmni = 4096
8 Q. M5 o1 m% bkernel.shm_rmid_forced = 0* C% W/ P4 ?& c1 z- e* A/ m
kernel.msgmax = 65536
8 [$ K0 e* f5 N: V% g1 Xkernel.msgmni = 7627) F$ C& h6 s- O9 \ E
kernel.msgmnb = 655365 t" X9 ]& r% K5 B# E+ N
kernel.sem = 250 32000 32 128# m/ X4 l* B9 V
kernel.auto_msgmni = 15 g, P" D+ G8 O+ \. A
vm.overcommit_memory = 06 _# o* X. C9 E* u0 e# h9 y
vm.panic_on_oom = 0 C7 p% a# u" d. s: ]6 Z9 Z
vm.oom_kill_allocating_task = 0
( e3 K: T4 E- q* cvm.extfrag_threshold = 500' s/ u6 r l1 ^
vm.oom_dump_tasks = 1
; K; [2 g6 D7 G& mvm.would_have_oomkilled = 01 P0 l% W& A( x/ A) a9 x' b: Q4 ~- l" a
vm.overcommit_ratio = 50: Z7 U( M$ D e3 m9 ? L$ i# U
vm.overcommit_kbytes = 0
. J' _2 _7 E) `' t X+ ?. o9 `vm.page-cluster = 34 D# K* K& |6 }" N: j
vm.dirty_background_ratio = 10
( I& H H8 n, ^) b6 M. p7 ], ?vm.dirty_background_bytes = 0
) T! A, n; i: |vm.dirty_ratio = 20
& O* J: z. ?9 b: jvm.dirty_bytes = 05 q$ N+ [7 x6 |+ t2 I2 e
vm.dirty_writeback_centisecs = 500
& P' m* Y) u8 x- |7 O' X# kvm.dirty_expire_centisecs = 3000
* {; w7 R' g9 `( A9 P) bvm.nr_pdflush_threads = 0# p' w2 {! b" n0 G$ V0 D$ b
vm.swappiness = 607 H L: k+ }. [5 \
vm.nr_hugepages = 0
* d/ B; u8 g- z+ H' R0 W6 p: vvm.nr_hugepages_mempolicy = 0- ~8 ]5 C0 L3 v& M( [: i: d
vm.hugetlb_shm_group = 0
8 r5 g: g% v( r% l) Evm.hugepages_treat_as_movable = 0) U4 F/ Z! ^8 l8 j1 T
vm.nr_overcommit_hugepages = 0
6 B0 d: Z+ W, p/ K( ^& K; ~vm.lowmem_reserve_ratio = 256 256 32
( x+ M1 G. _ ]" Q1 O. ]: Qvm.drop_caches = 08 {9 h3 ^' [! [3 c$ B
vm.min_free_kbytes = 67584
; }* c1 g |/ B v/ Z% Gvm.extra_free_kbytes = 0: p) X" r, i. e- \
vm.unmap_area_factor = 0# |8 `+ P' ?; V' }: Y; q
vm.meminfo_legacy_layout = 1! }" k. j0 S! r
vm.percpu_pagelist_fraction = 04 J, Y8 ?' C/ b
vm.max_map_count = 65530
, \2 o8 b" _* t# F# r& }7 E6 O1 Vvm.laptop_mode = 0
9 o! r, e3 X; L4 W* ivm.block_dump = 0: h9 R* Q- a. m. Z4 N" ?
vm.vfs_cache_pressure = 100
/ X& `# V' a% ?: w' tvm.legacy_va_layout = 0 w4 Q6 r8 q. C# S3 F
vm.zone_reclaim_mode = 0' Z1 G# R( _1 ~: x4 D' O( W/ \' C
vm.min_unmapped_ratio = 1
: D* y! M* ?1 x+ d( ?vm.min_slab_ratio = 5
+ V! Z) ]/ O9 r) r" Q4 ^vm.stat_interval = 1
2 r( T M, |7 G8 X: b7 ^* M! Wvm.mmap_min_addr = 4096& B; Z0 i$ T* M
vm.numa_zonelist_order = default
8 M, L2 n7 J) M% w) ]* h( yvm.scan_unevictable_pages = 0
- R6 f. G) g/ {" n0 l, Qvm.memory_failure_early_kill = 0- q! F5 A) x1 }- s: ~# _) v; _' F
vm.memory_failure_recovery = 1' y- {1 O2 N, N" x1 l
fs.inode-nr = 14659 243
& Y: U# a+ H _7 |fs.inode-state = 14659 243 0 0 0 0 0
) Q' n: A, l$ E7 \4 ffs.file-nr = 1216 0 385492
9 `9 n; b8 A1 \: D: N. N$ v5 ^( z- Z
4 D' Q7 @" ~) s/ m) X9 n5 j#【nginx】这个参数表示系统(所有)可以同时打开的最大句柄数,这个参数直接限制最大并发连接数,需根据实际情况配置。wd=811515! Q, v6 d e2 k% [
# file-max与ulimit的区别
- p8 l9 {, k9 i$ ?fs.file-max = 385492; r( b4 d6 a% V1 {5 K: X
4 K; z+ r4 i. n% y8 N/ l
fs.nr_open = 1048576. ?# d8 v% v1 K
fs.dentry-state = 15088 6375 45 0 0 0
0 B3 D1 Q, a& H2 |8 c* W+ ~fs.overflowuid = 65534; I) P" N, ~# B6 s8 o
fs.overflowgid = 65534# g3 Z2 A8 t1 |" }% s& ^1 R
fs.leases-enable = 1
% v K' Z- Z3 Q) d" d+ O1 N' mfs.dir-notify-enable = 1
; p0 H) j- f. @( x! l& ufs.lease-break-time = 45; v* J1 d. E" Q$ e
fs.aio-nr = 0# I2 U/ \ E4 e3 I
fs.aio-max-nr = 65536
, s* O# p( v+ M2 Yfs.inotify.max_user_instances = 128
k: t. ? D7 m6 U& ]fs.inotify.max_user_watches = 8192
! u9 V$ h2 m# Vfs.inotify.max_queued_events = 16384- u" y9 o; j4 ?& i0 x ?# q6 b
fs.epoll.max_user_watches = 795852
% M( g3 L! V+ L5 L, W" f. cfs.suid_dumpable = 0, e A( I$ D0 `# S6 K$ h" j
fs.binfmt_misc.status = enabled2 U6 m1 l! m+ ^) M9 x5 d5 g
fs.quota.lookups = 05 W% l5 K# k( h6 {! `: f( N
fs.quota.drops = 0, o% |7 z6 D4 z6 ?6 E+ u& b
fs.quota.reads = 0" G" E9 b- D6 Y7 C7 n6 `" z
fs.quota.writes = 0% X2 j: J6 p, I+ ~# `; u
fs.quota.cache_hits = 0: _, R+ H# {3 c$ ]- B
fs.quota.allocated_dquots = 0
5 x& i$ I) f# p" x) [fs.quota.free_dquots = 0, _# I! N& y0 F, P2 s3 e3 j' C0 k
fs.quota.syncs = 4
0 S( I! v9 \, F- {+ P6 ufs.quota.warnings = 13 a% O2 X! @0 y1 ?
fs.mqueue.queues_max = 256
- h2 }5 g2 Q% b: ]fs.mqueue.msg_max = 10- Y6 H3 V5 N% w0 ?( T+ e
fs.mqueue.msgsize_max = 8192( h, x( S1 V/ Q9 E- ?3 L C
fs.mqueue.msg_default = 10
: ~7 e, K0 A0 C3 W7 v2 \fs.mqueue.msgsize_default = 81924 [6 U) [- i* n- Z% a
debug.exception-trace = 10 \& v% u* s; G7 b
debug.kprobes-optimization = 1; q) |' S& q& Z! W) X
dev.scsi.logging_level = 0
5 g. w% p; o7 j- w1 K0 gdev.raid.speed_limit_min = 10003 p7 b7 G; V h/ A# j5 a: j: ?# j
dev.raid.speed_limit_max = 200000
: ?4 O0 q6 B5 e. G$ ]8 e. Ndev.hpet.max-user-freq = 64
7 X, B& v5 r6 w" O. K! @dev.mac_hid.mouse_button_emulation = 0
8 \' Z* A( F7 tdev.mac_hid.mouse_button2_keycode = 97! o& w y% u8 m5 @- _/ t( Z9 {
dev.mac_hid.mouse_button3_keycode = 100+ U8 h& Z8 G2 J! ` `
dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17
* v `/ v) T' E3 a( o* ddev.cdrom.info =
. j. B, x3 c, \& P0 adev.cdrom.info = drive name: sr0
7 o1 s3 A% I4 ?6 ]( p, W& U2 |* c% V( rdev.cdrom.info = drive speed: 3066 L; M) U# w/ E+ J$ e1 p: Q
dev.cdrom.info = drive # of slots: 1
7 a( W' K, ^4 J4 P) Sdev.cdrom.info = Can close tray: 19 f' J; @: n* j3 Q9 F
dev.cdrom.info = Can open tray: 1) D0 _: E0 y9 T; s0 `" e( V; D) P
dev.cdrom.info = Can lock tray: 1& D6 N8 ]/ L/ n& w( z: d
dev.cdrom.info = Can change speed: 19 b" }; [8 I0 T- f9 W/ K; P
dev.cdrom.info = Can select disk: 0
* h! w( _1 t5 l3 ?dev.cdrom.info = Can read multisession: 13 M& S% G, {+ P! j
dev.cdrom.info = Can read MCN: 1
7 f: O4 u7 J# ~# _/ _0 s( tdev.cdrom.info = Reports media changed: 12 F3 O( T8 r# p' {4 `! |
dev.cdrom.info = Can play audio: 1
! p. k7 _. s( E7 s( Sdev.cdrom.info = Can write CD-R: 0
; ?9 L: [! Z& g' Adev.cdrom.info = Can write CD-RW: 0, k" @8 z S/ o' U U) X
dev.cdrom.info = Can read DVD: 15 Q' M P$ U: J% D1 ~# G
dev.cdrom.info = Can write DVD-R: 0
: m" u9 x. G+ n/ T1 @5 ]dev.cdrom.info = Can write DVD-RAM: 07 _: D: V0 w, o5 L
dev.cdrom.info = Can read MRW: 1" l& h) X) {+ V
dev.cdrom.info = Can write MRW: 1
2 [; p* Z' q e1 O! D; P3 n4 ^dev.cdrom.info = Can write RAM: 1) |% u* U" h* m) {" a5 L
dev.cdrom.info =7 c" j! m5 B6 B
dev.cdrom.info =
" d1 l1 n) w% ^dev.cdrom.autoclose = 1
/ S% \2 m, W) qdev.cdrom.autoeject = 0, y; b2 ~/ t8 q( ]; `: }5 X# R
dev.cdrom.debug = 0 X. C" d n) Y3 ]( A5 k- @
dev.cdrom.lock = 1( {7 ~0 ^0 f. d+ E/ h9 y
dev.cdrom.check_media = 01 [" z6 J& {! F, }6 L% E
net.netfilter.nf_log.0 = NONE U2 i2 o: \/ D+ [5 P# u
net.netfilter.nf_log.1 = NONE
3 p- D' _$ q& {/ ~4 j+ D. c* inet.netfilter.nf_log.2 = NONE
/ r; U2 m4 q" H- a# Y- W, ?+ onet.netfilter.nf_log.3 = NONE
& r; a5 m0 J7 }% w/ `net.netfilter.nf_log.4 = NONE; L) [: y4 A9 T' G6 k2 T/ Y3 D: H
net.netfilter.nf_log.5 = NONE, ~: `) U+ r) l/ }& V2 H
net.netfilter.nf_log.6 = NONE# c6 Z# C* f; s
net.netfilter.nf_log.7 = NONE
+ b, u0 {" A8 q; F% M1 J* xnet.netfilter.nf_log.8 = NONE
& z& }3 q' V9 V" J- onet.netfilter.nf_log.9 = NONE
6 z0 `* n( g- f9 E+ jnet.netfilter.nf_log.10 = NONE
' Q1 {$ e5 b9 vnet.netfilter.nf_log.11 = NONE
% ~# H# p8 F! f% S3 r. Wnet.netfilter.nf_log.12 = NONE
& U. c/ I* ~* U% Enet.netfilter.nf_conntrack_generic_timeout = 600
6 @! {4 N0 i& q$ x4 K8 p4 z! znet.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
+ U/ k1 o6 q# Vnet.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
7 I6 [( O+ q* ~ A8 v# @# Y inet.netfilter.nf_conntrack_tcp_timeout_established = 432000& Z+ U8 d- _0 k" T* f( E$ S
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 1203 ^( I7 w8 _: R1 k' ^
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
, f8 W6 ?1 N4 h: x gnet.netfilter.nf_conntrack_tcp_timeout_last_ack = 30. t$ c7 {- ] d& l- u m# }
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
1 i7 E R6 Q Y: dnet.netfilter.nf_conntrack_tcp_timeout_close = 10- z5 g' R$ r7 w: e
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300) ^' P$ C. s% `7 n; F8 V2 d
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300% a' d/ Z" Z. n# x% I
net.netfilter.nf_conntrack_tcp_loose = 1
$ }0 z& V* C/ d3 D; {$ @2 Lnet.netfilter.nf_conntrack_tcp_be_liberal = 0
$ f. |- ]/ @" }7 i% p9 J/ Jnet.netfilter.nf_conntrack_tcp_max_retrans = 3
, D! [! t- z+ _ g. f* \net.netfilter.nf_conntrack_udp_timeout = 305 o) ~+ Y8 A2 a X# }$ V
net.netfilter.nf_conntrack_udp_timeout_stream = 180! N6 m! B( W# e6 v
net.netfilter.nf_conntrack_icmpv6_timeout = 30. V5 P. f; H& l! a; ~( j
net.netfilter.nf_conntrack_acct = 07 h$ v: V7 t8 A$ M2 q1 w
net.netfilter.nf_conntrack_events = 1" ]! s+ ?1 d2 N+ E1 ]( _& h- q
net.netfilter.nf_conntrack_events_retry_timeout = 155 I3 B, s1 x9 f' w0 g
net.netfilter.nf_conntrack_max = 65536. n j$ [/ j3 X+ \* I' k
net.netfilter.nf_conntrack_count = 0- P! N# r9 t0 Y. i z0 X" z5 `
net.netfilter.nf_conntrack_buckets = 16384. _9 M* k o9 w% M7 e w( T
net.netfilter.nf_conntrack_checksum = 1
% k& \8 t8 }: ]: S+ y7 n/ tnet.netfilter.nf_conntrack_log_invalid = 06 H9 I. [: r* N. n x" {
net.netfilter.nf_conntrack_expect_max = 256
3 b+ s: F3 [9 n+ u, mnet.core.somaxconn = 1286 }/ w; G8 H4 U( H" i% ]" W
net.core.xfrm_aevent_etime = 10
( ^8 {$ Q! `5 q& e; Xnet.core.xfrm_aevent_rseqth = 2
1 [& ^% H1 w- q. H+ p1 ]net.core.xfrm_larval_drop = 17 ?0 ?7 c5 m6 U# A( P! g" R
net.core.xfrm_acq_expires = 30+ r1 T) g0 e; u) j
) p- H' o) R$ ~6 y, |- g
#【nginx】这个参数表示内核套接字发送缓存区的最大大小。' M- l& q; J. N& E: B
#【nginx】这个参数表示内核套接字接收缓存区的最大大小。5 R7 |2 w, @9 u& O
#【nginx】这个参数表示内核套接字发送缓存区默认的大小。
' V; ~ x# a* M2 W8 r0 O8 z#【nginx】这个参数表示内核套接字接收缓存区默认的大小。 q- s7 q. H; o( `5 {
#注意 滑动窗口的大小与套接字缓存区会在一定程度上影响并发连接的数目。每个TCP连接都会为维护TCP滑动窗口而消耗内存,这个窗口会根据服务器的处理速度收缩或扩张。
# f" \- }: P$ Q) G7 X3 E参数wmem_max的设置,需要平衡物理内存的总大小、Nginx并发处理的最大连接数量(由nginx.conf中的worker_processes和worker_connections参数决定)而确定。当然,如果仅仅为了提高并发量使服务器不出现Out Of Memory问题而去降低滑动窗口大小,那么并不合适,因为滑动窗口过小会影响大数据量的传输速度。rmem_default、wmem_default、rmem_max、wmem_max…
; V9 q) {9 p+ q& a+ u& H#参考:可靠传输的实现
7 O1 m* [9 Z! S8 b! inet.core.wmem_max = 124928 //wd=1249286 N3 ]3 `& Y# X$ \5 W- g3 }
net.core.rmem_max = 124928 //wd=124928
, \- Y' o* F4 znet.core.wmem_default = 124928 //wd=124928
7 j4 Z% \" Q! a; D" J" E' b8 o& _net.core.rmem_default = 124928//wd=124928
( H( G1 _" [3 Q6 A- a! ~
2 E# A2 x5 \/ {9 {0 v$ h4 N ]net.core.dev_weight = 641 h6 }8 G0 t1 m* z, @% ^" T" b: u( K
2 n) E7 h5 N% K: f* u
#【nginx】当网卡接收数据包的速度大于内核处理的速度时,会有一个队列保存这些数据包。这个参数表示该队列的最大值。wd=32768
8 p7 m* ]9 W3 N O9 N. c+ w" S! @net.core.netdev_max_backlog = 1000
0 r8 E% {, |3 O8 h# A5 l! F2 V" Anet.core.message_cost = 5
2 S2 i0 W( X+ Ynet.core.message_burst = 10
: P5 j% n9 }- b" r. ^; g8 D, Knet.core.optmem_max = 204806 w5 {3 u s% u7 ?" H' q
net.core.rps_sock_flow_entries = 04 Q5 K0 U7 v+ q
net.core.busy_poll = 0+ A" F& j3 k9 E* Y$ c* ~
net.core.busy_read = 0
" _+ P: n6 H, J7 p3 Vnet.core.netdev_budget = 300, G* V/ l! H) U, z+ f( s' H5 C6 z
net.core.warnings = 1
$ t) ?$ O4 Q0 F0 j0 \net.ipv4.route.gc_thresh = 131072
3 x$ F# `/ ~* n3 E% \; h, anet.ipv4.route.max_size = 2097152
$ V0 B2 f! X& L% t. f9 D8 q! Y3 p5 qnet.ipv4.route.gc_min_interval = 0
8 @8 t) @9 ?6 a+ M/ E# ^6 Fnet.ipv4.route.gc_min_interval_ms = 500
{6 G- ?& I6 I) @2 V. J9 h4 g# _net.ipv4.route.gc_timeout = 300
% V: ?! G* F3 R! l8 \net.ipv4.route.gc_interval = 60+ i8 x# R; [3 e* x, J
net.ipv4.route.redirect_load = 20- b9 A3 b; D; d" j
net.ipv4.route.redirect_number = 9
5 p1 {9 e! ?2 o0 lnet.ipv4.route.redirect_silence = 20480
8 I/ J7 E+ g! V4 i: vnet.ipv4.route.error_cost = 10003 Y) ^- n" @% ~2 b4 Q
net.ipv4.route.error_burst = 5000
# r* O0 p' G3 \3 |! G: Vnet.ipv4.route.gc_elasticity = 8
3 ^5 ?. X3 ^" D- X( Tnet.ipv4.route.mtu_expires = 600, q0 X/ ]: A6 q% e; n% T
net.ipv4.route.min_pmtu = 552! m% f- @6 |8 t% d7 a4 a# E
net.ipv4.route.min_adv_mss = 256
! [3 u! ~% [( f1 lnet.ipv4.route.secret_interval = 600
' T% a3 n4 `7 f6 _1 @' m1 Ynet.ipv4.neigh.default.mcast_solicit = 3: p% O& |' v1 B- v0 d, m
net.ipv4.neigh.default.ucast_solicit = 3# _( I' T% q# k% v, D
net.ipv4.neigh.default.app_solicit = 00 _/ @4 K& [$ ^4 M
net.ipv4.neigh.default.retrans_time = 99
7 c" b+ t* a. s' \$ y. L3 ~! Y$ fnet.ipv4.neigh.default.base_reachable_time = 30
0 s4 y R( @' V) a) ynet.ipv4.neigh.default.delay_first_probe_time = 5
+ M7 M- A) q4 x; E; f/ ~5 Inet.ipv4.neigh.default.gc_stale_time = 60. u$ z- q; O9 p- a- l; B( F
net.ipv4.neigh.default.unres_qlen = 34 U5 k: Z+ {3 V
net.ipv4.neigh.default.proxy_qlen = 64
. D9 O. p7 Z: G/ Anet.ipv4.neigh.default.anycast_delay = 99
9 y6 z3 `& p/ Gnet.ipv4.neigh.default.proxy_delay = 79% X5 q1 H6 Q/ \5 x4 c& S6 S
net.ipv4.neigh.default.locktime = 99( b5 ~* k8 T3 g( A$ w/ ?* c
net.ipv4.neigh.default.retrans_time_ms = 1000
, K$ h0 \1 L; j# p* ~2 S) E0 Knet.ipv4.neigh.default.base_reachable_time_ms = 300005 y! n2 i3 B: t% V% |, r( e: [' G
net.ipv4.neigh.default.gc_interval = 306 m& d8 J7 z# p5 E y; x
net.ipv4.neigh.default.gc_thresh1 = 1282 R4 e6 ` ]6 Y$ t
net.ipv4.neigh.default.gc_thresh2 = 512
$ J; x- l1 F9 {net.ipv4.neigh.default.gc_thresh3 = 1024- U" I$ ~$ C0 L: w6 y
net.ipv4.neigh.lo.mcast_solicit = 3
5 Y/ E7 }2 K Mnet.ipv4.neigh.lo.ucast_solicit = 3" t! _5 }& R5 s4 A( L- x
net.ipv4.neigh.lo.app_solicit = 0
. d7 l8 \3 r' S9 x( i! O' a, u" j' knet.ipv4.neigh.lo.retrans_time = 99+ ~! d- B! L* X
net.ipv4.neigh.lo.base_reachable_time = 30
' I: y: ? x' D& I8 {' c1 g& r* cnet.ipv4.neigh.lo.delay_first_probe_time = 5
; o N# _% }: t+ G+ wnet.ipv4.neigh.lo.gc_stale_time = 60
b) @* g4 G% |7 Lnet.ipv4.neigh.lo.unres_qlen = 37 w9 p+ A4 ^8 e' z" C
net.ipv4.neigh.lo.proxy_qlen = 64
, Y; m) x N& F( b F* jnet.ipv4.neigh.lo.anycast_delay = 99 \) F: f. E5 h+ _8 v& `& ^& M
net.ipv4.neigh.lo.proxy_delay = 79
2 Z" }* ^; G! Q3 Cnet.ipv4.neigh.lo.locktime = 997 N$ e U m5 y- x8 }. Q2 G* d7 p
net.ipv4.neigh.lo.retrans_time_ms = 1000
0 E0 b2 |! M2 s: r1 U( Unet.ipv4.neigh.lo.base_reachable_time_ms = 30000
- U5 L9 ^# W$ B# i* anet.ipv4.neigh.eth0.mcast_solicit = 3 i! f: u0 E* z f
net.ipv4.neigh.eth0.ucast_solicit = 3 W- G: j' ?# h
net.ipv4.neigh.eth0.app_solicit = 0
) ?( V, V, V8 _2 Z( ^net.ipv4.neigh.eth0.retrans_time = 991 j+ F; M7 v# M+ x' v
net.ipv4.neigh.eth0.base_reachable_time = 304 Z( I4 a' `" L/ g1 q& Y. V+ T
net.ipv4.neigh.eth0.delay_first_probe_time = 5
$ E0 s( y5 V: {net.ipv4.neigh.eth0.gc_stale_time = 60# C( e k! _2 [% L
net.ipv4.neigh.eth0.unres_qlen = 3* ^: W* ~- H% V! R& Y# p( [7 o
net.ipv4.neigh.eth0.proxy_qlen = 64
. i" i" m: n# Vnet.ipv4.neigh.eth0.anycast_delay = 99/ r9 R/ N0 T2 R1 [
net.ipv4.neigh.eth0.proxy_delay = 79
0 t- [) X0 O: I9 Qnet.ipv4.neigh.eth0.locktime = 99- c* {0 }5 {6 |- x% k' I3 a
net.ipv4.neigh.eth0.retrans_time_ms = 1000$ @4 u: V m3 C4 `4 M
net.ipv4.neigh.eth0.base_reachable_time_ms = 300007 b5 c" ^, C. m2 |9 A9 m. l
net.ipv4.neigh.pan0.mcast_solicit = 3
; v# e( H2 h: E3 `2 h( P# i% Enet.ipv4.neigh.pan0.ucast_solicit = 39 H$ E1 b+ O* K# ~
net.ipv4.neigh.pan0.app_solicit = 0
0 y6 Y% J. S" D% Inet.ipv4.neigh.pan0.retrans_time = 99
w& L* g: {0 N2 J" J Jnet.ipv4.neigh.pan0.base_reachable_time = 30
/ R' O7 l7 c T4 R& {2 N& Hnet.ipv4.neigh.pan0.delay_first_probe_time = 5& ]- S- u$ a4 F5 [0 F) w1 H
net.ipv4.neigh.pan0.gc_stale_time = 60
$ B4 y4 u; a' O/ \# y( _) {& U, \2 Enet.ipv4.neigh.pan0.unres_qlen = 3# ^" ?6 {, l' S/ b: I# V8 B" Y
net.ipv4.neigh.pan0.proxy_qlen = 64
4 N$ p' T3 z* `net.ipv4.neigh.pan0.anycast_delay = 99
5 d" m: R& A, s2 [' V8 ]+ s5 |net.ipv4.neigh.pan0.proxy_delay = 79
: _. ^- _/ X& F" S4 t: X. i2 R& w+ ]net.ipv4.neigh.pan0.locktime = 991 s$ `8 ^+ d" F) d* i. W3 O
net.ipv4.neigh.pan0.retrans_time_ms = 1000& L9 c y3 Z3 a. r5 j- O
net.ipv4.neigh.pan0.base_reachable_time_ms = 30000( d# V; H# U' k7 `! r2 n M- c( T! I
net.ipv4.tcp_timestamps = 1( }# L6 A. p, q- O A
net.ipv4.tcp_window_scaling = 1
* b6 G$ t% y2 l4 J0 lnet.ipv4.tcp_sack = 1- P, Z0 {. O% s* @
net.ipv4.tcp_retrans_collapse = 1
5 A2 V: v, P8 }( E$ l" @net.ipv4.ip_default_ttl = 64% R: i. S. c" F! ^# p$ q5 V
net.ipv4.ip_no_pmtu_disc = 05 P: T' }' S# W" \% a# h
net.ipv4.ip_nonlocal_bind = 0' ~, m$ O, f; L: X! L
net.ipv4.tcp_syn_retries = 5! I( d8 |2 I9 q2 K
net.ipv4.tcp_synack_retries = 5
2 V" G2 a) q+ E. c7 ]. h2 K1 P0 _net.ipv4.tcp_max_orphans = 262144
j5 A3 K: U/ |0 ~; P& S
& {% d$ r' l5 }+ K 5 E5 I. ?5 g) C2 ^
4 }* h' R! @8 W- Y. h3 a#【nginx】这个参数表示操作系统允许TIME_WAIT套接字数量的最大值,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。该参数默认为180 000,过多的TIME_WAIT套接字会使Web服务器变慢。wd=10000
4 X# j+ R* l `; _$ Mnet.ipv4.tcp_max_tw_buckets = 262144
9 U. ]% V$ W+ K( {
. s7 b0 @& H) B% vnet.ipv4.ip_dynaddr = 00 n, i% m) y- J6 W6 _" r# |
# o/ R9 O6 b) x
#【nginx】这个参数表示当keepalive启用时,TCP发送keepalive消息的频度。默认是2小时,若将其设置得小一些,可以更快地清理无效的连接。单位:秒 默认值:2小时。wd=300% o6 c: P3 X' a( S0 ]5 o% w% R; E& L
net.ipv4.tcp_keepalive_time = 7200
2 t5 n9 d/ a' O% b5 K3 n5 ]% B
. p) C: _3 Q. \+ z: c9 vnet.ipv4.tcp_keepalive_probes = 9
% [" E; p0 h/ D/ i1 knet.ipv4.tcp_keepalive_intvl = 75
( @5 t) s J5 F7 ^ v3 ^" hnet.ipv4.tcp_retries1 = 3; ^" j. I" j9 f/ N, V) R+ J
net.ipv4.tcp_retries2 = 15' B$ A2 Y0 M$ x
1 H: r6 O4 k8 ^#【nginx】这个参数表示当服务器主动关闭连接时,socket保持在FIN-WAIT-2状态的最大时间,单位:秒 wd=30/ c' k+ Y3 W4 i' k( T% L2 r! [
#参考:tcp参数详解之tcp_fin_timeout
& e" K+ t o" u0 p6 A& {1 Pnet.ipv4.tcp_fin_timeout = 60
; p$ E& W) A% y* m1 M$ m) D. p, _8 x2 l4 X5 \. ]1 }) O
#【nginx】参数与性能无关,用于解决TCP的SYN攻击。 wd= 1
5 M0 V2 H1 V& ^ e) c8 G! I" y" D2 Dnet.ipv4.tcp_syncookies = 1
1 O* e# N- M$ r: s2 X! S, o
9 S2 H3 \' V! e4 V/ ? tnet.ipv4.tcp_tw_recycle = 0
& m' p: [. `" Knet.ipv4.tcp_abort_on_overflow = 0
. }6 \! Q P/ C V1 z4 ?3 a8 knet.ipv4.tcp_stdurg = 0* W4 [, y0 v, ~. T) x5 g9 c
net.ipv4.tcp_rfc1337 = 0
% e' u7 }- X# B! j) A5 c; p
6 i$ y! Y7 \! M7 c5 M( x#【nginx】这个参数表示TCP三次握手建立阶段接收SYN请求队列的最大长度,默认为1024,将其设置得大一些可以使出现Nginx繁忙来不及accept新连接的情况时,Linux不至于丢失客户端发起的连接请求,wd=2048
% C( ^- I& X5 {1 Q! _& ^net.ipv4.tcp_max_syn_backlog = 2048
: z. I2 z5 O$ ]' s
6 @& o) |5 Y: M3 Y: l : w& A1 k9 m+ V K
3 \6 ^. m+ M" u' c. m# c& e0 y#【nginx】这个参数定义了在UDP和TCP连接中本地(不包括连接的远端)端口的取值范围。wd = 10240 65535- m" P' @4 j5 q0 J& ~
net.ipv4.ip_local_port_range = 32768 610008 q# f3 Z i. B$ b H
+ `0 |1 b1 T: W }net.ipv4.ip_local_reserved_ports =
0 @/ ?7 B! C% L) C: |! Enet.ipv4.igmp_max_memberships = 20
/ ^/ U- W6 ^! ~! onet.ipv4.igmp_max_msf = 10
! C$ q- \& c8 qnet.ipv4.inet_peer_threshold = 656645 |' i& j1 I& g8 a
net.ipv4.inet_peer_minttl = 120
0 G5 a. u' N' j' Cnet.ipv4.inet_peer_maxttl = 600
8 @0 H+ j) o7 o7 E* s7 ?net.ipv4.inet_peer_gc_mintime = 10
3 ]$ D- e, s5 t; O+ E" S7 y1 Znet.ipv4.inet_peer_gc_maxtime = 120
) O. [# _9 a0 ?/ s) q0 O) v6 Pnet.ipv4.tcp_orphan_retries = 0
$ V3 d0 `1 w7 |5 \' v( W$ g( Snet.ipv4.tcp_fack = 1
q3 H# i* M( Hnet.ipv4.tcp_reordering = 3, b( } ]( j! S/ ?
net.ipv4.tcp_ecn = 21 f9 d: t0 v4 Q) Q
net.ipv4.tcp_dsack = 1# u! v4 `6 o5 S4 F8 b- {: g
net.ipv4.tcp_mem = 364224 485632 7284488 X+ k" b5 a& g2 g. z9 e, z
, T: T$ }0 d/ }; g J4 L#【nginx】这个参数定义了TCP发送缓存(用于TCP发送滑动窗口)的最小值、默认值、最大值。wd=4096 87380 41943042 q+ B5 t) }5 S. ^6 C( B
net.ipv4.tcp_wmem = 4096 16384 4194304/ {! G) X$ e( i$ t: E. n# a9 ]' F5 Y
6 j* f$ z( z/ a4 k) `! J
#【nginx】这个参数定义了TCP接收缓存(用于TCP接收滑动窗口)的最小值、默认值、最大值。wd=4096 87380 41943041 S8 f5 Q: E8 e5 n# i5 X* y
net.ipv4.tcp_rmem = 4096 87380 4194304
) i8 k' {+ c' \6 s$ s
; ]3 Y/ G- C" t3 Snet.ipv4.tcp_app_win = 31
, \( M1 {% ]. ^# z, xnet.ipv4.tcp_adv_win_scale = 2
( D, E) L2 \/ W) s6 b
6 B' t1 f( {2 H2 W3 f# N#【nginx】tw是time wait的简称,表示允许将time-wait状态的socket重新用于新的tcp连接,这对于服务器来说很有意义,因为服务器上总会有大量的time-wait状态的连接。wd=1" {* s0 J0 L! I& J T4 a' |/ ^
net.ipv4.tcp_tw_reuse = 0( E5 @3 D; Z4 K; J2 {7 w, h
: E9 c8 a; R2 ] n+ ^0 L unet.ipv4.tcp_frto = 2
) o ]+ ^9 N# R9 snet.ipv4.tcp_frto_response = 0
9 S( j. j l& S6 I& u4 Onet.ipv4.tcp_low_latency = 0
8 C7 Z1 o. Z* N) h6 y' }net.ipv4.tcp_no_metrics_save = 0
; K$ o1 V" t6 i" {9 P anet.ipv4.tcp_moderate_rcvbuf = 1( S& w7 o6 N8 c+ U4 Z! W
net.ipv4.tcp_tso_win_divisor = 3
0 }9 ]" A* ~: P; onet.ipv4.tcp_congestion_control = cubic
8 }0 n2 j! v$ |9 I8 n% j4 s* M0 Nnet.ipv4.tcp_abc = 0& x, e8 O4 H# A4 X1 t
net.ipv4.tcp_mtu_probing = 0
$ x7 W$ k& H4 m( i9 o! rnet.ipv4.tcp_base_mss = 5127 ?) ^4 Q- _/ d5 y) v6 S% F3 @
net.ipv4.tcp_workaround_signed_windows = 0( \4 B# Z% U: r, Y: w
net.ipv4.tcp_challenge_ack_limit = 100
4 x5 @( y0 ?: x: A' Onet.ipv4.tcp_limit_output_bytes = 131072
V6 P% O1 d v, R0 i+ }net.ipv4.tcp_dma_copybreak = 4096
+ i) Z+ A' d) l- [net.ipv4.tcp_slow_start_after_idle = 1
0 Y0 S& o3 c% ~' hnet.ipv4.cipso_cache_enable = 1, b+ \. T/ Q; s2 X0 |9 a& j. K
net.ipv4.cipso_cache_bucket_size = 10, A- X& O2 ~, C5 q: t: R
net.ipv4.cipso_rbm_optfmt = 0
' u5 p1 M) O$ }6 _5 [7 n9 `net.ipv4.cipso_rbm_strictvalid = 1
# K: G5 Y" ?# Z0 U7 F: m. h4 Lnet.ipv4.tcp_available_congestion_control = cubic reno
+ D2 u6 u% h L; _" y; K/ I5 |net.ipv4.tcp_allowed_congestion_control = cubic reno5 d9 ^( c9 b- }* i7 | m
net.ipv4.tcp_max_ssthresh = 03 n' t; z# `1 M
net.ipv4.tcp_thin_linear_timeouts = 0. Q$ X1 j; _& \( v( {4 h
net.ipv4.tcp_thin_dupack = 0
% K& o& i ~9 M+ Qnet.ipv4.tcp_min_tso_segs = 2
/ ^0 K J: { Qnet.ipv4.udp_mem = 364224 485632 728448
6 `5 m b1 m$ ]net.ipv4.udp_rmem_min = 40968 ]. [9 O+ Z8 W4 g; Y
net.ipv4.udp_wmem_min = 4096& c2 | V8 ]& v9 E" u0 u( n
net.ipv4.conf.all.forwarding = 06 c8 Z: ~% j) y5 ~# O* c5 R
net.ipv4.conf.all.mc_forwarding = 0
) g4 p& [7 c: tnet.ipv4.conf.all.accept_redirects = 1/ {% c( B. H, k+ }
net.ipv4.conf.all.secure_redirects = 1
9 B6 F. ?* {1 wnet.ipv4.conf.all.shared_media = 1
* N7 V8 `/ q( P4 \, B* @2 T: `net.ipv4.conf.all.rp_filter = 00 b p' k; R4 p
net.ipv4.conf.all.send_redirects = 1
( ^3 p) A8 {1 J4 Q) H5 }net.ipv4.conf.all.accept_source_route = 0) D: S7 t1 E3 S/ g1 z$ ?
net.ipv4.conf.all.src_valid_mark = 0" x6 w# \: X8 a$ n9 R( Y1 S
net.ipv4.conf.all.proxy_arp = 0
4 ~3 K* M7 B# U# Q2 ^) knet.ipv4.conf.all.medium_id = 0( L5 o+ W7 W; h3 k
net.ipv4.conf.all.bootp_relay = 0& T1 \9 u7 F* a) j% J5 W/ M
net.ipv4.conf.all.log_martians = 0
! D0 ?5 z3 E" ], [- L# Tnet.ipv4.conf.all.tag = 0
4 r: b. m4 p$ X1 J; d8 q: Qnet.ipv4.conf.all.arp_filter = 0
2 }& P" U/ U+ B4 Cnet.ipv4.conf.all.arp_announce = 0
" i2 }; H9 }7 Ynet.ipv4.conf.all.arp_ignore = 0
# B# i& x# S" P; g' g% jnet.ipv4.conf.all.arp_accept = 0
# I& G7 |4 J% q! inet.ipv4.conf.all.arp_notify = 07 H- {9 t3 r% I" V
net.ipv4.conf.all.proxy_arp_pvlan = 0
) A$ o1 D# Q ?0 n/ ?net.ipv4.conf.all.disable_xfrm = 0
5 J( P9 n$ M ^$ r. o% `$ N7 ]% Inet.ipv4.conf.all.disable_policy = 0$ w' K+ |% T5 N
net.ipv4.conf.all.force_igmp_version = 0
: [9 r% N+ X3 D7 hnet.ipv4.conf.all.promote_secondaries = 0% a$ U2 x$ U) o5 v! z
net.ipv4.conf.all.accept_local = 01 u7 M9 N4 ^( L/ ~" X1 Y8 p5 Y) e
net.ipv4.conf.all.route_localnet = 05 B+ A$ C k7 }. ~; v
net.ipv4.conf.default.forwarding = 0
) J: W8 ]7 b0 ]) P5 J: j0 L$ K cnet.ipv4.conf.default.mc_forwarding = 0
& { @& b$ [4 h: Z3 q7 h. U+ E2 Q; snet.ipv4.conf.default.accept_redirects = 1
- g* z; ^1 b6 g. F8 ]' d9 H" Lnet.ipv4.conf.default.secure_redirects = 1
" p$ g4 M* D4 y8 c, ^- F( w7 nnet.ipv4.conf.default.shared_media = 16 i/ @& l& R' l* ^1 c) N
net.ipv4.conf.default.rp_filter = 1
& p5 X+ a( \, | X3 x h+ onet.ipv4.conf.default.send_redirects = 1) B. v9 k \4 G$ _& P8 V
net.ipv4.conf.default.accept_source_route = 0
" n( e- H; R0 rnet.ipv4.conf.default.src_valid_mark = 0
+ A, _6 E2 d; h Z3 D2 H- s% s. Fnet.ipv4.conf.default.proxy_arp = 03 z! u/ F2 w; U9 T3 r- _
net.ipv4.conf.default.medium_id = 0
/ `* U' M, W$ V# Mnet.ipv4.conf.default.bootp_relay = 0
1 M7 D5 m/ L9 c3 |net.ipv4.conf.default.log_martians = 0
+ O8 j2 @2 f6 [3 p# i7 n* Cnet.ipv4.conf.default.tag = 0
3 X) S' p9 y, E4 M: l( O% G3 pnet.ipv4.conf.default.arp_filter = 0
7 K# P Y7 x: O0 W2 Xnet.ipv4.conf.default.arp_announce = 0
/ h/ M* ~, q* M# ynet.ipv4.conf.default.arp_ignore = 0
m$ U. \! J: [; [ l$ A" gnet.ipv4.conf.default.arp_accept = 0( \# f1 i# z7 U( y0 V3 R( w/ o
net.ipv4.conf.default.arp_notify = 03 C0 N( C! v8 W) h) V. q# O
net.ipv4.conf.default.proxy_arp_pvlan = 0
( n+ C/ r: d( P8 L" s- i, @net.ipv4.conf.default.disable_xfrm = 0 J! ^# D9 z( t3 i m, _5 ?
net.ipv4.conf.default.disable_policy = 0
2 f& }; z3 s1 R1 S1 `' Z4 [net.ipv4.conf.default.force_igmp_version = 0% G; f& \8 ?9 R
net.ipv4.conf.default.promote_secondaries = 0- H: i- C$ B5 }0 a+ @9 A G6 H
net.ipv4.conf.default.accept_local = 0
7 l* S! z* v* j- b- R8 l+ F$ Gnet.ipv4.conf.default.route_localnet = 0, U. l- Q9 U0 x" G5 h. q
net.ipv4.conf.lo.forwarding = 0
- X: x4 h+ o# d, `" t% Vnet.ipv4.conf.lo.mc_forwarding = 0
+ A- v& y' m: g* A% G2 Y% \4 @! Nnet.ipv4.conf.lo.accept_redirects = 1" Z1 U6 u: \9 A8 }' q( \: T
net.ipv4.conf.lo.secure_redirects = 1
`' E( P" E6 h2 `2 R0 G Jnet.ipv4.conf.lo.shared_media = 16 T0 {# N3 ^( r# D0 t8 D
net.ipv4.conf.lo.rp_filter = 1: Q% S4 l$ a. L. p7 R v: |; _
net.ipv4.conf.lo.send_redirects = 1
5 X" R& V! m) znet.ipv4.conf.lo.accept_source_route = 04 Z9 N" H! D& u8 `2 \
net.ipv4.conf.lo.src_valid_mark = 0
( r0 ~1 n' @% P7 ^; C* p unet.ipv4.conf.lo.proxy_arp = 0
) X# w% l. k7 v0 F, i0 ^$ v, Bnet.ipv4.conf.lo.medium_id = 00 H( S/ D, d' h2 d- O' B- ?& N
net.ipv4.conf.lo.bootp_relay = 0
; K6 `. o9 X! M# ?3 r- f& Pnet.ipv4.conf.lo.log_martians = 0- Y6 W( m7 ^( @) b7 H: p4 Y
net.ipv4.conf.lo.tag = 0
+ Y/ P8 ~3 V' t) ~- I! g/ g: enet.ipv4.conf.lo.arp_filter = 0+ Z" [$ H+ T% I' l# t: j
net.ipv4.conf.lo.arp_announce = 0
0 c4 L% i0 n: j: g) N1 `net.ipv4.conf.lo.arp_ignore = 0$ Q4 c7 L O0 \1 y* Y+ h4 k
net.ipv4.conf.lo.arp_accept = 0
* W" F% o/ h8 |6 q. pnet.ipv4.conf.lo.arp_notify = 0
9 ~% n8 s& K9 h/ r2 Ynet.ipv4.conf.lo.proxy_arp_pvlan = 0/ J, u2 ]5 K* s, |8 H; D ^
net.ipv4.conf.lo.disable_xfrm = 1$ s$ J* f' B7 l( c6 u
net.ipv4.conf.lo.disable_policy = 1
7 S- z" [2 y5 x% m! ^0 J! s% _net.ipv4.conf.lo.force_igmp_version = 0
* H& h; Z: r% q; u$ Unet.ipv4.conf.lo.promote_secondaries = 0) r" `. z% M4 `) f
net.ipv4.conf.lo.accept_local = 01 F5 M% k+ P7 M4 F3 R0 l3 ^
net.ipv4.conf.lo.route_localnet = 0
w0 K- @+ J+ D4 m2 |3 \' V& inet.ipv4.conf.eth0.forwarding = 0
1 |: M! C7 p" Gnet.ipv4.conf.eth0.mc_forwarding = 0
8 S6 s: c/ h7 g' }1 V- \net.ipv4.conf.eth0.accept_redirects = 1
6 g# `7 E, o& T# l7 y0 Rnet.ipv4.conf.eth0.secure_redirects = 1
! H) _4 H5 ?+ ~' C+ {# V2 C$ inet.ipv4.conf.eth0.shared_media = 1
& C& {" i9 [/ Q% ~# a rnet.ipv4.conf.eth0.rp_filter = 1
" E; V1 n6 F T7 }+ [# P! v+ P6 Cnet.ipv4.conf.eth0.send_redirects = 1
1 L' g3 J0 v: p: `5 ]5 I4 l$ }net.ipv4.conf.eth0.accept_source_route = 07 K" q9 X9 y+ R* Q u: V5 j/ `
net.ipv4.conf.eth0.src_valid_mark = 0
; F+ E. u( S. V1 T+ bnet.ipv4.conf.eth0.proxy_arp = 0- J9 d* Z) s8 o7 Z) Z. W
net.ipv4.conf.eth0.medium_id = 0; C5 ^, f. @" O2 A0 B
net.ipv4.conf.eth0.bootp_relay = 0" Q p1 l0 V# z# ?+ \. u
net.ipv4.conf.eth0.log_martians = 0 M8 ?7 e% o3 F" ~ B
net.ipv4.conf.eth0.tag = 0
, \& P% R4 P; \/ B8 X7 @! g( }net.ipv4.conf.eth0.arp_filter = 0
$ U6 o) Q# t4 ^1 D4 t6 z+ [2 k. @net.ipv4.conf.eth0.arp_announce = 0
. F0 P- N+ G: P8 |) cnet.ipv4.conf.eth0.arp_ignore = 09 r9 j# h& b* y @# B: I+ k2 S
net.ipv4.conf.eth0.arp_accept = 0
3 J5 _ v9 ~* z# K o- N' b2 H: wnet.ipv4.conf.eth0.arp_notify = 0
8 C% n) O) z" L8 u6 C( _net.ipv4.conf.eth0.proxy_arp_pvlan = 0
9 ]5 T9 A* [9 n @; g9 Tnet.ipv4.conf.eth0.disable_xfrm = 0% \1 k8 k' `8 V& d+ b
net.ipv4.conf.eth0.disable_policy = 09 Y: j1 P$ @ d% m
net.ipv4.conf.eth0.force_igmp_version = 0
* w+ B* e9 y% [- E) Q6 K; Dnet.ipv4.conf.eth0.promote_secondaries = 03 ]+ B; c: f! @; l
net.ipv4.conf.eth0.accept_local = 0
' G2 t" n6 t' p# }net.ipv4.conf.eth0.route_localnet = 0
! f: W/ G1 q* Xnet.ipv4.conf.pan0.forwarding = 05 @( e- F; V/ I! H6 Z3 z
net.ipv4.conf.pan0.mc_forwarding = 0& N% c5 V: \* Q% Q! A# h
net.ipv4.conf.pan0.accept_redirects = 1! i4 x& O' {0 z# m7 K
net.ipv4.conf.pan0.secure_redirects = 19 u: G) ~6 l& h0 z! i4 ]* N
net.ipv4.conf.pan0.shared_media = 18 Z5 k, N# g e6 o* S
net.ipv4.conf.pan0.rp_filter = 12 j- K5 O' k7 T+ Z
net.ipv4.conf.pan0.send_redirects = 1
9 |; f' Q- ^0 J* h9 Ynet.ipv4.conf.pan0.accept_source_route = 0
. a4 [: ]) R1 A& p8 {9 [net.ipv4.conf.pan0.src_valid_mark = 05 Y3 |7 W/ b4 }7 s5 {
net.ipv4.conf.pan0.proxy_arp = 04 y- E' n7 F* N) _
net.ipv4.conf.pan0.medium_id = 0
. Z" i1 A9 I5 V& c$ \" [net.ipv4.conf.pan0.bootp_relay = 0' M' X$ @: F @ ?% Y) h
net.ipv4.conf.pan0.log_martians = 0
# g( s/ S. z# P0 z- T$ j0 onet.ipv4.conf.pan0.tag = 0
0 {; u1 O2 C& M( c* y9 A/ Anet.ipv4.conf.pan0.arp_filter = 0
: r% M, f# q0 Mnet.ipv4.conf.pan0.arp_announce = 0, w9 b) m' l; t n
net.ipv4.conf.pan0.arp_ignore = 0" M! `7 |; r5 c l
net.ipv4.conf.pan0.arp_accept = 0- @+ C- z/ S- G$ j( u3 v% L. C- }
net.ipv4.conf.pan0.arp_notify = 0
0 p. B7 v9 Y- C( gnet.ipv4.conf.pan0.proxy_arp_pvlan = 0
& @: W# q; G; Y6 j$ Y; ynet.ipv4.conf.pan0.disable_xfrm = 0+ d& L1 _$ O* `6 I& `
net.ipv4.conf.pan0.disable_policy = 0
" `' q( N) y. y0 P& Ynet.ipv4.conf.pan0.force_igmp_version = 0: Z. P1 c+ C4 O+ d4 j
net.ipv4.conf.pan0.promote_secondaries = 0
: v. M9 V3 V- y5 l8 n/ qnet.ipv4.conf.pan0.accept_local = 0
; G$ S* z' k& Wnet.ipv4.conf.pan0.route_localnet = 0
: s: ?* |& [- E! [
8 f6 l7 ?0 N# ^+ z3 N8 J#是否开启ip转发功能,设置为路由服务器,必需开启此项* d( x7 c- G3 j
net.ipv4.ip_forward = 0
- ]4 K- _+ C) R* D [/ `net.ipv4.xfrm4_gc_thresh = 1048576
2 t* V) K2 a' }6 @! Z1 anet.ipv4.ipfrag_high_thresh = 4194304
5 |+ P* n* h) P. Znet.ipv4.ipfrag_low_thresh = 3145728
4 I, v3 k3 {1 ^9 R' ]net.ipv4.ipfrag_time = 30
+ Y4 X$ e, R5 T8 A( D/ Xnet.ipv4.icmp_echo_ignore_all = 09 H! J4 i' z. q, h3 l
net.ipv4.icmp_echo_ignore_broadcasts = 1! A: t2 C0 _$ g7 l. B( Y& q7 }7 [
net.ipv4.icmp_ignore_bogus_error_responses = 1
! x7 N( J8 V- G1 q8 jnet.ipv4.icmp_errors_use_inbound_ifaddr = 09 @/ v ~# X. Q, _6 n9 q; `
net.ipv4.icmp_ratelimit = 1000: }* u) E4 B1 k# S, I8 X
net.ipv4.icmp_ratemask = 6168" N3 |, w) I( `# V- ~
net.ipv4.rt_cache_rebuild_count = 4
& K5 j$ i/ F6 O2 dnet.ipv4.ping_group_range = 1 0& C9 F/ F4 `" w8 x P* l
net.ipv4.ipfrag_secret_interval = 600
( L* ]9 { t8 t; U: Xnet.ipv4.ipfrag_max_dist = 64
- l" x: B& v9 }. Z2 e3 ?net.ipv6.neigh.default.mcast_solicit = 3
) P, P$ q# r! j9 znet.ipv6.neigh.default.ucast_solicit = 3$ S( x" y4 h5 [0 J) e1 J2 R
net.ipv6.neigh.default.app_solicit = 0/ s A/ i* J; l- t; b9 n* \
net.ipv6.neigh.default.delay_first_probe_time = 5
4 A3 a2 a W" \3 B7 dnet.ipv6.neigh.default.gc_stale_time = 60
: F# A# ] W% u* J. ?* D9 Dnet.ipv6.neigh.default.unres_qlen = 3
/ g! J$ H9 |7 Q" `net.ipv6.neigh.default.proxy_qlen = 64. ^: H6 I" O* B
net.ipv6.neigh.default.anycast_delay = 99% g$ p2 T5 {# ^$ | S
net.ipv6.neigh.default.proxy_delay = 79
4 E G# @8 d$ c( Knet.ipv6.neigh.default.locktime = 0
5 E: O J2 g vnet.ipv6.neigh.default.retrans_time_ms = 10002 E$ E8 z9 o" S# B
net.ipv6.neigh.default.base_reachable_time_ms = 300006 A% \. }7 B0 _; |
net.ipv6.neigh.default.gc_interval = 30
" \+ C& ~3 |$ hnet.ipv6.neigh.default.gc_thresh1 = 128
& }. U" e8 f- [: n/ r2 snet.ipv6.neigh.default.gc_thresh2 = 512
; L7 x" e4 f. b" Tnet.ipv6.neigh.default.gc_thresh3 = 10241 D# K4 ]: U" w9 _! s
net.ipv6.neigh.lo.mcast_solicit = 3" a! _! s- J' F- Q9 W
net.ipv6.neigh.lo.ucast_solicit = 37 e) n2 m6 a! t ^9 z
net.ipv6.neigh.lo.app_solicit = 08 N2 Y* O& _: K9 s5 h) x
net.ipv6.neigh.lo.delay_first_probe_time = 5; B0 A: R8 p; E. e# R
net.ipv6.neigh.lo.gc_stale_time = 609 E% k/ ]2 G# Z8 |7 E5 ^9 @ ^, r
net.ipv6.neigh.lo.unres_qlen = 3
3 P0 n8 m5 w1 y, a: X3 b# [; a( \' Wnet.ipv6.neigh.lo.proxy_qlen = 64 ?3 O3 x& ]- M+ q
net.ipv6.neigh.lo.anycast_delay = 995 J3 W) b, X$ `% G
net.ipv6.neigh.lo.proxy_delay = 79
' G: [( f/ q+ enet.ipv6.neigh.lo.locktime = 0
2 w3 g6 @2 u4 O# F& k. [net.ipv6.neigh.lo.retrans_time_ms = 1000
( n) s8 s) E& F0 W2 s, B7 Inet.ipv6.neigh.lo.base_reachable_time_ms = 30000
" A6 [+ h$ L. l. J& ^2 w7 @- @net.ipv6.neigh.eth0.mcast_solicit = 3 n, ?% _* p# w
net.ipv6.neigh.eth0.ucast_solicit = 3/ s/ P5 v, {! |% z
net.ipv6.neigh.eth0.app_solicit = 01 N# Y" t) f$ G/ K/ J
net.ipv6.neigh.eth0.delay_first_probe_time = 5
9 T" a3 G+ O+ wnet.ipv6.neigh.eth0.gc_stale_time = 60
- ` q9 Y6 v+ O+ W {7 s$ \! N5 M6 Gnet.ipv6.neigh.eth0.unres_qlen = 3- s* \! m" I; D. g
net.ipv6.neigh.eth0.proxy_qlen = 64
- r3 Y0 T, }' S. c3 Z1 nnet.ipv6.neigh.eth0.anycast_delay = 99& D; R# r+ S( O7 c
net.ipv6.neigh.eth0.proxy_delay = 79
3 y' O( A8 @7 j7 n8 F/ |4 Gnet.ipv6.neigh.eth0.locktime = 0
1 f( R: i) e" r1 G, Y& q' D6 knet.ipv6.neigh.eth0.retrans_time_ms = 1000' ?7 F* f" H O7 V) A( f
net.ipv6.neigh.eth0.base_reachable_time_ms = 30000! X# X- m: w' z& ?$ ^* G
net.ipv6.neigh.pan0.mcast_solicit = 3
: h% Y/ {0 D: d: unet.ipv6.neigh.pan0.ucast_solicit = 3
7 O; _% h* z% Z1 n6 j& znet.ipv6.neigh.pan0.app_solicit = 0* F$ F( f0 f/ C
net.ipv6.neigh.pan0.delay_first_probe_time = 5) L+ |8 W4 @7 z* U5 C1 x
net.ipv6.neigh.pan0.gc_stale_time = 602 k" s+ \: T. F. L) [6 G5 m
net.ipv6.neigh.pan0.unres_qlen = 3% G3 X% P7 j* n; c' r
net.ipv6.neigh.pan0.proxy_qlen = 64
* D4 b# e- G7 Z6 u) Inet.ipv6.neigh.pan0.anycast_delay = 993 T/ b/ T/ S" d* \0 j& i# ^. S
net.ipv6.neigh.pan0.proxy_delay = 79
/ {" Z7 }3 _! e& D S6 ynet.ipv6.neigh.pan0.locktime = 0
/ N- X; k: _; d9 Y$ wnet.ipv6.neigh.pan0.retrans_time_ms = 1000$ V" c/ {* a: P5 t, y+ T6 h
net.ipv6.neigh.pan0.base_reachable_time_ms = 30000
) K ^3 {1 y; {% ]# j2 m5 i0 |net.ipv6.xfrm6_gc_thresh = 2048/ l8 W; [8 X5 M4 N* G
net.ipv6.conf.all.forwarding = 0 D& V; d w- N
net.ipv6.conf.all.hop_limit = 64
, W1 j; j. `: g0 i* j+ I( mnet.ipv6.conf.all.mtu = 1280
( r9 b. v9 W9 [) z# `net.ipv6.conf.all.accept_ra = 1
; E0 P* u' J5 R1 P! \$ Vnet.ipv6.conf.all.accept_redirects = 1
$ [5 n2 J b' S) d# @/ Fnet.ipv6.conf.all.autoconf = 19 R4 e6 x: P- m0 [% r. t$ D7 r. m3 K
net.ipv6.conf.all.dad_transmits = 15 U$ u/ U# h: V( G
net.ipv6.conf.all.router_solicitations = 3" t/ R4 ~ A1 I1 h% t g% W, K! M
net.ipv6.conf.all.router_solicitation_interval = 4$ @$ J8 u4 e' h4 K& ~, @
net.ipv6.conf.all.router_solicitation_delay = 1
4 B3 l) C" X$ a Y; K; `) Cnet.ipv6.conf.all.force_mld_version = 00 }; F+ b. p. W) T
net.ipv6.conf.all.use_tempaddr = 0/ V: |0 t: u" h D& [9 Q$ S4 G. N1 q
net.ipv6.conf.all.temp_valid_lft = 604800
c7 l' j. J- H# ]net.ipv6.conf.all.temp_prefered_lft = 86400
& t+ j! x1 u c. vnet.ipv6.conf.all.regen_max_retry = 5 n! i# s2 k$ t* ^" L
net.ipv6.conf.all.max_desync_factor = 600. V7 \3 C+ h3 b$ a& u* I/ O
net.ipv6.conf.all.max_addresses = 16
* e9 m: a, e- Y4 v9 c" Lnet.ipv6.conf.all.accept_ra_defrtr = 1
: d o' b: n- S" \1 h, j5 gnet.ipv6.conf.all.accept_ra_pinfo = 1
# R$ c9 H s; {( G7 R) R Snet.ipv6.conf.all.accept_ra_rtr_pref = 1
, l" o8 J% Y" j! x! z. W- ynet.ipv6.conf.all.router_probe_interval = 60
h1 E: P# _6 I- Q; z* e% Ynet.ipv6.conf.all.accept_ra_rt_info_max_plen = 0: `4 J$ r0 T: t) J% N
net.ipv6.conf.all.proxy_ndp = 0
2 ]4 ^8 j" y: ], U7 h' M. t) Bnet.ipv6.conf.all.accept_source_route = 0
3 T7 P i$ L- n' e- }0 Q0 |2 \$ r( jnet.ipv6.conf.all.optimistic_dad = 0
. Q1 R" f0 P- z+ w% Bnet.ipv6.conf.all.mc_forwarding = 0& W+ \2 `: N: S4 R& @! x
net.ipv6.conf.all.disable_ipv6 = 0; z* w7 p* q( ~3 Z: n
net.ipv6.conf.all.accept_dad = 1. ?+ a8 o6 W/ g
net.ipv6.conf.default.forwarding = 0
; D7 w* z# ?) M, C: y- @; \. p& N9 enet.ipv6.conf.default.hop_limit = 64
$ W. L2 U7 V8 X6 G; F9 S% Inet.ipv6.conf.default.mtu = 1280
9 o7 s& B2 C3 Onet.ipv6.conf.default.accept_ra = 19 j' n: x$ }/ c" E! V
net.ipv6.conf.default.accept_redirects = 1! x( s. B" [( h1 @
net.ipv6.conf.default.autoconf = 11 u, ~: L* P* Q; Q1 ^
net.ipv6.conf.default.dad_transmits = 1
* [9 x o! }; ~- r4 }3 ]) onet.ipv6.conf.default.router_solicitations = 3
9 m' I$ R8 M. \; cnet.ipv6.conf.default.router_solicitation_interval = 4
# b6 i* A' S1 B( U' E% y9 }net.ipv6.conf.default.router_solicitation_delay = 1( V7 {" J) b, T3 x6 |- j# n
net.ipv6.conf.default.force_mld_version = 0
# J& ]$ P, T0 s6 I0 enet.ipv6.conf.default.use_tempaddr = 0
8 D* A6 m, f1 C# K" G x8 u- nnet.ipv6.conf.default.temp_valid_lft = 604800
7 v: f7 ]/ n5 B+ @7 U. o# Q! ]2 g( A( znet.ipv6.conf.default.temp_prefered_lft = 86400
& B( c9 E$ d8 `$ unet.ipv6.conf.default.regen_max_retry = 56 M3 K+ X2 I9 {$ ~! q
net.ipv6.conf.default.max_desync_factor = 600( b L2 W4 V1 {1 Q( Z$ b$ E
net.ipv6.conf.default.max_addresses = 16& r! n( Q3 W' X) i0 l/ P
net.ipv6.conf.default.accept_ra_defrtr = 1) F5 ~5 u( h2 u- Z; }3 `
net.ipv6.conf.default.accept_ra_pinfo = 1
# C( ]( g- I9 {# v! \net.ipv6.conf.default.accept_ra_rtr_pref = 1) S* t* I& x) ?- t( {0 \5 ?
net.ipv6.conf.default.router_probe_interval = 60
: N! M4 y8 n% j; ~# Ynet.ipv6.conf.default.accept_ra_rt_info_max_plen = 00 U* W7 r8 U+ s# ?+ s Z7 F
net.ipv6.conf.default.proxy_ndp = 0, A X `) p3 a6 c1 g4 P$ `1 t
net.ipv6.conf.default.accept_source_route = 0: d& F2 |4 a4 t/ z4 ?
net.ipv6.conf.default.optimistic_dad = 0
) h, Z% r4 I, Y2 x; x V6 bnet.ipv6.conf.default.mc_forwarding = 0" p3 L" J6 a% i
net.ipv6.conf.default.disable_ipv6 = 0
( u: W; r" [9 s" o e/ `5 Knet.ipv6.conf.default.accept_dad = 13 B6 E8 c2 v/ A8 u, Q
net.ipv6.conf.lo.forwarding = 0$ A* R/ a+ ~4 T) r0 G
net.ipv6.conf.lo.hop_limit = 64
, H% R+ P1 m6 O2 z/ m1 ~ vnet.ipv6.conf.lo.mtu = 65536
3 _8 u" U7 J+ Z. @( I; h1 {- O& Gnet.ipv6.conf.lo.accept_ra = 15 y1 I$ l/ N% r+ q
net.ipv6.conf.lo.accept_redirects = 1/ c/ z G& A6 B) p
net.ipv6.conf.lo.autoconf = 1
- ?3 q4 Z) \7 }( p+ P3 `& hnet.ipv6.conf.lo.dad_transmits = 1; Q+ J7 d8 V3 |$ _* ~" _
net.ipv6.conf.lo.router_solicitations = 3
; |: b2 e- h& Y+ @0 J, n' T; tnet.ipv6.conf.lo.router_solicitation_interval = 4! M% a* D! \0 Y( q8 ^, i6 o
net.ipv6.conf.lo.router_solicitation_delay = 1. i8 X" J& X1 t' y
net.ipv6.conf.lo.force_mld_version = 04 c3 d9 H3 M4 H
net.ipv6.conf.lo.use_tempaddr = -1/ o x! {7 ]$ x) N! q
net.ipv6.conf.lo.temp_valid_lft = 604800' V7 O9 K. Z: ~' M& _: y
net.ipv6.conf.lo.temp_prefered_lft = 864000 i* r3 O, w) M7 s- P
net.ipv6.conf.lo.regen_max_retry = 5( \/ z' g& }" k
net.ipv6.conf.lo.max_desync_factor = 6008 O, O. R) q9 O* T, k& O s2 |
net.ipv6.conf.lo.max_addresses = 16) \1 C: e. f: X$ ~
net.ipv6.conf.lo.accept_ra_defrtr = 1
6 D" k/ i$ x5 k2 b8 t/ |; _. C6 [net.ipv6.conf.lo.accept_ra_pinfo = 1
; z3 H- t7 k: x' d( Lnet.ipv6.conf.lo.accept_ra_rtr_pref = 10 l p4 c& n. z
net.ipv6.conf.lo.router_probe_interval = 60, I8 n7 q" j. B
net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0$ o# A6 c1 o0 Y; _
net.ipv6.conf.lo.proxy_ndp = 0. I- G; j0 T8 z
net.ipv6.conf.lo.accept_source_route = 0
5 l$ i9 l& u/ l- O' q4 P5 mnet.ipv6.conf.lo.optimistic_dad = 0* U! Q1 C- e* N |! J
net.ipv6.conf.lo.mc_forwarding = 0
" w7 X. a! g$ m: [6 @net.ipv6.conf.lo.disable_ipv6 = 0. D# h& k3 Z3 Z, l
net.ipv6.conf.lo.accept_dad = -1. F6 |* Q: q' L9 z6 m+ F; w0 ], c
net.ipv6.conf.eth0.forwarding = 0
( y+ Y8 R0 g% E9 `2 A& A0 a7 }) nnet.ipv6.conf.eth0.hop_limit = 64
$ p) T9 x6 Y N) Q- O, dnet.ipv6.conf.eth0.mtu = 1500
4 L: o" g/ c. r% W2 t V$ M3 [net.ipv6.conf.eth0.accept_ra = 1# m" ^, h! i7 B( {9 U' O. x' P
net.ipv6.conf.eth0.accept_redirects = 1& B; x8 o% q, B9 |
net.ipv6.conf.eth0.autoconf = 1: R6 g& b( O& P" f+ o
net.ipv6.conf.eth0.dad_transmits = 1+ a9 X2 J: }( O- g0 B; w
net.ipv6.conf.eth0.router_solicitations = 3- Q0 u! X- G- R8 k
net.ipv6.conf.eth0.router_solicitation_interval = 4 Q3 |. U& [- M0 v
net.ipv6.conf.eth0.router_solicitation_delay = 1* @1 W0 q3 Q+ x$ `: D
net.ipv6.conf.eth0.force_mld_version = 0
7 a4 M4 M+ W, y5 j0 Snet.ipv6.conf.eth0.use_tempaddr = 0
8 m6 R* |) Q( \0 @net.ipv6.conf.eth0.temp_valid_lft = 604800
7 d5 Y! d5 Z9 I, L( C3 Jnet.ipv6.conf.eth0.temp_prefered_lft = 86400
5 I" ~, P; b9 l7 Mnet.ipv6.conf.eth0.regen_max_retry = 5) n' o) H# Y9 P
net.ipv6.conf.eth0.max_desync_factor = 6002 {. a$ `& u( z* S' t
net.ipv6.conf.eth0.max_addresses = 16
2 e9 h% j! }, J: V% b3 _net.ipv6.conf.eth0.accept_ra_defrtr = 1+ }1 l( z. }, n) |, l
net.ipv6.conf.eth0.accept_ra_pinfo = 1& x; C1 U5 C! @( X: h
net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
/ \' H) K1 {4 p$ R9 \net.ipv6.conf.eth0.router_probe_interval = 60& Q; D! E, |# h8 R- m) h/ L' c" h1 z
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0) E: `4 n2 m7 I3 B5 K
net.ipv6.conf.eth0.proxy_ndp = 0
8 N% g5 J8 A6 C' Onet.ipv6.conf.eth0.accept_source_route = 04 E0 M2 N: @4 e, F- P% [1 w
net.ipv6.conf.eth0.optimistic_dad = 0& |2 R) } Z3 T2 _$ d1 Z) n0 ^
net.ipv6.conf.eth0.mc_forwarding = 0
5 q7 J9 I) w- X- Rnet.ipv6.conf.eth0.disable_ipv6 = 0! F8 `, z' u& F: e$ S6 `3 s
net.ipv6.conf.eth0.accept_dad = 1+ K( v1 c) J! O* k" K l, k
net.ipv6.conf.pan0.forwarding = 0+ n9 F% U- _4 A, k: Q
net.ipv6.conf.pan0.hop_limit = 64; Z" }; c$ q( ^2 N1 h; J0 J' E
net.ipv6.conf.pan0.mtu = 15005 w, r$ `! Y8 J
net.ipv6.conf.pan0.accept_ra = 1! @" L& O" q! ^) z% i
net.ipv6.conf.pan0.accept_redirects = 12 c P9 w3 y& l3 B2 \
net.ipv6.conf.pan0.autoconf = 1, c! M+ c1 F( q; r- H" l
net.ipv6.conf.pan0.dad_transmits = 1
) P1 A4 x9 M% I3 A. J' Bnet.ipv6.conf.pan0.router_solicitations = 3* S5 n% b$ ?. I6 D
net.ipv6.conf.pan0.router_solicitation_interval = 49 w L5 ~3 T3 ?/ d& m
net.ipv6.conf.pan0.router_solicitation_delay = 1/ N* A4 D( I* _6 X/ f+ D) P8 x) B
net.ipv6.conf.pan0.force_mld_version = 05 u+ s" i8 y: |: P [; s
net.ipv6.conf.pan0.use_tempaddr = 0
5 K4 q0 n( ?* K5 ^; I5 Xnet.ipv6.conf.pan0.temp_valid_lft = 604800
0 f6 R: C' n0 Jnet.ipv6.conf.pan0.temp_prefered_lft = 86400) b% R. b4 Q- d& s4 V S
net.ipv6.conf.pan0.regen_max_retry = 5
- z/ r; u0 `) ?- S( Enet.ipv6.conf.pan0.max_desync_factor = 600! i# g2 }8 D7 c; f& g
net.ipv6.conf.pan0.max_addresses = 164 b. k7 M- U/ p( S; W0 L0 H
net.ipv6.conf.pan0.accept_ra_defrtr = 1- d$ S5 N$ j/ I" q I: v# @% X0 |
net.ipv6.conf.pan0.accept_ra_pinfo = 1
# E" J, |- ~: \6 v+ Z& |5 nnet.ipv6.conf.pan0.accept_ra_rtr_pref = 1
, o8 T# U1 x1 r" A; e6 Enet.ipv6.conf.pan0.router_probe_interval = 606 r- G& l0 _4 N
net.ipv6.conf.pan0.accept_ra_rt_info_max_plen = 00 T6 w* x' |! {6 c$ l
net.ipv6.conf.pan0.proxy_ndp = 01 I5 n7 s- g; ~. G2 P
net.ipv6.conf.pan0.accept_source_route = 0" N# z1 \0 O+ i
net.ipv6.conf.pan0.optimistic_dad = 05 n( U% ^ X. Q+ A% R
net.ipv6.conf.pan0.mc_forwarding = 0) |9 u- h; x3 W
net.ipv6.conf.pan0.disable_ipv6 = 0
- e, A# k- A/ {; M) ], G/ p: gnet.ipv6.conf.pan0.accept_dad = 1
2 P8 @4 k0 f2 H9 s. B: bnet.ipv6.ip6frag_high_thresh = 4194304 i+ U/ n6 R: j( B. m0 c
net.ipv6.ip6frag_low_thresh = 3145728
1 j" S. y3 X1 M6 {7 Z5 {net.ipv6.ip6frag_time = 60
* N1 L# ]5 {" r. ]9 g/ n+ G- Y/ Unet.ipv6.route.gc_thresh = 1024
" Z2 b2 n! K- P Z, V! y6 U+ \+ ]- Anet.ipv6.route.max_size = 4096' M, x# ?9 k& l9 T9 Q# T
net.ipv6.route.gc_min_interval = 0
( m! g; ^% p+ V- \net.ipv6.route.gc_timeout = 60
% _, {6 W# M x) C! _3 @net.ipv6.route.gc_interval = 30- ~3 F1 o: E' [0 D: }% N k
net.ipv6.route.gc_elasticity = 04 W+ w/ b$ t* x9 G4 T
net.ipv6.route.mtu_expires = 6009 H7 S$ V0 J3 }. m* ~
net.ipv6.route.min_adv_mss = 1
0 w; P+ v# l* T! _% unet.ipv6.route.gc_min_interval_ms = 500
' P0 F/ T6 ^0 I f u$ vnet.ipv6.icmp.ratelimit = 1000; S$ E0 O0 Z" j0 {0 T0 |
net.ipv6.bindv6only = 0* Y" o3 c% G2 n5 C
net.ipv6.nf_conntrack_frag6_timeout = 60
; I' ^# L5 L: V# L$ ynet.ipv6.nf_conntrack_frag6_low_thresh = 3145728
( i; J0 P8 O7 g( [/ ^net.ipv6.nf_conntrack_frag6_high_thresh = 4194304 n' ^8 S/ s+ }; V0 z# T. t9 Y9 ^
net.ipv6.ip6frag_secret_interval = 600- R" o; j; S" l7 X% |, p
net.ipv6.mld_max_msf = 64
) P$ m" H& |% V1 V2 z! B7 \net.nf_conntrack_max = 65536
8 D& g9 G, p1 ^net.bridge.bridge-nf-call-arptables = 1
+ G* }' j1 b7 v9 Gnet.bridge.bridge-nf-call-iptables = 1, k% I z+ [/ a% [
net.bridge.bridge-nf-call-ip6tables = 1
4 }3 D" j, V1 S) M7 v2 ^net.bridge.bridge-nf-filter-vlan-tagged = 0
6 l, l6 Z0 A8 } Unet.bridge.bridge-nf-filter-pppoe-tagged = 0, g( B+ V, I! ?5 W) [. O6 }
net.unix.max_dgram_qlen = 100 r F9 h4 o! o7 O3 P/ |
abi.vsyscall32 = 1
* v+ ~1 j. Y7 O4 `crypto.fips_enabled = 0 |
|
发表于 2022-7-16 07:25:10