- 积分
- 16844
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2022-7-16 07:26:40
|
显示全部楼层
sysctl.conf文件配置详解% _% }" A4 G/ l$ @3 u# b
临时生效
) w9 Z) S5 D# r+ Q/ l#修改后,马上生效,重启或者service network restart失效, M" L) s" `/ Q/ [ P5 H
sysctl -w fs.file-max=999999
' Z' g7 j* H$ h' Q4 L5 T) |" Q6 D6 o2 k9 _2 M" V& g
永久生效4 Z X0 M( Z2 v; u
#vim /etc/sysctl.conf6 d6 C) @5 j W4 E3 `+ O: k
fs.file-max=999999* a" x0 K1 l+ A8 c9 r+ @: Z% S
#保存后,执行sysctl -p 或者重启服务器生效9 L4 W0 X! Z7 W& i
查看配置$ p6 Z1 S4 c* ]2 M4 C
sysctl -a #消失全部配置
3 O5 P( W* J9 S% P+ Y/ Osysctl fs.file-max #显示fs.file-max的值
) c6 {( y' Q: n* D2 X: `) m# sysctl -a | grep file #模糊查找
0 l3 n/ j6 C, S: M参考资料:Linux Tcp参数设置
2 m- ~7 I+ H) l& J/ l" ]) J9 {5 G& Q1 F4 U" ^" C4 U8 o* G2 I
kernel.sched_child_runs_first = 0
$ r! O4 h0 d( r4 Z" ^, r7 u( z/ O0 a
kernel.sched_min_granularity_ns = 3000000
( E. Y9 R7 ~4 L0 u- ukernel.sched_latency_ns = 15000000; }5 S* ^& O7 i, D6 B$ ~: r
kernel.sched_wakeup_granularity_ns = 3000000! P! L$ F7 ]' X
kernel.sched_tunable_scaling = 1
; a% }8 A) R$ M$ J8 ~- V/ b, g
' h) N. I6 C H! v0 h, ?kernel.sched_features = 3183
9 s1 S1 C) o' d/ ]8 F+ A# L* i! w0 `kernel.sched_migration_cost = 500000) s v' V7 @5 r" S w# N
kernel.sched_nr_migrate = 32
% a4 F0 N; ?3 okernel.sched_time_avg = 1000
$ |1 ?6 c+ b4 Q- Z/ T; o" v6 q' K6 Hkernel.sched_shares_window = 100000004 K2 @+ q# L- b" z8 Q# U
kernel.timer_migration = 1
' u3 R: l2 l4 e+ Y2 Akernel.sched_rt_period_us = 1000000+ `7 ]5 o! ^* S" v* T6 X8 x+ j2 M
kernel.sched_rt_runtime_us = 950000
. x- e( W1 F. |' }9 {2 G! L# {- Ukernel.sched_compat_yield = 0/ G2 q/ x/ w- O* W3 J7 q1 c
kernel.sched_rr_timeslice_ms = 100, w v2 Z! o7 H
kernel.sched_autogroup_enabled = 09 v+ C" W0 g6 p( Q
kernel.sched_cfs_bandwidth_slice_us = 5000
6 t; Q1 N( N1 Z) _ d+ {kernel.panic = 0- G( Q6 B6 n( ?$ V1 q/ I
kernel.exec-shield = 1. \# L+ Q1 K1 j, R$ `7 l# l) U
kernel.core_uses_pid = 1
, c' {* ^- c! p8 {8 qkernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e" h6 z. B8 O- \# A5 L
kernel.core_pipe_limit = 42 z6 s# s) }' A& l
kernel.tainted = 0+ s' x$ Z% M' z& ?! Q+ {
kernel.real-root-dev = 0
+ R% s- ?) H' Z2 h+ o9 hkernel.print-fatal-signals = 01 J! v7 a& T$ [3 @ c
kernel.ctrl-alt-del = 06 ^- m/ I6 D; J3 ]2 Z b( m4 M3 c
kernel.ftrace_enabled = 1
/ W) F; Y+ g' X4 jkernel.stack_tracer_enabled = 0
. H: Y3 C. ]3 u! J6 }kernel.ftrace_dump_on_oops = 09 C' v2 a" v9 c0 k
kernel.modprobe = /sbin/modprobe
7 P1 Z' `3 G- Wkernel.modules_disabled = 0
1 B' T7 W5 |, T4 V+ fkernel.kexec_load_disabled = 0% g7 b/ I( q- k* l
kernel.hotplug =
$ Y1 F& V1 w. K& D1 ]+ p, Gkernel.acct = 4 2 30
* e) ]6 |) j' z9 i9 n- B2 ukernel.sysrq = 0
0 S, t4 N* A; k) S; \6 W% ikernel.cad_pid = 1
$ Y9 C$ U2 o1 M- ~1 z% fkernel.threads-max = 60719
4 ~- T. J6 {, S: W8 ?kernel.random.poolsize = 4096! H' E& `* Y% z3 U. D
kernel.random.entropy_avail = 455
5 t: y+ m( B# T0 Y4 ~( Ikernel.random.read_wakeup_threshold = 64
3 d D$ u ~3 V+ ~kernel.random.write_wakeup_threshold = 1283 ^" V3 E, ], Y" }
kernel.random.boot_id = 7ed1dbbb-9671-4ee2-8d81-58c58ba824ac
) ?! R9 m2 G! [6 K: u1 ~$ ?kernel.random.uuid = d1f372bb-bca8-4338-9d48-b9855a4ec41a7 Y! C# r8 d; f, Y k& [( B
kernel.usermodehelper.bset = 4294967295 4294967295
9 B. c4 [$ y& J6 n3 Kkernel.usermodehelper.inheritable = 4294967295 4294967295$ D& Z5 _: N! i. \
kernel.overflowuid = 65534
# u6 Q' P7 c9 v. l$ r9 kkernel.overflowgid = 65534
5 [6 n1 b6 n1 }: h2 Tkernel.pid_max = 131072
$ ?( L) N7 J* D; t4 D' d7 Lkernel.panic_on_oops = 1
: K% `# }2 _% z0 U5 i( E% ekernel.printk = 4 4 1 7
7 u: E- y3 ]7 t ], H. b: M! m# `kernel.printk_ratelimit = 5: t; p5 }% i7 |
kernel.printk_ratelimit_burst = 10. Y% P& O( m9 g3 `8 R/ N
kernel.printk_delay = 0
9 @( F- D1 f2 M- S6 u H- f. T% nkernel.dmesg_restrict = 04 X' t0 j+ g* \* l! \
kernel.kptr_restrict = 11 d6 R) a% v( v' x/ v3 X
kernel.ngroups_max = 65536
4 X2 y& k: m: i3 C0 o( v! jkernel.watchdog = 1
# o; {4 j$ o; r- o! A* L2 J9 qkernel.watchdog_thresh = 603 b$ i) [+ u3 |( J0 ]
kernel.softlockup_panic = 0, ?9 I" w; C4 ?( X& x
kernel.nmi_watchdog = 1
# w+ i$ q l* m9 \4 j" M) B0 [kernel.unknown_nmi_panic = 0) j! a5 M6 t5 K
kernel.panic_on_unrecovered_nmi = 0: E+ j6 }# }2 G+ L
kernel.panic_on_io_nmi = 0
$ c3 z% A( k2 e* g6 ]! jkernel.bootloader_type = 113/ O% D/ r3 B0 `, s
kernel.bootloader_version = 12 y2 K9 ?/ o& q' r6 G
kernel.kstack_depth_to_print = 12# t V. V( M/ W1 D9 o
kernel.io_delay_type = 0, p/ ^* ~5 F; \/ `9 Z+ H3 j
kernel.randomize_va_space = 23 F3 i) Y' L9 V. k
kernel.acpi_video_flags = 0
! d3 K8 n, A$ _# Y4 xkernel.hung_task_panic = 0
" Q- g4 d+ D6 ^. C2 g- Rkernel.hung_task_check_count = 4194304" u* B+ N' W7 }/ ^( x) }+ _
kernel.hung_task_timeout_secs = 1206 u" S6 R- V2 d( L! s( C; M
kernel.hung_task_warnings = 10
& A( |+ |0 b, {7 ?kernel.compat-log = 1; {- ]3 T; Q! w- M6 X
kernel.max_lock_depth = 1024
5 s1 `" V4 I% Y9 A- rkernel.poweroff_cmd = /sbin/poweroff
' z( C/ |. a! p& pkernel.keys.maxkeys = 200# x, v# |1 l6 q
kernel.keys.maxbytes = 20000( z1 c/ S; d# L
kernel.keys.root_maxkeys = 1000000( I% t. y% s3 X6 ^( H! x
kernel.keys.root_maxbytes = 25000000
9 W8 @, E' l2 E2 S" z1 g" dkernel.keys.gc_delay = 3003 J, t$ E4 _% C2 ?
kernel.slow-work.min-threads = 2
+ B0 x& g+ {; e7 P9 z$ N* [kernel.slow-work.max-threads = 128+ ^3 I, q6 t5 t. R
kernel.slow-work.vslow-percentage = 509 u. [! K, |+ C" x9 Y" V
kernel.perf_event_paranoid = 14 Q2 G3 I/ k0 g# w6 M
kernel.perf_event_mlock_kb = 516# ~" ] t* W8 z1 @+ t3 l8 n; V0 {
kernel.perf_event_max_sample_rate = 1000005 p2 k' @* U* q/ b. o9 R! c/ g
kernel.blk_iopoll = 1
; r$ s+ b5 Y& G2 Bkernel.sched_domain.cpu0.domain0.min_interval = 12 n, ]( c6 w8 w! c4 g
kernel.sched_domain.cpu0.domain0.max_interval = 4$ e8 z$ U! f% n, V7 G6 O
kernel.sched_domain.cpu0.domain0.busy_idx = 2
- W8 y {- ^9 l. _kernel.sched_domain.cpu0.domain0.idle_idx = 1
6 d" S2 `- d* {/ r2 n$ Pkernel.sched_domain.cpu0.domain0.newidle_idx = 03 T$ B. p( E: d5 z
kernel.sched_domain.cpu0.domain0.wake_idx = 0# t8 _! ~) P3 c. z# \
kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
/ c3 p/ E: @& W7 Pkernel.sched_domain.cpu0.domain0.busy_factor = 648 d# @5 D, b) |
kernel.sched_domain.cpu0.domain0.imbalance_pct = 125
& h! Z* f% ?2 }( skernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
+ z$ C' b4 @; s# u# E5 b4 }: fkernel.sched_domain.cpu0.domain0.flags = 41436 s) H" Q5 F% F4 h
kernel.sched_domain.cpu0.domain0.name = CPU
+ Q: j m0 i1 @$ v2 H j, lkernel.sched_domain.cpu1.domain0.min_interval = 1' T, k8 n& d1 e" z% p2 U
kernel.sched_domain.cpu1.domain0.max_interval = 4
! Y" P2 O+ i+ x0 w1 h8 Ikernel.sched_domain.cpu1.domain0.busy_idx = 2
3 p+ v5 s' v, ^% m, `3 J0 k+ Z8 |kernel.sched_domain.cpu1.domain0.idle_idx = 1) l: D% ?( y8 E, b" L
kernel.sched_domain.cpu1.domain0.newidle_idx = 0
4 A4 Y- i" ^4 T+ B; Qkernel.sched_domain.cpu1.domain0.wake_idx = 0
- b" m( ~4 V! u9 i E) G: ]kernel.sched_domain.cpu1.domain0.forkexec_idx = 0* O5 `* s- b5 k! C6 g
kernel.sched_domain.cpu1.domain0.busy_factor = 645 p3 F6 r2 d. g
kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
7 o1 X0 m6 } [! `kernel.sched_domain.cpu1.domain0.cache_nice_tries = 17 L5 \. o5 M; M( K8 V
kernel.sched_domain.cpu1.domain0.flags = 4143" r! u' s; x$ u( ^# w
kernel.sched_domain.cpu1.domain0.name = CPU
" t8 w7 _# }" G2 Ukernel.sched_domain.cpu2.domain0.min_interval = 1
1 o: i* J+ f8 w+ akernel.sched_domain.cpu2.domain0.max_interval = 4" x4 g, g2 s i( M+ c3 @
kernel.sched_domain.cpu2.domain0.busy_idx = 2
3 {1 X* ]1 h5 e: {+ ~' Lkernel.sched_domain.cpu2.domain0.idle_idx = 1
( \0 n1 F$ J' nkernel.sched_domain.cpu2.domain0.newidle_idx = 0% b" y) H* n, `& ` W- c
kernel.sched_domain.cpu2.domain0.wake_idx = 0
9 @: c& k" s3 q! n3 ~9 B# okernel.sched_domain.cpu2.domain0.forkexec_idx = 0
% s7 v+ |: \5 H, Ckernel.sched_domain.cpu2.domain0.busy_factor = 649 Y- e* D, v+ B
kernel.sched_domain.cpu2.domain0.imbalance_pct = 125+ x/ R% |5 c, N E5 g
kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
% z e- v+ q# w) l% a8 g9 B* vkernel.sched_domain.cpu2.domain0.flags = 41433 ^8 p" x- ?9 R3 | F3 X3 N
kernel.sched_domain.cpu2.domain0.name = CPU" w5 l2 g: K) X( Q& j. o% ?. R6 ^2 C
kernel.sched_domain.cpu3.domain0.min_interval = 1
" L' a- B$ I2 ]1 ^% Fkernel.sched_domain.cpu3.domain0.max_interval = 4+ a U' d) {1 \- Y% e( a
kernel.sched_domain.cpu3.domain0.busy_idx = 2
/ s9 }( D2 ~4 c) v5 \ x1 S( Jkernel.sched_domain.cpu3.domain0.idle_idx = 1
# K( ] D J0 b) Zkernel.sched_domain.cpu3.domain0.newidle_idx = 0
1 |+ ?2 \: ?4 h: |# Z" H& K7 fkernel.sched_domain.cpu3.domain0.wake_idx = 03 z) V7 f, c5 L" S7 M
kernel.sched_domain.cpu3.domain0.forkexec_idx = 0
% {4 i! s) [7 Q1 P; q" ]) ykernel.sched_domain.cpu3.domain0.busy_factor = 64
7 g6 C/ g8 S5 @, [/ }kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
0 t# w+ U; E/ _: V' Dkernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
) r' t* c: V) ?# @- l) Wkernel.sched_domain.cpu3.domain0.flags = 4143
M: O$ \4 h% ?& \( p, W% Jkernel.sched_domain.cpu3.domain0.name = CPU4 H+ T3 U% x9 d, |+ A
kernel.vsyscall64 = 1) S* S- g, [: e' z3 e
kernel.ostype = Linux) k( e3 Y5 x: Z# m+ G
kernel.osrelease = 2.6.32-504.el6.x86_64" K" F! a8 \7 v# k
kernel.version = #1 SMP Wed Oct 15 04:27:16 UTC 2014; s/ T$ L( z6 F8 w F8 [
kernel.hostname = xapi.128.com3 P8 r9 q6 J( o" G+ i" U" B
kernel.domainname = (none)
6 ~; }7 T; J. _* n, Hkernel.pty.max = 4096" @/ t; n( C) X3 k5 d8 A
kernel.pty.nr = 16 S; F& n$ w& y. U0 H
kernel.shmmax = 68719476736
. m. [+ P4 v$ A: Y7 F% ?! l7 M% N6 @kernel.shmall = 4294967296- ` x% V( U( A% q
kernel.shmmni = 4096
6 [3 a9 m+ R7 o6 zkernel.shm_rmid_forced = 0
& `- ^! ]6 r. D5 c8 k" Vkernel.msgmax = 65536
, o+ |# \6 W' X7 I) o3 H6 lkernel.msgmni = 7627
3 B9 _+ N' u' L/ zkernel.msgmnb = 65536" w& U) e4 y7 \- t3 ?: \* J, l
kernel.sem = 250 32000 32 128" p3 g$ \( B: l* g% a% H) w# t% [
kernel.auto_msgmni = 1
, t( J. Z, k4 N: M5 h! _9 ^5 Mvm.overcommit_memory = 0
! K- Z- g: m9 s$ j: H' wvm.panic_on_oom = 0
$ s( y6 Y8 z6 ^: k. J+ evm.oom_kill_allocating_task = 0
9 I5 ^1 Z! d7 s4 w6 V! ^& z( O4 Tvm.extfrag_threshold = 500
: F* c; A7 \ @4 E- Qvm.oom_dump_tasks = 1
& k, h2 c. O, u s wvm.would_have_oomkilled = 02 i' K5 L) S( d
vm.overcommit_ratio = 500 Q) |( R3 A3 g
vm.overcommit_kbytes = 0
f9 T V# @( ~/ jvm.page-cluster = 3, i; @; W- K v0 A* k% A' `# h
vm.dirty_background_ratio = 10
. h9 ?* F2 U) cvm.dirty_background_bytes = 0
) }+ a! [9 {' ^3 \+ e8 _4 Tvm.dirty_ratio = 20! Z: ?% M: n, h
vm.dirty_bytes = 0
0 @; f# v' ^+ w2 C2 d6 A6 s J7 bvm.dirty_writeback_centisecs = 500& M( C# {# w" i8 Q" u! Q; @
vm.dirty_expire_centisecs = 3000
9 _8 s& x8 B ]5 b- vvm.nr_pdflush_threads = 0
2 w0 @; [1 n3 H& Evm.swappiness = 60" {' n5 t d/ X+ L }, w( u; O
vm.nr_hugepages = 04 A w5 r0 M# v$ Z j# E+ b
vm.nr_hugepages_mempolicy = 03 ?5 e+ ~4 k4 D6 C% C# d
vm.hugetlb_shm_group = 0
2 k! ~$ h8 N2 k6 f& O, s1 \vm.hugepages_treat_as_movable = 0
) o4 M( v4 W4 O6 g% C% ovm.nr_overcommit_hugepages = 0# ?( C4 n6 o3 L' i3 Z! ~# m
vm.lowmem_reserve_ratio = 256 256 328 ^. r) ~! ?1 N4 J( j' F/ h0 @
vm.drop_caches = 09 l3 ]" b: ?1 y
vm.min_free_kbytes = 67584: ], \ w, J8 X, X5 ]/ \
vm.extra_free_kbytes = 06 k& s( s% f: \5 [% l. A/ C
vm.unmap_area_factor = 0
0 _, S e. @! }4 B! vvm.meminfo_legacy_layout = 1, M. }0 k2 N! b. P
vm.percpu_pagelist_fraction = 05 w1 Y. g+ }7 ~) `
vm.max_map_count = 65530& J! T+ Q1 B3 \2 }2 o: u- k
vm.laptop_mode = 0
9 W+ b* T" @: p, d. W% U3 xvm.block_dump = 07 t. `3 c6 K2 R! M
vm.vfs_cache_pressure = 100( D/ O4 h7 B& g; R
vm.legacy_va_layout = 03 g# _* u. |% r5 Y% Z5 j2 F# t
vm.zone_reclaim_mode = 07 P" C7 Y- o* F6 q4 h+ Z4 a7 Y+ L; f
vm.min_unmapped_ratio = 1
: U/ n: |2 C$ c! Nvm.min_slab_ratio = 5- V; ?, Z* a2 [) m; \& I
vm.stat_interval = 1& o/ O' ]/ q, r
vm.mmap_min_addr = 4096
' G* k* q# o: C, h m" lvm.numa_zonelist_order = default& t( Z# S1 g4 r* R- I5 s
vm.scan_unevictable_pages = 0
1 E2 M9 s3 Y+ Z; j3 k% g0 fvm.memory_failure_early_kill = 0
' Y! v$ z" k7 c: Vvm.memory_failure_recovery = 1* ^; L+ A# D' B( ]7 {! w" K
fs.inode-nr = 14659 243
9 Q2 E8 ?1 D" P5 Afs.inode-state = 14659 243 0 0 0 0 0% G) t# P( k @( B) X* o
fs.file-nr = 1216 0 385492, g3 V+ e8 L6 i
7 e( X% {: k" i( }/ f+ n2 S4 C& Q$ G
#【nginx】这个参数表示系统(所有)可以同时打开的最大句柄数,这个参数直接限制最大并发连接数,需根据实际情况配置。wd=811515
! C0 S" Z2 _5 M# file-max与ulimit的区别# L% D! a- w9 ]6 M3 A4 \2 o" M' p6 z1 L
fs.file-max = 3854929 P- S2 ?6 q; `# \! u
! `- d- D5 s/ ?" A% M/ Zfs.nr_open = 1048576# K& f/ k/ e3 g. ^5 H
fs.dentry-state = 15088 6375 45 0 0 0
0 ?. P, G/ h# f( _4 Sfs.overflowuid = 65534
: i$ j; O, Q$ Dfs.overflowgid = 65534
! E Q+ X/ |7 D/ V% s' H5 ffs.leases-enable = 1/ a) q% \; `, |! t
fs.dir-notify-enable = 1
. G2 @9 R" B bfs.lease-break-time = 45
9 k: a8 C. X8 \3 r- I, v9 Q$ ffs.aio-nr = 0
% \7 s1 W1 Z) U- U" a8 k" ufs.aio-max-nr = 65536: H) K# ?, Z( K; p' M
fs.inotify.max_user_instances = 128. c9 I# m! i2 {! W1 n4 g$ M- w3 e a
fs.inotify.max_user_watches = 8192 `/ r( C( i- M% ?2 {9 w; z) E
fs.inotify.max_queued_events = 16384
1 Y8 b9 `; o2 m* C& ofs.epoll.max_user_watches = 795852
* x3 J1 t: F( Z6 d" d. q g2 K$ Gfs.suid_dumpable = 0
$ k) n: C7 f) [. E3 [fs.binfmt_misc.status = enabled: p) t, m6 i0 C' k6 }
fs.quota.lookups = 0
* C5 |5 [5 o3 Y X, ffs.quota.drops = 0
* f2 b3 Z1 b4 \3 e& ~$ q, ~$ C: Dfs.quota.reads = 0. L+ X' B8 b2 D4 Y2 ^' r
fs.quota.writes = 0
6 U% P7 H, f+ v7 H2 {% V1 dfs.quota.cache_hits = 0
5 b1 ?3 K9 o# ^; z! B! S6 Xfs.quota.allocated_dquots = 0" U2 Z3 n! ^8 l. X! Q* Y3 R
fs.quota.free_dquots = 0
1 q+ F8 H" Q7 m# V) y7 N. Rfs.quota.syncs = 4
) ~5 x+ [! I! K. V. J% p7 [fs.quota.warnings = 12 C) C/ J8 p- G: R0 V
fs.mqueue.queues_max = 256
( z, g$ b k; qfs.mqueue.msg_max = 10
: H' B0 I3 i& D9 B vfs.mqueue.msgsize_max = 8192. L2 i7 S9 T3 L% P; {
fs.mqueue.msg_default = 10" y) [6 S f9 p' _3 Q* Q* l
fs.mqueue.msgsize_default = 8192- }/ M. a- \ w1 w+ |
debug.exception-trace = 1& ~ Y$ D+ z2 b8 I1 X# Q
debug.kprobes-optimization = 1) h' n. E/ f# J/ D0 S8 ?/ @- O* Q
dev.scsi.logging_level = 0
7 `9 _# v( F- u8 c; {dev.raid.speed_limit_min = 1000 H+ B# |2 o. b) }
dev.raid.speed_limit_max = 200000
! E: q) o' i7 W0 D# F/ ]1 N/ Jdev.hpet.max-user-freq = 64
6 T5 y: S/ h; [dev.mac_hid.mouse_button_emulation = 0) h9 H# R* C0 _2 F& [) Z6 M
dev.mac_hid.mouse_button2_keycode = 97& U# ~' Q a2 Z0 a2 ?6 U7 y
dev.mac_hid.mouse_button3_keycode = 100
. G2 ]# Q- c! @dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/179 g/ ^6 Y4 S7 n- M
dev.cdrom.info =, E4 X; o! [5 R* h( Z/ `
dev.cdrom.info = drive name: sr0# ?+ d% k# H* m8 b* N( y
dev.cdrom.info = drive speed: 306
5 Z( Y& ~1 |1 ldev.cdrom.info = drive # of slots: 1
+ v- P8 j' x% Z, B( d; \5 mdev.cdrom.info = Can close tray: 1
% x: `' h1 g# u2 P6 a; @dev.cdrom.info = Can open tray: 1
$ d- c, A) [- D% f! u( I" k" n- `dev.cdrom.info = Can lock tray: 1& \ f9 J9 H6 s: x0 o
dev.cdrom.info = Can change speed: 1
- m1 E k& p9 {0 M2 O+ p3 {; l* gdev.cdrom.info = Can select disk: 0
) {" P W" m3 l- v4 [# C" H. {dev.cdrom.info = Can read multisession: 1
6 B3 t; {9 {! v8 ]dev.cdrom.info = Can read MCN: 1
& {1 Y. }8 \( w7 q; g. [8 Wdev.cdrom.info = Reports media changed: 1
* a! b9 r6 y% ~dev.cdrom.info = Can play audio: 1
: Q4 H0 H# b2 h8 zdev.cdrom.info = Can write CD-R: 0
8 ?" B2 ~3 {3 @$ F; Rdev.cdrom.info = Can write CD-RW: 0
9 |3 ]" U7 E% x& d) }dev.cdrom.info = Can read DVD: 1
, [; p/ X+ m+ @/ P7 t- \+ idev.cdrom.info = Can write DVD-R: 0) k9 T) n/ a3 g- q' N/ F
dev.cdrom.info = Can write DVD-RAM: 0 D* x( e- c( E% F; ~% b, G( K6 s! y
dev.cdrom.info = Can read MRW: 1
+ e: i1 w* {. i6 \dev.cdrom.info = Can write MRW: 1
! g! I8 x) _1 x8 pdev.cdrom.info = Can write RAM: 1
4 A0 I& M- ^8 ~" ]0 @! T9 U8 F4 y1 t6 {dev.cdrom.info =
& B: V( v6 p. ]7 j9 ?/ idev.cdrom.info =
2 C* S* N5 N4 B/ e6 N* jdev.cdrom.autoclose = 1- T7 ]: v$ `% Z
dev.cdrom.autoeject = 0
4 X3 U4 Q) W$ _* s! Tdev.cdrom.debug = 0 y" `: E: R( ]7 ]) Z$ y' ~# D
dev.cdrom.lock = 19 g1 S* H) A& ]9 c- y
dev.cdrom.check_media = 0# _+ W% R7 q) `6 J3 c+ @
net.netfilter.nf_log.0 = NONE; x' C" A K! a' i
net.netfilter.nf_log.1 = NONE
/ ?$ |, m+ q/ X- snet.netfilter.nf_log.2 = NONE
0 \! `* C! p( z6 e, snet.netfilter.nf_log.3 = NONE
4 }* ^. s: w [/ w3 Anet.netfilter.nf_log.4 = NONE( O" w$ u/ x. Y1 X
net.netfilter.nf_log.5 = NONE
2 Z1 j/ F% T" ]" n4 }* `net.netfilter.nf_log.6 = NONE
/ J! r) t% f3 g1 W* c/ i" L0 N ]net.netfilter.nf_log.7 = NONE) C; M( d4 ?7 _, C' m
net.netfilter.nf_log.8 = NONE8 H! W4 Q' H/ J" I+ @
net.netfilter.nf_log.9 = NONE
6 Q1 h* t- f) q/ |! a) _5 pnet.netfilter.nf_log.10 = NONE
* Y2 P, \' _0 f- Rnet.netfilter.nf_log.11 = NONE
$ e" w F$ S( J8 C- J! X5 n# rnet.netfilter.nf_log.12 = NONE
* T) Z! D4 w9 S, J& F' G9 b+ Pnet.netfilter.nf_conntrack_generic_timeout = 600/ V" J8 u" l+ a6 n" O5 q
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
# N* p* O! Q9 s$ Xnet.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
9 G. X; M# {+ `" W- D5 Y7 xnet.netfilter.nf_conntrack_tcp_timeout_established = 432000$ m' t) W* W, _( F% B
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 1208 j+ l3 H6 |9 J
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
* @3 Q# i& ?+ @' o. @: a" @, _net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
/ | [8 i. e, n. f5 {) I% Xnet.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
) d$ [5 X( i4 C/ B2 Hnet.netfilter.nf_conntrack_tcp_timeout_close = 109 a2 o: h' u, v
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
4 b* X; F; O: S( @net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
1 j; K( r# R9 o6 Anet.netfilter.nf_conntrack_tcp_loose = 1
: z/ ^! J1 S5 Z+ ]! snet.netfilter.nf_conntrack_tcp_be_liberal = 0
: T. B7 A' G9 [3 hnet.netfilter.nf_conntrack_tcp_max_retrans = 3- q0 d5 x4 w% x# ?
net.netfilter.nf_conntrack_udp_timeout = 30
0 w# f4 z6 U7 s7 U. h; U+ O/ r3 Wnet.netfilter.nf_conntrack_udp_timeout_stream = 180
+ i: A) e5 W# wnet.netfilter.nf_conntrack_icmpv6_timeout = 30
2 G/ i/ {* U7 G: ` tnet.netfilter.nf_conntrack_acct = 0
' V' `) l4 m! P" onet.netfilter.nf_conntrack_events = 1
' O/ e& y7 L0 e; Vnet.netfilter.nf_conntrack_events_retry_timeout = 15% R2 h7 U2 y7 d5 M v5 i
net.netfilter.nf_conntrack_max = 65536
. U& @$ D2 R3 r, }) {; Znet.netfilter.nf_conntrack_count = 0: v) n0 c; Z0 X; b0 J
net.netfilter.nf_conntrack_buckets = 16384# q# Z% h8 {5 X
net.netfilter.nf_conntrack_checksum = 1
. P5 G$ k. }# N: V- i) T6 Pnet.netfilter.nf_conntrack_log_invalid = 0* }9 W( _5 H, K1 P3 J( V. R+ L; n
net.netfilter.nf_conntrack_expect_max = 256
& W, C1 C& R' K2 wnet.core.somaxconn = 128/ q; M& j1 d- A `( B( K N3 H9 N
net.core.xfrm_aevent_etime = 10
: [! b* u$ X% @0 d$ O$ I4 d+ Nnet.core.xfrm_aevent_rseqth = 2& G: F7 f- b* U& b
net.core.xfrm_larval_drop = 1
4 d; `! v# ]) [7 f3 Z8 ynet.core.xfrm_acq_expires = 30
9 W/ d' M. z& v2 C" D C( f& v4 J u- B l% z9 C$ }0 @' Q
#【nginx】这个参数表示内核套接字发送缓存区的最大大小。
* S- d9 k% d7 l8 H" _7 I#【nginx】这个参数表示内核套接字接收缓存区的最大大小。4 I( ?7 u" h% v8 v7 J- A+ Y! T; h
#【nginx】这个参数表示内核套接字发送缓存区默认的大小。
9 @9 d/ l* n, ^4 Z7 \: B% @- m3 K6 `# X#【nginx】这个参数表示内核套接字接收缓存区默认的大小。* ?2 R& a& m! A& ?
#注意 滑动窗口的大小与套接字缓存区会在一定程度上影响并发连接的数目。每个TCP连接都会为维护TCP滑动窗口而消耗内存,这个窗口会根据服务器的处理速度收缩或扩张。+ c8 m# q0 X5 @5 T8 r" k
参数wmem_max的设置,需要平衡物理内存的总大小、Nginx并发处理的最大连接数量(由nginx.conf中的worker_processes和worker_connections参数决定)而确定。当然,如果仅仅为了提高并发量使服务器不出现Out Of Memory问题而去降低滑动窗口大小,那么并不合适,因为滑动窗口过小会影响大数据量的传输速度。rmem_default、wmem_default、rmem_max、wmem_max…
& j' Q# s% P+ S" E1 f, g#参考:可靠传输的实现0 I. P( |+ S' w6 h& ~
net.core.wmem_max = 124928 //wd=124928
9 @0 ^+ D Q$ b3 Mnet.core.rmem_max = 124928 //wd=124928
7 g# |" G" o) Snet.core.wmem_default = 124928 //wd=124928
3 {7 {8 {, G" x3 C$ X: Knet.core.rmem_default = 124928//wd=124928
% o" E4 r8 f: e& A8 I! [8 ], B& R& _/ P
net.core.dev_weight = 64 x: y; z v- k( ]
/ n% [5 I& @6 c7 Q% I#【nginx】当网卡接收数据包的速度大于内核处理的速度时,会有一个队列保存这些数据包。这个参数表示该队列的最大值。wd=32768
& ]+ w8 G/ E' E# a) p5 ^net.core.netdev_max_backlog = 1000/ i2 i7 }, B/ c; e+ e4 r. ~6 c V
net.core.message_cost = 5
i K4 p. {' y4 I* i$ \7 C1 `& [net.core.message_burst = 103 s( b4 ]2 o: L( R2 `: }3 j
net.core.optmem_max = 20480
% F! q. X) h$ r2 lnet.core.rps_sock_flow_entries = 0/ t0 S }& [/ m1 O1 O6 h5 v7 M
net.core.busy_poll = 0
1 F% ?+ _1 w/ q7 Xnet.core.busy_read = 0* V7 n# |; k4 E2 L' B4 H$ q9 q
net.core.netdev_budget = 3005 s1 T, r3 s/ S/ S; f. z
net.core.warnings = 1& n. O/ r! R A. \4 @& r) N8 _
net.ipv4.route.gc_thresh = 131072& b4 c) F( D8 o! ~4 k ?
net.ipv4.route.max_size = 20971521 F* h( }1 N9 K: e _
net.ipv4.route.gc_min_interval = 0
5 p! q4 \: h/ Hnet.ipv4.route.gc_min_interval_ms = 500
0 ~8 ^7 i3 C$ c( nnet.ipv4.route.gc_timeout = 300
8 @# K) E, p* h6 Inet.ipv4.route.gc_interval = 60
* ~7 M8 ?8 z2 _# Z, S8 }! f# I. d! Inet.ipv4.route.redirect_load = 20
7 X$ I: \* J: d! z, P3 J2 bnet.ipv4.route.redirect_number = 91 P3 \3 g1 o6 ^& j7 U3 G" y. Y
net.ipv4.route.redirect_silence = 20480
: l& l! x/ F* `! Z! Unet.ipv4.route.error_cost = 1000& }& n. S+ b( a$ q ^
net.ipv4.route.error_burst = 5000
- @ S! E: y K5 n2 V; b& ?: Pnet.ipv4.route.gc_elasticity = 84 L( t: W* d! S; E; X' w
net.ipv4.route.mtu_expires = 600) [* |; g4 o+ i% V
net.ipv4.route.min_pmtu = 5528 D% ^- @& G3 P1 y" R# L
net.ipv4.route.min_adv_mss = 256
( V4 L! h% L* w' f u/ pnet.ipv4.route.secret_interval = 600
1 ~& P/ K1 w) X8 X* X: @4 r! Tnet.ipv4.neigh.default.mcast_solicit = 3
' e1 r8 I* K7 z3 W& Ynet.ipv4.neigh.default.ucast_solicit = 3
6 Y" k; J4 \6 S7 e" knet.ipv4.neigh.default.app_solicit = 0
]. R- |: X; J8 w% N8 Fnet.ipv4.neigh.default.retrans_time = 99
9 }9 H4 L, F1 b; v e3 S, z; snet.ipv4.neigh.default.base_reachable_time = 30 D5 k: A# c. G, S' _
net.ipv4.neigh.default.delay_first_probe_time = 5
' m) O" l j4 `! X' x4 O- c6 Z! jnet.ipv4.neigh.default.gc_stale_time = 60 c! P& m" P7 q6 z1 w3 Q
net.ipv4.neigh.default.unres_qlen = 3
+ q3 a! A4 _7 U: M' w6 bnet.ipv4.neigh.default.proxy_qlen = 64: F% L7 M) j2 G1 H
net.ipv4.neigh.default.anycast_delay = 99
9 I; W# ~1 W/ pnet.ipv4.neigh.default.proxy_delay = 79
7 `0 l+ X2 \5 m' a, |net.ipv4.neigh.default.locktime = 99
0 t4 Q1 e- a; q6 _" F9 J @2 Mnet.ipv4.neigh.default.retrans_time_ms = 1000
- w3 k. |' e: _! g" H6 Z- M4 c* Q- ~net.ipv4.neigh.default.base_reachable_time_ms = 30000# {4 @' a8 O6 T: H0 h# j$ J4 S, R
net.ipv4.neigh.default.gc_interval = 30
. U0 _4 R/ {0 q0 Bnet.ipv4.neigh.default.gc_thresh1 = 128
+ s% _$ E/ ?* h. dnet.ipv4.neigh.default.gc_thresh2 = 5123 O c: r, j7 `5 H6 ]) s L
net.ipv4.neigh.default.gc_thresh3 = 10243 T8 V8 P/ a2 c5 g! V& L2 N
net.ipv4.neigh.lo.mcast_solicit = 3
1 @- v2 E1 G" ynet.ipv4.neigh.lo.ucast_solicit = 3' p# Y3 p4 S% t. y }
net.ipv4.neigh.lo.app_solicit = 0
+ a: a5 Q1 A: f6 s8 U, k7 S+ L- nnet.ipv4.neigh.lo.retrans_time = 99
0 q/ w& X- m9 s0 Z6 M" R7 |1 Bnet.ipv4.neigh.lo.base_reachable_time = 30
* X! E" F, y& n: Snet.ipv4.neigh.lo.delay_first_probe_time = 5
4 c% ?4 e1 v; |6 D8 Jnet.ipv4.neigh.lo.gc_stale_time = 60
2 B7 e8 U; @0 _ M0 Pnet.ipv4.neigh.lo.unres_qlen = 3
7 I# R+ k5 [4 M' a5 y2 g- k. N6 Wnet.ipv4.neigh.lo.proxy_qlen = 64$ ~! i' `) K, r) g
net.ipv4.neigh.lo.anycast_delay = 99
( w: r* x; J( j0 S+ J/ M& T1 dnet.ipv4.neigh.lo.proxy_delay = 79$ U3 |. t6 @9 ~3 \( [! j
net.ipv4.neigh.lo.locktime = 99
. @, l' B5 X5 Y& @# Pnet.ipv4.neigh.lo.retrans_time_ms = 1000
' l; P) \. `. w3 V, ~( Gnet.ipv4.neigh.lo.base_reachable_time_ms = 30000
1 O8 V/ u" r. @7 F; Bnet.ipv4.neigh.eth0.mcast_solicit = 3, C6 B/ n& N4 v% f. Y' c" Z
net.ipv4.neigh.eth0.ucast_solicit = 3
/ [: R/ k$ o' u( W0 W1 E) l3 Gnet.ipv4.neigh.eth0.app_solicit = 0
+ ~2 o# U" x& j* `% B6 bnet.ipv4.neigh.eth0.retrans_time = 99. F3 V$ a! C; k6 \! ]1 C! g% _
net.ipv4.neigh.eth0.base_reachable_time = 30% F* o7 e! P6 N
net.ipv4.neigh.eth0.delay_first_probe_time = 5; P, t2 J+ f5 S/ g2 H: p2 s
net.ipv4.neigh.eth0.gc_stale_time = 60
- i$ R- H- i9 P# u/ F: enet.ipv4.neigh.eth0.unres_qlen = 3. e) q0 O: k/ U( B! f. D) Q P
net.ipv4.neigh.eth0.proxy_qlen = 64+ j7 Q8 ~2 x2 A
net.ipv4.neigh.eth0.anycast_delay = 99) Y& o" `- o( {& U! ]5 E
net.ipv4.neigh.eth0.proxy_delay = 79+ u6 Y0 o; j' Z7 }: n: Q* J
net.ipv4.neigh.eth0.locktime = 99
$ V- ?) E% d" D6 i9 p! U$ G6 ?net.ipv4.neigh.eth0.retrans_time_ms = 1000
- b' K+ L, C! [5 @* A mnet.ipv4.neigh.eth0.base_reachable_time_ms = 300002 o/ Y! I$ s1 H- O
net.ipv4.neigh.pan0.mcast_solicit = 3$ }+ P+ R6 H( R5 D6 Y: t
net.ipv4.neigh.pan0.ucast_solicit = 3
m1 { Q. @8 p5 n* @+ Y6 h( q5 xnet.ipv4.neigh.pan0.app_solicit = 0
! X# q! v$ P5 [ [8 e8 Anet.ipv4.neigh.pan0.retrans_time = 993 B( P) X- ? O
net.ipv4.neigh.pan0.base_reachable_time = 30! x+ X$ V# R3 A3 ]8 e, o5 T
net.ipv4.neigh.pan0.delay_first_probe_time = 5
4 f4 H i; A9 Tnet.ipv4.neigh.pan0.gc_stale_time = 60% Y8 O2 I# P. s8 Q
net.ipv4.neigh.pan0.unres_qlen = 32 Z8 U) j5 W% Z* s6 T6 s8 E
net.ipv4.neigh.pan0.proxy_qlen = 64
9 J7 e6 s0 r. y* t7 [5 n! Wnet.ipv4.neigh.pan0.anycast_delay = 99
1 q1 d" k, G- y. l5 l. Fnet.ipv4.neigh.pan0.proxy_delay = 794 p7 [" e, V5 G1 w
net.ipv4.neigh.pan0.locktime = 99; j, t* J& x) S& N8 {$ u
net.ipv4.neigh.pan0.retrans_time_ms = 1000- q/ j7 G- \) ~, ]( G6 g
net.ipv4.neigh.pan0.base_reachable_time_ms = 30000
+ l5 j2 x Q. k# h& y# D6 ?net.ipv4.tcp_timestamps = 1
' M0 k; z4 l) b( Q/ ]net.ipv4.tcp_window_scaling = 1& A+ }8 i. H: p( n6 `0 O6 A2 V* o7 F) W
net.ipv4.tcp_sack = 17 ~8 P) P1 c. E+ A' o2 M" d+ v
net.ipv4.tcp_retrans_collapse = 1
, d3 S2 j& |/ K) A. x- v9 R6 fnet.ipv4.ip_default_ttl = 64" C j8 h& r: r8 l- ~
net.ipv4.ip_no_pmtu_disc = 05 g- b3 X( }" e! f% A/ A
net.ipv4.ip_nonlocal_bind = 00 z6 v4 ?% P: b5 k* X! K2 R
net.ipv4.tcp_syn_retries = 53 Y+ K1 @4 O$ |5 _
net.ipv4.tcp_synack_retries = 54 q+ h; n+ Q# O# L- N! D& H' j
net.ipv4.tcp_max_orphans = 262144" P* z" ?! q: m
& P8 u+ F8 j2 N: \
9 r9 q+ y: q) Z' b8 |( w* T2 j
& b& |" {) r/ O0 W#【nginx】这个参数表示操作系统允许TIME_WAIT套接字数量的最大值,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。该参数默认为180 000,过多的TIME_WAIT套接字会使Web服务器变慢。wd=10000
* k* D: D- Z! \% P! H% onet.ipv4.tcp_max_tw_buckets = 2621442 j5 `9 z1 u9 s, L; Y
M. ?8 y/ L4 z. Tnet.ipv4.ip_dynaddr = 0) |3 D/ T* }% [) U3 p* H' G
* H" P, e0 E( z+ ]$ T y9 R, K; X
#【nginx】这个参数表示当keepalive启用时,TCP发送keepalive消息的频度。默认是2小时,若将其设置得小一些,可以更快地清理无效的连接。单位:秒 默认值:2小时。wd=300
2 f7 v, f6 o, [3 f/ N3 rnet.ipv4.tcp_keepalive_time = 7200
5 R- ^1 v/ Q+ Y* F& s1 W" y' I0 f. f+ u" j3 c( l
net.ipv4.tcp_keepalive_probes = 9
: g7 x+ E/ {4 _net.ipv4.tcp_keepalive_intvl = 75
; Q; W# j" ]0 K* {- Dnet.ipv4.tcp_retries1 = 30 Y3 `5 l5 I4 S1 C6 ~- K, I
net.ipv4.tcp_retries2 = 15
% g' B3 n9 h1 W6 V* q0 m4 N6 ~2 x! T+ g7 t( p8 S+ h
#【nginx】这个参数表示当服务器主动关闭连接时,socket保持在FIN-WAIT-2状态的最大时间,单位:秒 wd=30' t3 [ ^0 V( R) D- e6 V( x2 S' M) }
#参考:tcp参数详解之tcp_fin_timeout
6 S4 C6 K j" o% E4 P6 Cnet.ipv4.tcp_fin_timeout = 60
( B+ M g. I {" p: ?! a, o4 B5 l1 ~- a" }( g. T
#【nginx】参数与性能无关,用于解决TCP的SYN攻击。 wd= 1
5 k. `6 Q" ?4 |net.ipv4.tcp_syncookies = 1
/ X. {- w$ q# n
M: V* M( d6 [+ _1 t" {net.ipv4.tcp_tw_recycle = 0! S9 X' ^: `4 C0 K# B
net.ipv4.tcp_abort_on_overflow = 0! y+ @* Z) ~; @( T; B
net.ipv4.tcp_stdurg = 0, n; B: T- X6 {' {' j. H; n
net.ipv4.tcp_rfc1337 = 0$ g# W+ o9 [- U0 G6 R$ ]8 M2 Z
A1 s7 e; R7 p G1 y3 M( e#【nginx】这个参数表示TCP三次握手建立阶段接收SYN请求队列的最大长度,默认为1024,将其设置得大一些可以使出现Nginx繁忙来不及accept新连接的情况时,Linux不至于丢失客户端发起的连接请求,wd=2048
/ O" ]7 w8 B* }net.ipv4.tcp_max_syn_backlog = 2048
9 ?3 _: V$ Y& w& d: r: E0 W# q% C( l0 _( g. K, S- P& a3 e
) o7 W6 z" C {0 r
0 N: F. s* G7 ]; c- o7 m- S
#【nginx】这个参数定义了在UDP和TCP连接中本地(不包括连接的远端)端口的取值范围。wd = 10240 65535
2 N" d) L. ]$ K, h$ P% znet.ipv4.ip_local_port_range = 32768 610009 b8 X4 n. N( t0 Q: N3 U: s
0 ?0 ?1 H" ^! u
net.ipv4.ip_local_reserved_ports =9 N9 Q2 w. e$ x1 j6 F
net.ipv4.igmp_max_memberships = 20/ j) Z& n D* P0 M- Q, Q5 M) F( y
net.ipv4.igmp_max_msf = 10
+ }( u9 V' @& M0 v% r+ R9 pnet.ipv4.inet_peer_threshold = 65664
4 s5 g7 c$ n2 h' onet.ipv4.inet_peer_minttl = 120
+ u$ |7 \: f& z( R2 p' D$ h5 Inet.ipv4.inet_peer_maxttl = 600
; e" C T; N. {9 znet.ipv4.inet_peer_gc_mintime = 10$ x$ N9 i" C% ]% U
net.ipv4.inet_peer_gc_maxtime = 1200 s0 i$ q; r) T" c/ U
net.ipv4.tcp_orphan_retries = 06 _4 B7 ^0 L, ^0 G1 j
net.ipv4.tcp_fack = 1
) i- f; \3 ?3 k$ P3 ?( Snet.ipv4.tcp_reordering = 3
: h7 a! D+ \" E# A3 y% x; @; r4 l: bnet.ipv4.tcp_ecn = 2
+ J# x9 I: k# B3 V3 x6 Anet.ipv4.tcp_dsack = 18 [- y |" o) o- E) k, D
net.ipv4.tcp_mem = 364224 485632 728448/ _$ J3 x [# Q+ A# b# s3 r
0 ~" X4 N5 @& A" C6 [- R g9 W#【nginx】这个参数定义了TCP发送缓存(用于TCP发送滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304' L3 h" g1 S: e5 K! }/ T
net.ipv4.tcp_wmem = 4096 16384 4194304
6 N. J/ ?$ u: h$ M9 M" X8 Q; [7 |
#【nginx】这个参数定义了TCP接收缓存(用于TCP接收滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304
1 v5 I ~' T! I9 i2 L' o0 m( ^' I& y# Wnet.ipv4.tcp_rmem = 4096 87380 41943044 a5 L; y* A# I( w
/ Z: l3 n) u: M6 j* ~2 ?
net.ipv4.tcp_app_win = 31
& y; i. G( ]4 F& lnet.ipv4.tcp_adv_win_scale = 2
5 I4 }& @, v$ `. r& y1 G( Y0 i' r3 F1 q8 F/ _) n
#【nginx】tw是time wait的简称,表示允许将time-wait状态的socket重新用于新的tcp连接,这对于服务器来说很有意义,因为服务器上总会有大量的time-wait状态的连接。wd=10 E4 N: t4 a1 b. M/ j, h; F
net.ipv4.tcp_tw_reuse = 0
( I F' d& ~1 s4 `- L0 Y/ q* M, W; p# `! g7 A* _' h6 Y$ d
net.ipv4.tcp_frto = 23 S6 N9 t! P& D8 R5 G9 ]
net.ipv4.tcp_frto_response = 03 n7 Y, _* _9 e* R% a. u
net.ipv4.tcp_low_latency = 0
/ s$ r2 i% C; r# Znet.ipv4.tcp_no_metrics_save = 0
8 n) Z3 G! `) i+ i& l: q, `net.ipv4.tcp_moderate_rcvbuf = 1
- u# @, L# s5 n: |, |; U1 bnet.ipv4.tcp_tso_win_divisor = 3* S) p* ^/ A* x8 Q- A
net.ipv4.tcp_congestion_control = cubic
& D" g5 O6 I- r- Enet.ipv4.tcp_abc = 0
0 W' @' R7 S# J9 | ?' T- K8 E8 n8 Tnet.ipv4.tcp_mtu_probing = 09 O/ [& R5 {- J3 u- w, J% @, j4 S
net.ipv4.tcp_base_mss = 512; {1 l# T6 d* T$ n; _3 J7 }) O+ R
net.ipv4.tcp_workaround_signed_windows = 0
' d$ u v4 `/ I8 ~' ?' D* znet.ipv4.tcp_challenge_ack_limit = 1005 K! z A S t! ?5 y. o& \
net.ipv4.tcp_limit_output_bytes = 131072" Z f+ b. p N7 w- _* W
net.ipv4.tcp_dma_copybreak = 40969 S; q$ o( L- P9 w M
net.ipv4.tcp_slow_start_after_idle = 19 N# b! U$ B6 }8 L5 q/ L
net.ipv4.cipso_cache_enable = 1' U& w$ ], D6 A# z+ q2 M/ e
net.ipv4.cipso_cache_bucket_size = 108 O" J* V8 j" T5 C. n9 B
net.ipv4.cipso_rbm_optfmt = 0& \" p# a% R7 ]9 i% I3 Q6 p
net.ipv4.cipso_rbm_strictvalid = 1
J" E; \# _/ y1 P# Dnet.ipv4.tcp_available_congestion_control = cubic reno5 B7 O9 l2 m, b" y9 o
net.ipv4.tcp_allowed_congestion_control = cubic reno
2 }( v- ~7 K* l$ _) q" J* c! Enet.ipv4.tcp_max_ssthresh = 0+ `/ i- K6 X4 B$ H5 Y! S9 l4 u, l! e
net.ipv4.tcp_thin_linear_timeouts = 08 V% b9 B5 V) p" Y4 P. t# i
net.ipv4.tcp_thin_dupack = 0' ]4 Z# _/ B& Z* V# d7 D9 Z& n& S( W
net.ipv4.tcp_min_tso_segs = 2
0 {$ o! B+ ?5 U, ]' Q$ g$ Onet.ipv4.udp_mem = 364224 485632 728448
; Q' a8 P4 m/ r. Rnet.ipv4.udp_rmem_min = 4096( S c* c* O+ v
net.ipv4.udp_wmem_min = 40969 ^: O4 T$ @! N" M! Q* g, q( _
net.ipv4.conf.all.forwarding = 0" M4 S( `. d/ J, a3 s6 p6 U* `
net.ipv4.conf.all.mc_forwarding = 0* f' p+ q" k; Q: T4 a% }
net.ipv4.conf.all.accept_redirects = 1 N1 x( Y) G; D% [* u5 l
net.ipv4.conf.all.secure_redirects = 1; {) ?0 G, m: H4 W* Y; f0 M+ V
net.ipv4.conf.all.shared_media = 1
' z0 E+ s; x9 b* {net.ipv4.conf.all.rp_filter = 0' y( x/ h8 \$ B# W0 I) A
net.ipv4.conf.all.send_redirects = 12 v$ Y w& A$ l* g2 D
net.ipv4.conf.all.accept_source_route = 0
& y( p6 g" G/ I9 Lnet.ipv4.conf.all.src_valid_mark = 0
$ ~' C; |" z$ g1 g* N0 Dnet.ipv4.conf.all.proxy_arp = 07 z+ u5 w2 G5 p( R
net.ipv4.conf.all.medium_id = 00 v' N$ t M, @
net.ipv4.conf.all.bootp_relay = 00 w/ W, q7 S" s& A$ H3 J' M \$ m
net.ipv4.conf.all.log_martians = 0
2 b" w1 @) a: Vnet.ipv4.conf.all.tag = 00 [' b$ p4 e2 T3 C
net.ipv4.conf.all.arp_filter = 0
' j1 w# x. R( w! F6 q. O, Inet.ipv4.conf.all.arp_announce = 0* g3 f6 D f2 [4 Z* U# C w- V
net.ipv4.conf.all.arp_ignore = 08 k# h# C, j4 S/ `& c
net.ipv4.conf.all.arp_accept = 0
5 @; g! Y0 j- m4 x, {7 d F- gnet.ipv4.conf.all.arp_notify = 0
' ^" z2 w2 z! X* a* R) I7 znet.ipv4.conf.all.proxy_arp_pvlan = 0% z& h. }6 d- q6 [/ }
net.ipv4.conf.all.disable_xfrm = 07 J1 A s2 g- g8 Y3 Z: x" F
net.ipv4.conf.all.disable_policy = 0
& m7 ~1 r k& `' D( cnet.ipv4.conf.all.force_igmp_version = 03 H( \/ k) _& X+ H) V( s4 c5 F, _7 ]
net.ipv4.conf.all.promote_secondaries = 07 I$ K0 D- M" A$ A8 {! }
net.ipv4.conf.all.accept_local = 0
# z, w- e. ?: r" E; X- R% E. lnet.ipv4.conf.all.route_localnet = 0) l, g: L% p$ J, h' L, F
net.ipv4.conf.default.forwarding = 0
0 n0 B* p3 _! o% p* anet.ipv4.conf.default.mc_forwarding = 0
9 y& z) M5 E0 Q5 c+ enet.ipv4.conf.default.accept_redirects = 1* w, I0 ~3 V7 O3 Q- i
net.ipv4.conf.default.secure_redirects = 1$ a6 Z8 N- g& u, {+ B6 c% K
net.ipv4.conf.default.shared_media = 1# J% k2 e- h% b- o/ L
net.ipv4.conf.default.rp_filter = 19 g( H6 K0 w6 }" T9 N
net.ipv4.conf.default.send_redirects = 1
# ]) T; ^7 M7 `5 h1 a1 Z4 ]' @net.ipv4.conf.default.accept_source_route = 0/ v; J% ~6 @! {# O
net.ipv4.conf.default.src_valid_mark = 0
1 f! ^! {% _8 a/ H1 ^+ j* r6 vnet.ipv4.conf.default.proxy_arp = 0
* c% M( S/ X; ]3 V/ K' @5 U9 qnet.ipv4.conf.default.medium_id = 04 [1 N3 L* O. B' e, W' _
net.ipv4.conf.default.bootp_relay = 0. Y1 u) N) ]% _8 l% M" s4 a; m( r( x6 t: {
net.ipv4.conf.default.log_martians = 0
5 B3 Z/ S& ]) S# \. snet.ipv4.conf.default.tag = 0
" E4 M/ C8 j Y) Qnet.ipv4.conf.default.arp_filter = 0. |& \. k( d5 k6 |
net.ipv4.conf.default.arp_announce = 0
8 t4 _) L! d2 R6 jnet.ipv4.conf.default.arp_ignore = 01 j' ^! w3 g, M# r5 R
net.ipv4.conf.default.arp_accept = 0
$ L% P4 e' [. i& znet.ipv4.conf.default.arp_notify = 0
7 K; I% k, h6 b) C5 R: enet.ipv4.conf.default.proxy_arp_pvlan = 0
1 d0 ^: E# \% A! J4 t* l$ Tnet.ipv4.conf.default.disable_xfrm = 0
: m* z3 V) j+ u7 fnet.ipv4.conf.default.disable_policy = 0
3 b5 S6 P+ `3 h$ Z5 |net.ipv4.conf.default.force_igmp_version = 0" ?' r" e8 L, e D' `' A2 ]) J1 T, d
net.ipv4.conf.default.promote_secondaries = 0
- @ K2 J2 B8 Q$ |% [( ?" q& E, O$ Vnet.ipv4.conf.default.accept_local = 0& F2 N% D+ i) s3 E* y
net.ipv4.conf.default.route_localnet = 0* ?, }. ?! u% m$ C7 o3 j
net.ipv4.conf.lo.forwarding = 0
# n% H8 o/ S$ unet.ipv4.conf.lo.mc_forwarding = 0
1 F0 d, c. z7 W( z6 qnet.ipv4.conf.lo.accept_redirects = 1" l, `( t4 a; D& b0 K) V
net.ipv4.conf.lo.secure_redirects = 18 w$ u2 D/ Z( F( U+ i
net.ipv4.conf.lo.shared_media = 1
7 ^9 x' b$ x7 Enet.ipv4.conf.lo.rp_filter = 1" V, P/ r( a$ F3 L* J
net.ipv4.conf.lo.send_redirects = 1
' j. y F1 y. y2 V) l6 B- a8 lnet.ipv4.conf.lo.accept_source_route = 0# V- y& X2 v/ A
net.ipv4.conf.lo.src_valid_mark = 0" \" a( x* X/ [9 @9 Z/ ` J
net.ipv4.conf.lo.proxy_arp = 0) I6 L2 y1 C* Z) Q) P' ^& s3 A; S
net.ipv4.conf.lo.medium_id = 0
9 G/ j$ @( S/ v5 Q4 w, R& M0 Fnet.ipv4.conf.lo.bootp_relay = 05 Y% C) }0 L; o& _: L+ \1 o
net.ipv4.conf.lo.log_martians = 0/ R) C% L) z$ w- u
net.ipv4.conf.lo.tag = 01 R% p, I$ g7 h6 D: _
net.ipv4.conf.lo.arp_filter = 06 k* K) U) Z: ?
net.ipv4.conf.lo.arp_announce = 03 c; j4 u) k& [+ O* _) q
net.ipv4.conf.lo.arp_ignore = 0
( S5 \% Z R6 M4 Z6 Knet.ipv4.conf.lo.arp_accept = 0* `! L6 }7 C4 ]8 K9 n9 \4 E! g
net.ipv4.conf.lo.arp_notify = 09 d! _) x* d8 ^6 Y! s
net.ipv4.conf.lo.proxy_arp_pvlan = 01 m7 ~% R6 h! p' I% T# c
net.ipv4.conf.lo.disable_xfrm = 1( |! ^6 ]$ z. r! `7 E2 e- x) B' a7 u
net.ipv4.conf.lo.disable_policy = 1, K* p0 \: T4 |# E% t Y
net.ipv4.conf.lo.force_igmp_version = 0
: m! E* c/ v# c8 p Z6 ^net.ipv4.conf.lo.promote_secondaries = 0- ~& g* Y8 h: R, `, b% U
net.ipv4.conf.lo.accept_local = 0
[" B# s: S6 ?+ G) |net.ipv4.conf.lo.route_localnet = 08 w) |* j2 q- k, s9 `4 W7 A) a9 I
net.ipv4.conf.eth0.forwarding = 0
0 E: u. {' r x; ~; Onet.ipv4.conf.eth0.mc_forwarding = 07 h$ G" A4 S- ]7 [5 M& \
net.ipv4.conf.eth0.accept_redirects = 1
) t5 p/ E7 `# l8 b R: f- z3 H9 o9 vnet.ipv4.conf.eth0.secure_redirects = 1' L* [; J5 L( E$ z" |" s& i
net.ipv4.conf.eth0.shared_media = 1
$ y u, R2 S- @% z: P4 ^net.ipv4.conf.eth0.rp_filter = 1
6 A. _0 j) s, e1 f4 G g* A5 n# \net.ipv4.conf.eth0.send_redirects = 19 k. f7 B; z* G1 T6 y: b! @- `
net.ipv4.conf.eth0.accept_source_route = 0/ d) {& j7 u" F: o
net.ipv4.conf.eth0.src_valid_mark = 0
/ i0 B R7 s; ^( P$ ]) C* fnet.ipv4.conf.eth0.proxy_arp = 0
- ]9 ?! |+ }8 H$ W; d4 ]net.ipv4.conf.eth0.medium_id = 0: g0 t$ d- V( `! _: Y+ @/ [1 t) O
net.ipv4.conf.eth0.bootp_relay = 0
' M+ `. g* [" `$ V3 P# mnet.ipv4.conf.eth0.log_martians = 0
1 L6 G6 w; X6 w: b7 jnet.ipv4.conf.eth0.tag = 09 g2 C# {1 q4 \
net.ipv4.conf.eth0.arp_filter = 0
* u, N! O) G" O7 l0 E6 U- ?9 o) Dnet.ipv4.conf.eth0.arp_announce = 0* Y% Z7 a, _) p* S! b# W
net.ipv4.conf.eth0.arp_ignore = 0
6 q+ ~) W3 {: }0 T' d$ Dnet.ipv4.conf.eth0.arp_accept = 0
7 ?& h& j7 }; i3 n- X! I8 z! ^; cnet.ipv4.conf.eth0.arp_notify = 0
# Z+ o3 G9 m a% ~. a! ^( ^net.ipv4.conf.eth0.proxy_arp_pvlan = 0
7 @" m0 ~ |& _8 L' h8 i, Cnet.ipv4.conf.eth0.disable_xfrm = 0
8 `$ \) g/ |1 ?. i* w; F$ V1 Snet.ipv4.conf.eth0.disable_policy = 0
3 S7 M b |& A& t/ ?2 ynet.ipv4.conf.eth0.force_igmp_version = 0
% N1 P. K, q2 Y; f: i1 Snet.ipv4.conf.eth0.promote_secondaries = 05 e) d6 M/ O* ?# L* o
net.ipv4.conf.eth0.accept_local = 0
1 D. F4 w ~# C! E4 d7 m: p, ]net.ipv4.conf.eth0.route_localnet = 06 Y0 T0 C+ m( ?: g( f: c, T- S
net.ipv4.conf.pan0.forwarding = 0
# G% J S2 ?9 c8 \net.ipv4.conf.pan0.mc_forwarding = 0 E$ S" I% u; }# q6 @1 O, D& R4 {
net.ipv4.conf.pan0.accept_redirects = 1
w* H+ T1 {! l {net.ipv4.conf.pan0.secure_redirects = 1) O# Q3 S9 q" H1 u, x
net.ipv4.conf.pan0.shared_media = 12 |7 l7 O0 R2 y) f' F# }6 B
net.ipv4.conf.pan0.rp_filter = 1- ~* u, n' H I# s2 k: |) ]
net.ipv4.conf.pan0.send_redirects = 1! {$ T' b0 }( E
net.ipv4.conf.pan0.accept_source_route = 0' \7 X* B# ]9 N6 I! }
net.ipv4.conf.pan0.src_valid_mark = 0
, c# G5 U& X0 D8 _2 Lnet.ipv4.conf.pan0.proxy_arp = 03 m) B) F8 X3 A# v+ ?$ V2 L2 t
net.ipv4.conf.pan0.medium_id = 0
# j I& T/ `+ B! J& X# Enet.ipv4.conf.pan0.bootp_relay = 01 ?# C+ i9 [$ J0 c! e: ?5 A
net.ipv4.conf.pan0.log_martians = 0
5 L) e. [: h6 u- E9 N* Unet.ipv4.conf.pan0.tag = 0, i8 u6 e5 o/ H# i. j( G: r
net.ipv4.conf.pan0.arp_filter = 0
# k) Q ]8 W: F4 E; {9 ]$ ]net.ipv4.conf.pan0.arp_announce = 0
( w, X# j( V& Y8 Q5 Inet.ipv4.conf.pan0.arp_ignore = 05 A# R: ]& {7 ]2 I9 W
net.ipv4.conf.pan0.arp_accept = 08 h N: d" U: ^# R1 H8 s5 s
net.ipv4.conf.pan0.arp_notify = 0) y0 X' h: F% P' o4 k" I' {
net.ipv4.conf.pan0.proxy_arp_pvlan = 0/ \6 G6 G; b( [: W3 E% y1 M, Z( j
net.ipv4.conf.pan0.disable_xfrm = 0
( L! ]- o6 B, z; l1 D- |! P6 {net.ipv4.conf.pan0.disable_policy = 0( x" O; J& T, L+ E3 F
net.ipv4.conf.pan0.force_igmp_version = 0
) @+ b/ b. \: P8 M H Jnet.ipv4.conf.pan0.promote_secondaries = 0
: o, T6 p4 \4 w y- x, @7 K7 {, T2 fnet.ipv4.conf.pan0.accept_local = 0 M7 ~& }# c) H8 T. w/ M. ]8 _
net.ipv4.conf.pan0.route_localnet = 07 l5 J3 f0 q# G0 {; W
0 G. B v D7 a* h7 P+ }#是否开启ip转发功能,设置为路由服务器,必需开启此项( Y h9 f7 g7 p8 p, J
net.ipv4.ip_forward = 0
' }; i& {& H9 ]' E, Inet.ipv4.xfrm4_gc_thresh = 1048576
6 _, v$ P6 H& ] @net.ipv4.ipfrag_high_thresh = 41943042 I/ i1 z" z8 V% t7 p/ C
net.ipv4.ipfrag_low_thresh = 3145728
( x/ M) W0 S$ M5 M1 @8 ^net.ipv4.ipfrag_time = 30: C% e+ |- o+ ?. q% C/ u ]4 a
net.ipv4.icmp_echo_ignore_all = 0
) k ]9 ?& Z; Gnet.ipv4.icmp_echo_ignore_broadcasts = 1
/ I* A$ s5 W: L* enet.ipv4.icmp_ignore_bogus_error_responses = 1; O- q' e: x2 N2 T5 Z! |
net.ipv4.icmp_errors_use_inbound_ifaddr = 07 S3 ?. j; N4 ~& z
net.ipv4.icmp_ratelimit = 10003 c+ H+ T l P" F
net.ipv4.icmp_ratemask = 6168
- d. k* V- E0 Z; @net.ipv4.rt_cache_rebuild_count = 4/ o3 \# b) h2 v! X6 K
net.ipv4.ping_group_range = 1 0- \ E( [- Y+ N6 S+ G, l
net.ipv4.ipfrag_secret_interval = 600! H M" H6 J2 s+ l2 S8 M) H7 l
net.ipv4.ipfrag_max_dist = 644 H3 G/ n! v t9 Z, D- j
net.ipv6.neigh.default.mcast_solicit = 3
- |* w9 t+ r7 knet.ipv6.neigh.default.ucast_solicit = 36 R8 ^8 c: }2 o. [
net.ipv6.neigh.default.app_solicit = 00 ?- \. `6 p- o5 i# I
net.ipv6.neigh.default.delay_first_probe_time = 5- v; ]7 M$ B- e- s, R1 ?
net.ipv6.neigh.default.gc_stale_time = 60, H9 y$ J8 G' ^2 s5 h/ S! W
net.ipv6.neigh.default.unres_qlen = 3
# o, t: r- i0 ?6 ~/ unet.ipv6.neigh.default.proxy_qlen = 64" p/ W9 [% i# H- X& X; V: M
net.ipv6.neigh.default.anycast_delay = 99
* W) V. z0 g T3 h4 Z/ C ynet.ipv6.neigh.default.proxy_delay = 79( M$ h% a5 U* J8 d
net.ipv6.neigh.default.locktime = 05 }7 d" c% ]( z
net.ipv6.neigh.default.retrans_time_ms = 1000" [0 e% T% S1 c
net.ipv6.neigh.default.base_reachable_time_ms = 30000
2 o/ x$ m, d7 j+ o4 v% ^5 Hnet.ipv6.neigh.default.gc_interval = 30
- R+ t- q) ^' V7 z% w) N$ e, D2 Knet.ipv6.neigh.default.gc_thresh1 = 128
% }, W- @% P0 I/ znet.ipv6.neigh.default.gc_thresh2 = 512
9 w( l+ d, j' b( h$ i0 o" cnet.ipv6.neigh.default.gc_thresh3 = 1024
6 h/ E2 K) s8 X, knet.ipv6.neigh.lo.mcast_solicit = 3
7 Z1 `; {* z/ jnet.ipv6.neigh.lo.ucast_solicit = 3$ v+ N1 o7 [* b3 c9 B7 k
net.ipv6.neigh.lo.app_solicit = 0" R1 i# r. G- u7 d
net.ipv6.neigh.lo.delay_first_probe_time = 5
* X) T& @; T" y7 P- D, {5 Q( ~- Vnet.ipv6.neigh.lo.gc_stale_time = 60
7 e# H9 i- f. l& j2 d# `; F0 V2 L" anet.ipv6.neigh.lo.unres_qlen = 3( @- C( H/ N2 r/ D! t
net.ipv6.neigh.lo.proxy_qlen = 64% s/ C; L1 N2 B# }- ?7 ]
net.ipv6.neigh.lo.anycast_delay = 99" Q" f: Q# J: O$ e* _
net.ipv6.neigh.lo.proxy_delay = 79
2 |0 E+ Y" z2 Jnet.ipv6.neigh.lo.locktime = 0# C6 W3 r7 o8 _. U O+ X
net.ipv6.neigh.lo.retrans_time_ms = 1000
# @# ^% h9 J4 a" [net.ipv6.neigh.lo.base_reachable_time_ms = 30000
4 g" s$ q/ F+ P, v: T8 cnet.ipv6.neigh.eth0.mcast_solicit = 3! }: X+ D, |8 b3 j" v" f
net.ipv6.neigh.eth0.ucast_solicit = 3
U' a0 |: J: wnet.ipv6.neigh.eth0.app_solicit = 0
! c3 j* u h. F0 n2 Wnet.ipv6.neigh.eth0.delay_first_probe_time = 5
6 z( ^+ R; v4 j H Dnet.ipv6.neigh.eth0.gc_stale_time = 60
W! V: h6 ? p. vnet.ipv6.neigh.eth0.unres_qlen = 3
7 ~" E/ y; X4 b2 I6 ~net.ipv6.neigh.eth0.proxy_qlen = 64
' }" j" _4 }9 p, {net.ipv6.neigh.eth0.anycast_delay = 99
0 B* f0 [/ K5 N; P5 Inet.ipv6.neigh.eth0.proxy_delay = 79: `+ n' ^. f# R/ B$ B D% h& a% Y& X
net.ipv6.neigh.eth0.locktime = 09 r% @ X- u [/ O* n! A3 O
net.ipv6.neigh.eth0.retrans_time_ms = 1000
! G& j. Q3 }) B! knet.ipv6.neigh.eth0.base_reachable_time_ms = 30000! [. m: Z$ r% m
net.ipv6.neigh.pan0.mcast_solicit = 3
; U& H* v4 u4 m* R! K5 @net.ipv6.neigh.pan0.ucast_solicit = 3/ Q; y) f0 m C! J: H! y+ B
net.ipv6.neigh.pan0.app_solicit = 0
7 u; X; z9 ?* t2 M" D* I4 cnet.ipv6.neigh.pan0.delay_first_probe_time = 55 t/ Q; }% U* y0 K/ L' S4 X
net.ipv6.neigh.pan0.gc_stale_time = 607 j" f. C5 [2 j2 x. B) [
net.ipv6.neigh.pan0.unres_qlen = 3
9 G6 @ z) \1 `: e* n8 U+ Nnet.ipv6.neigh.pan0.proxy_qlen = 64% H: i, e8 L& q. ~
net.ipv6.neigh.pan0.anycast_delay = 99
0 X. ^0 F% i) X" Q9 s O7 U. t- Vnet.ipv6.neigh.pan0.proxy_delay = 791 T4 y5 a% t" i$ M4 ?3 D' P) `6 g5 ^
net.ipv6.neigh.pan0.locktime = 0/ f$ q7 P# a4 W- s# T3 c
net.ipv6.neigh.pan0.retrans_time_ms = 10006 o) Z5 i) a' X9 K$ T# O; t1 b3 q
net.ipv6.neigh.pan0.base_reachable_time_ms = 30000
0 r8 i2 c- s$ Rnet.ipv6.xfrm6_gc_thresh = 2048
" i; j8 {. N# A' g8 Z4 \' t, Lnet.ipv6.conf.all.forwarding = 08 `9 K: r% N" x
net.ipv6.conf.all.hop_limit = 64
2 \& g7 y* t% Q" dnet.ipv6.conf.all.mtu = 1280' q1 d* i7 c- ~4 M$ i
net.ipv6.conf.all.accept_ra = 1- Y x% K% ?# F% B& K2 ]
net.ipv6.conf.all.accept_redirects = 16 N/ J( o2 I6 K9 _; _: R/ Z& E
net.ipv6.conf.all.autoconf = 1
- ?- b" {2 Q& F; ^net.ipv6.conf.all.dad_transmits = 1
; g/ j4 ]0 j7 i8 V# H5 |net.ipv6.conf.all.router_solicitations = 3! u8 S" Z0 ~! F/ L* t4 V) r& M
net.ipv6.conf.all.router_solicitation_interval = 4/ o$ ~3 R% q8 A
net.ipv6.conf.all.router_solicitation_delay = 1! V# \: R# A1 K! M
net.ipv6.conf.all.force_mld_version = 0
& ]' x% I8 Z) @net.ipv6.conf.all.use_tempaddr = 0
1 `! S! c/ P$ n+ hnet.ipv6.conf.all.temp_valid_lft = 604800; b5 c5 L1 J4 \2 ~7 C
net.ipv6.conf.all.temp_prefered_lft = 86400+ c, z& {7 d/ k: Z. F
net.ipv6.conf.all.regen_max_retry = 5
5 u. j0 }6 w e9 m5 Tnet.ipv6.conf.all.max_desync_factor = 600' ^' h0 G$ M: A8 V6 \! T! r
net.ipv6.conf.all.max_addresses = 16: P( [; W. H( e/ h
net.ipv6.conf.all.accept_ra_defrtr = 1
0 Q T; b& T& f4 Vnet.ipv6.conf.all.accept_ra_pinfo = 1
: W6 V8 l% r, {% ^net.ipv6.conf.all.accept_ra_rtr_pref = 1
n* D" h8 n" g D7 K& F# }net.ipv6.conf.all.router_probe_interval = 60+ y9 n% U! X7 k3 ^& n# _, X0 o9 ^* T
net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0' J) N, e# z' `3 B/ u4 ?5 l
net.ipv6.conf.all.proxy_ndp = 0
$ x+ D' C% K- G p9 g# A/ z- dnet.ipv6.conf.all.accept_source_route = 0: j. A+ k; {, c' R* V. {; z
net.ipv6.conf.all.optimistic_dad = 0" K4 t g" Q% z1 s/ C w
net.ipv6.conf.all.mc_forwarding = 0
/ r4 H3 y! ^5 X! {! f6 Lnet.ipv6.conf.all.disable_ipv6 = 0% O N4 [$ W! ^" A; _" V/ w
net.ipv6.conf.all.accept_dad = 1, s3 e1 u8 d8 O6 n
net.ipv6.conf.default.forwarding = 0
! f6 o9 k- Q7 D: I* Rnet.ipv6.conf.default.hop_limit = 644 a/ o! M) v! s0 p
net.ipv6.conf.default.mtu = 1280" J- E' }' f0 e. N
net.ipv6.conf.default.accept_ra = 1
7 B/ ^* h4 D' o( L! qnet.ipv6.conf.default.accept_redirects = 14 Y' }3 o- u1 ?9 |
net.ipv6.conf.default.autoconf = 1
3 z- o0 [1 {) g8 k! C" dnet.ipv6.conf.default.dad_transmits = 1- G3 R t3 [# O' Y; `5 `+ {
net.ipv6.conf.default.router_solicitations = 3
+ p( N% o0 N( e+ U5 w6 Pnet.ipv6.conf.default.router_solicitation_interval = 4) B8 w* u' H9 Q' {2 X0 I2 P" I
net.ipv6.conf.default.router_solicitation_delay = 1* e% v' h7 u x
net.ipv6.conf.default.force_mld_version = 0: J& _' h! Q8 n. q4 W" ?/ m8 S' f
net.ipv6.conf.default.use_tempaddr = 0
& _+ |7 t" j. w D7 Nnet.ipv6.conf.default.temp_valid_lft = 604800! i3 E7 G Y& X- k( i* g
net.ipv6.conf.default.temp_prefered_lft = 86400. y' y8 F/ \0 l
net.ipv6.conf.default.regen_max_retry = 56 _( O0 o- b( i' H8 i
net.ipv6.conf.default.max_desync_factor = 6006 F" m5 P/ D) G% n3 B, _
net.ipv6.conf.default.max_addresses = 16
7 r) r. N3 Z- C% ynet.ipv6.conf.default.accept_ra_defrtr = 1
" ?! [) h. I# O( {! W4 |9 [( T# }net.ipv6.conf.default.accept_ra_pinfo = 1, E, N2 q; u0 C' ]. K
net.ipv6.conf.default.accept_ra_rtr_pref = 1
4 ]! R K% l. |* \! anet.ipv6.conf.default.router_probe_interval = 60
& V! O9 q6 I4 s/ Xnet.ipv6.conf.default.accept_ra_rt_info_max_plen = 0. |, R8 N8 y }0 A* n9 M1 e
net.ipv6.conf.default.proxy_ndp = 0
5 w# Y* ~/ l( ]9 N5 z L- U& b7 {net.ipv6.conf.default.accept_source_route = 0
; O- I6 w- s: m C' |net.ipv6.conf.default.optimistic_dad = 0. @6 o0 _4 U' @+ D9 F' q) {$ S
net.ipv6.conf.default.mc_forwarding = 09 }% G7 G1 I' ]7 N; ^' S
net.ipv6.conf.default.disable_ipv6 = 00 j' W, ]) L6 a& b1 z6 ~' f
net.ipv6.conf.default.accept_dad = 1$ ~( f. E7 }2 X9 K- t2 a+ h( `4 H
net.ipv6.conf.lo.forwarding = 0
- S. Z# J" e) V9 m2 r6 W5 `4 Wnet.ipv6.conf.lo.hop_limit = 64
' P& A. D: K. D" ?2 mnet.ipv6.conf.lo.mtu = 65536
" T! c& d4 J# G; K& fnet.ipv6.conf.lo.accept_ra = 1
/ s; b& u( m& U: }8 m0 B* ?; Wnet.ipv6.conf.lo.accept_redirects = 1
; l/ d8 r% d/ c/ lnet.ipv6.conf.lo.autoconf = 1
; Z9 ^) t9 B, Y! k7 J4 ^8 }net.ipv6.conf.lo.dad_transmits = 1
& Z- r8 ?5 B* J3 tnet.ipv6.conf.lo.router_solicitations = 3
# d |- {- t3 I5 s8 dnet.ipv6.conf.lo.router_solicitation_interval = 4- a Y5 u: J6 g
net.ipv6.conf.lo.router_solicitation_delay = 1
$ E6 I. q' m2 P$ vnet.ipv6.conf.lo.force_mld_version = 0: b) R+ J- m$ ?5 d: n/ m4 i% z# T
net.ipv6.conf.lo.use_tempaddr = -1; ?' W; R7 u4 B& T+ u1 d3 D
net.ipv6.conf.lo.temp_valid_lft = 604800. x$ O: Q/ M/ c6 d( O9 I% v
net.ipv6.conf.lo.temp_prefered_lft = 86400' x- c: ~$ e) Z( t8 @2 @
net.ipv6.conf.lo.regen_max_retry = 5
" Q8 n$ a) K; O, ?4 }6 hnet.ipv6.conf.lo.max_desync_factor = 600+ F6 |2 E* S* y4 E+ d
net.ipv6.conf.lo.max_addresses = 16
* p3 h- J0 `2 B8 L5 E" V* i. ^" Nnet.ipv6.conf.lo.accept_ra_defrtr = 1
0 Z' i9 I/ @" y4 N U1 h9 }net.ipv6.conf.lo.accept_ra_pinfo = 18 g8 y1 D6 q, v
net.ipv6.conf.lo.accept_ra_rtr_pref = 1
( S6 t3 m( `' N8 U, o( Y3 Unet.ipv6.conf.lo.router_probe_interval = 609 M" ?# ~2 H$ g+ C
net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0
, o% o5 T9 B3 {+ U- ^) G2 ?& m# Qnet.ipv6.conf.lo.proxy_ndp = 0$ c! L' w5 b; q* O
net.ipv6.conf.lo.accept_source_route = 0
! l2 B: a3 |. _1 H. enet.ipv6.conf.lo.optimistic_dad = 0
: L: }9 {4 I& t6 P4 ?net.ipv6.conf.lo.mc_forwarding = 0
; \% d2 K T# I' Y; U& c z& ~net.ipv6.conf.lo.disable_ipv6 = 0
5 b' C5 [6 `( {$ ^6 k% Inet.ipv6.conf.lo.accept_dad = -1+ l4 b* |4 R% z' F" |: e3 V+ f) ?0 |: U
net.ipv6.conf.eth0.forwarding = 0
+ F# l" `0 v4 c6 y. U+ R7 x7 ~net.ipv6.conf.eth0.hop_limit = 649 l' N J% { T6 m7 c$ B# V
net.ipv6.conf.eth0.mtu = 1500
! m% G3 ~( l3 T8 ` |net.ipv6.conf.eth0.accept_ra = 1
0 `! L) m R8 q& xnet.ipv6.conf.eth0.accept_redirects = 1) v: ^: P* b! N; _6 y
net.ipv6.conf.eth0.autoconf = 1" M" Q) E# e; c8 E* G
net.ipv6.conf.eth0.dad_transmits = 1
3 g5 |* T+ M$ O9 q8 `7 i7 N# Gnet.ipv6.conf.eth0.router_solicitations = 39 G* R$ d' }3 d# G# c1 H
net.ipv6.conf.eth0.router_solicitation_interval = 4
9 R7 R$ W1 M2 H0 H5 Q `7 `" U% hnet.ipv6.conf.eth0.router_solicitation_delay = 1 W/ W4 k- K4 N" _' H, q2 k
net.ipv6.conf.eth0.force_mld_version = 06 Y2 p& @5 m! y, H7 m7 L8 v
net.ipv6.conf.eth0.use_tempaddr = 0% x5 ]! J3 s4 V6 b; w/ g
net.ipv6.conf.eth0.temp_valid_lft = 604800
; @# L/ ]' |$ ~" o" n. ~net.ipv6.conf.eth0.temp_prefered_lft = 86400
4 X: @' k3 P. {# K& [' znet.ipv6.conf.eth0.regen_max_retry = 5
/ g3 r! I/ L* D/ R$ gnet.ipv6.conf.eth0.max_desync_factor = 6004 _4 [( R0 m/ `( e4 k/ }
net.ipv6.conf.eth0.max_addresses = 16! p% |* m* I7 r8 @1 S
net.ipv6.conf.eth0.accept_ra_defrtr = 1% ]4 S$ s! H- T: Y$ N3 t
net.ipv6.conf.eth0.accept_ra_pinfo = 1
5 v7 X: F; v' X4 Tnet.ipv6.conf.eth0.accept_ra_rtr_pref = 1
- C. y* t; N3 xnet.ipv6.conf.eth0.router_probe_interval = 60, ?0 W& K/ ^# P# m8 B
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0" _5 ?; ~1 T8 l' o# N- ^
net.ipv6.conf.eth0.proxy_ndp = 0! \0 F9 a& U0 Z. r) P
net.ipv6.conf.eth0.accept_source_route = 0# v! s0 C7 [! P! z5 v2 H
net.ipv6.conf.eth0.optimistic_dad = 0
3 c5 [+ Y O' Anet.ipv6.conf.eth0.mc_forwarding = 0$ v* d, q( B% d/ Q- U: Y( q
net.ipv6.conf.eth0.disable_ipv6 = 0+ f" [3 t; N, V* O0 L
net.ipv6.conf.eth0.accept_dad = 1
% l( x4 l K# o! {net.ipv6.conf.pan0.forwarding = 0
: |3 [* R9 g2 o8 `* B; O/ Inet.ipv6.conf.pan0.hop_limit = 64
- h* b6 h2 m3 ~! h! }0 j& {: _net.ipv6.conf.pan0.mtu = 1500
% I/ M! A% W' o: ^' r* lnet.ipv6.conf.pan0.accept_ra = 1
( i% A3 O: ?* _; _/ S# i2 w8 |net.ipv6.conf.pan0.accept_redirects = 1
2 e& E* m) u2 s5 f# i. T9 mnet.ipv6.conf.pan0.autoconf = 1
# {2 z, L* J' m( Q% E4 F2 P9 znet.ipv6.conf.pan0.dad_transmits = 1; b! w0 Z8 p* x$ X: K% p
net.ipv6.conf.pan0.router_solicitations = 3
; S6 A k$ ?4 r4 @+ Z! X7 t. Y: ynet.ipv6.conf.pan0.router_solicitation_interval = 4
; G, w6 e9 [5 ?( v4 xnet.ipv6.conf.pan0.router_solicitation_delay = 1
9 t" g7 q* L. G4 J8 @net.ipv6.conf.pan0.force_mld_version = 0# J1 Y+ f) Y A4 L& l' Z
net.ipv6.conf.pan0.use_tempaddr = 0/ u2 @. Q5 W5 I" L7 v; R
net.ipv6.conf.pan0.temp_valid_lft = 604800 n- v k$ V4 k1 K
net.ipv6.conf.pan0.temp_prefered_lft = 86400
9 u3 V$ R- x- h# J( E( znet.ipv6.conf.pan0.regen_max_retry = 5. b& T/ D: `3 W) }1 d+ e9 S
net.ipv6.conf.pan0.max_desync_factor = 600& t/ @% J9 M# B" D5 v4 N
net.ipv6.conf.pan0.max_addresses = 165 x, E4 q0 ]) j' V/ P; u( c
net.ipv6.conf.pan0.accept_ra_defrtr = 17 ?$ M0 T- a g5 y0 x
net.ipv6.conf.pan0.accept_ra_pinfo = 1
2 ?: x9 @9 F6 g+ f, M" G$ |( Qnet.ipv6.conf.pan0.accept_ra_rtr_pref = 1$ c1 m! _5 O a0 B, j$ B5 M
net.ipv6.conf.pan0.router_probe_interval = 60
3 f- A7 E A. Bnet.ipv6.conf.pan0.accept_ra_rt_info_max_plen = 05 ~5 [ K! o4 O$ @1 S" U
net.ipv6.conf.pan0.proxy_ndp = 0
- B1 |7 S- ^3 h \0 R: {. x' Knet.ipv6.conf.pan0.accept_source_route = 0
% a2 E7 Z2 O2 a% Vnet.ipv6.conf.pan0.optimistic_dad = 0
/ s7 Y! d$ t8 x1 Jnet.ipv6.conf.pan0.mc_forwarding = 0
2 y- K: ^, g: a- W, mnet.ipv6.conf.pan0.disable_ipv6 = 02 o( e0 i( W) d! X1 O
net.ipv6.conf.pan0.accept_dad = 1
3 g7 m5 c, ]% s& {$ F n' fnet.ipv6.ip6frag_high_thresh = 4194304
6 Z3 i, E7 p1 r+ N2 W% o% H" Tnet.ipv6.ip6frag_low_thresh = 3145728, g+ V7 K. m# o! F0 w& D0 f
net.ipv6.ip6frag_time = 60' u' x0 ?8 l; i6 c$ Z+ m
net.ipv6.route.gc_thresh = 1024
5 H! Z, m; u, X5 A0 `1 Unet.ipv6.route.max_size = 4096# z' q2 s+ i3 u* J) S
net.ipv6.route.gc_min_interval = 0
' q- t5 Y" o# Hnet.ipv6.route.gc_timeout = 60
; u9 ^. @! n) p, }0 Cnet.ipv6.route.gc_interval = 30
' h7 t1 _. T* T9 {0 ]+ gnet.ipv6.route.gc_elasticity = 0. G* E6 ?, I8 m1 l6 g# t7 c& \1 n% A6 i
net.ipv6.route.mtu_expires = 6007 h0 y' B' u! {3 t4 T+ q; a
net.ipv6.route.min_adv_mss = 1* M% l: e% A. {/ v; r' T2 ~# z
net.ipv6.route.gc_min_interval_ms = 500
: r# z7 d0 T. fnet.ipv6.icmp.ratelimit = 1000
- U$ N) r5 n# T8 r( z! s; B& Dnet.ipv6.bindv6only = 0
# F; R' I* U% ]8 p4 Y1 |net.ipv6.nf_conntrack_frag6_timeout = 60
1 [' _, _! c. D4 Snet.ipv6.nf_conntrack_frag6_low_thresh = 3145728* l# j1 w3 W+ G4 u8 f9 ~/ G6 ]
net.ipv6.nf_conntrack_frag6_high_thresh = 4194304
: K+ ~: f; E$ Q9 Wnet.ipv6.ip6frag_secret_interval = 6000 }+ ~ `' W% ~9 b, Q4 }& Y( m
net.ipv6.mld_max_msf = 64
7 H5 y* y7 J4 Dnet.nf_conntrack_max = 655369 E9 ^' Z2 G; n4 m) T( T
net.bridge.bridge-nf-call-arptables = 1
- [. F- q, U# U/ W1 E, a% inet.bridge.bridge-nf-call-iptables = 1
2 i# M! v$ n/ \* Onet.bridge.bridge-nf-call-ip6tables = 15 \& f, m) W# ?* g0 X
net.bridge.bridge-nf-filter-vlan-tagged = 0
0 [& v, }- m' d5 q( Z7 Y, ]7 znet.bridge.bridge-nf-filter-pppoe-tagged = 0# P2 m( r, I2 l$ p
net.unix.max_dgram_qlen = 10
" a3 n7 A0 P2 nabi.vsyscall32 = 1- g4 U" V/ o* x" l
crypto.fips_enabled = 0 |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2022-7-16 07:25:10
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜