- 积分
- 16844
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2022-7-16 07:26:40
|
显示全部楼层
sysctl.conf文件配置详解
5 w1 Y3 Z+ l7 e临时生效
% D0 d$ |, z7 I) o#修改后,马上生效,重启或者service network restart失效" }$ C1 ~' ]3 u/ [. H0 e6 b, `4 y, ~
sysctl -w fs.file-max=999999 l. E6 q" f' T5 w
% P- `1 ^% n' V; Z& O# Y
永久生效
; |6 r* g i4 `( x9 q#vim /etc/sysctl.conf
: W8 d* |9 d! P' W% R/ V8 }7 M- o! Ufs.file-max=999999
0 F* T9 C* e9 n* k#保存后,执行sysctl -p 或者重启服务器生效
" ~0 d' Y2 a3 f: X查看配置) @" k9 r [4 p
sysctl -a #消失全部配置# L% h- | [* |# x ~7 S
sysctl fs.file-max #显示fs.file-max的值
1 i- F M% E! C& u8 G( {# sysctl -a | grep file #模糊查找/ X7 b6 y$ R4 }; p8 M( T8 K* s
参考资料:Linux Tcp参数设置
) Y, b1 \% ^3 w, C# L+ a8 M) v" r, e* n7 t4 g( U8 m3 B
kernel.sched_child_runs_first = 0
+ m: l+ }# g# @( v. _
* m+ b. N& S5 r! q6 bkernel.sched_min_granularity_ns = 3000000
4 w* K6 q& W1 q% R# i1 Hkernel.sched_latency_ns = 150000008 r# J$ b3 @' f8 {% t2 ]
kernel.sched_wakeup_granularity_ns = 3000000/ F7 L+ K2 Z/ m0 i; g9 n
kernel.sched_tunable_scaling = 12 w: J/ i( f) U' g4 O, M
0 w! j ]: J# s; o2 h& {- Ykernel.sched_features = 31837 ~8 I8 r. }! u5 A+ {
kernel.sched_migration_cost = 500000
4 G9 F8 S; j" h1 y7 k9 Rkernel.sched_nr_migrate = 32' y: l6 d! ]' u2 o9 r; J
kernel.sched_time_avg = 1000! m7 |) S7 C' ~0 n! ]8 M. [ D3 d
kernel.sched_shares_window = 10000000
2 o3 @) @( i: hkernel.timer_migration = 1
5 V$ Y/ z) l8 @0 y$ ]kernel.sched_rt_period_us = 1000000
- \& w8 @) v5 L2 Qkernel.sched_rt_runtime_us = 950000
: y+ Y7 v6 {0 x$ ^" J/ H, n. {1 akernel.sched_compat_yield = 00 W1 A/ s" @' \! D) K
kernel.sched_rr_timeslice_ms = 100# _7 p: n+ x5 ?! \: M
kernel.sched_autogroup_enabled = 0% @' j" ?0 w' S! I, n0 y
kernel.sched_cfs_bandwidth_slice_us = 5000( q1 h1 A$ W( p b9 U% S+ Z N" V
kernel.panic = 0, d" N+ x1 ]5 K- x
kernel.exec-shield = 1
* k' H: r. C& \. tkernel.core_uses_pid = 1
7 \- v% C1 D( D/ A; F& |" {kernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e. t; o1 e; H8 v$ j: P* ~
kernel.core_pipe_limit = 4
: c6 @1 K) b& ^ Kkernel.tainted = 0# D6 Z! M1 k" p m
kernel.real-root-dev = 0" u) w+ K7 q# z [$ N) ~
kernel.print-fatal-signals = 0
( Q8 w2 J& e# T* G3 Bkernel.ctrl-alt-del = 0
/ D+ q" f- T" Tkernel.ftrace_enabled = 1* }* m; C: J" S" A; c& j
kernel.stack_tracer_enabled = 0
( m* F9 ^. s5 K( O- \kernel.ftrace_dump_on_oops = 0
/ o3 T; v& M6 fkernel.modprobe = /sbin/modprobe' v4 S2 e" s3 y. A5 `' h
kernel.modules_disabled = 0
: e& H1 U& a! ]; s/ n) N* Okernel.kexec_load_disabled = 0
$ q" U2 Q# Y4 U$ K. }, M# \( w4 Dkernel.hotplug =; T, [: \ N9 Y+ V2 O7 g
kernel.acct = 4 2 30- E1 W7 @5 X B% v4 x3 I9 x
kernel.sysrq = 0
, M: I. a* |! ?" o" U9 N; }; Mkernel.cad_pid = 1$ w; j: v# i$ O3 q( I( r
kernel.threads-max = 60719
0 B( z# O6 j" |3 e& Rkernel.random.poolsize = 4096
( W( q4 F, x3 d4 b7 ?- c" Vkernel.random.entropy_avail = 455: `/ E$ ~7 r1 T# B
kernel.random.read_wakeup_threshold = 64
7 Y: q1 k; G6 n, ~6 x& w4 O' E! Wkernel.random.write_wakeup_threshold = 1280 e6 p, l( o6 @) T# I
kernel.random.boot_id = 7ed1dbbb-9671-4ee2-8d81-58c58ba824ac% C" G. w4 y; C$ r) M; Y& z3 f
kernel.random.uuid = d1f372bb-bca8-4338-9d48-b9855a4ec41a, z+ b: F5 ]; s9 }$ @* A ?
kernel.usermodehelper.bset = 4294967295 42949672957 Y3 X- Z" ]+ l5 o. J& f# M
kernel.usermodehelper.inheritable = 4294967295 4294967295. ^3 x! Z( Z1 U, w3 f6 X* ~4 v$ C
kernel.overflowuid = 655343 f4 y' R/ F2 T4 k1 G0 D
kernel.overflowgid = 65534
% v9 M. I; I0 r4 ykernel.pid_max = 131072
' T j* o. o* h3 L4 A' Gkernel.panic_on_oops = 1
* A* U; G- Y2 p% t' X2 Bkernel.printk = 4 4 1 7
- B/ h$ h" s/ {( @3 S5 ]- v2 p, akernel.printk_ratelimit = 5
2 t- v/ G( P# Z* o) E8 ?0 ~kernel.printk_ratelimit_burst = 10
( O* p8 d3 c$ m* Q! I% fkernel.printk_delay = 0+ P `: y$ B5 E% e% c3 W' `
kernel.dmesg_restrict = 0
2 W5 t, m% t( l/ H! O+ ^kernel.kptr_restrict = 1
# Q2 }9 R( U/ [: K9 s hkernel.ngroups_max = 65536- J0 |$ H9 e1 `$ M/ C
kernel.watchdog = 13 a* W' C3 E ]) J, @6 E
kernel.watchdog_thresh = 60
4 q+ j" ^% q/ U: `kernel.softlockup_panic = 0
: P9 w3 t" b, M G# O! i- Pkernel.nmi_watchdog = 1
5 G7 ]# `+ X! j- X# ikernel.unknown_nmi_panic = 0. b: h( S: O: x8 M8 a( n" b) a
kernel.panic_on_unrecovered_nmi = 0
, G# S4 l1 [. `- g' ^- S( r/ hkernel.panic_on_io_nmi = 0* u+ _7 b& J$ i8 T/ ^0 L) y& x
kernel.bootloader_type = 113! |3 @* i, ~# G5 m
kernel.bootloader_version = 1! {5 ^- |( j0 p8 I$ L
kernel.kstack_depth_to_print = 12/ j9 l! H5 g5 Q' H& X7 C
kernel.io_delay_type = 0
- _/ c6 H3 F; l3 v* {4 Rkernel.randomize_va_space = 2
/ _; @* i- |) {, ~7 r% g: {kernel.acpi_video_flags = 0
' D( U9 g* s8 |0 Pkernel.hung_task_panic = 0
5 ~7 D% V$ R* b9 r0 v4 Akernel.hung_task_check_count = 4194304. _6 N' M3 ^" ?' p% S& n
kernel.hung_task_timeout_secs = 1207 O2 A1 L0 q, r4 g" w+ E8 m
kernel.hung_task_warnings = 10
; w4 X1 ^% J+ ~- Z/ r3 qkernel.compat-log = 1( D; r* G+ {) C7 O! l
kernel.max_lock_depth = 1024* U8 q! C4 B) Q" W6 o
kernel.poweroff_cmd = /sbin/poweroff
1 H; ?. N* _; h0 {kernel.keys.maxkeys = 200
; n% z( o7 E m+ gkernel.keys.maxbytes = 20000
; }: F1 q# _1 w% ]. F; A8 I% mkernel.keys.root_maxkeys = 1000000
8 T% L/ Y6 R- L+ o7 Z- S" ~6 u& dkernel.keys.root_maxbytes = 25000000 a, W( y4 {/ [3 G# Q
kernel.keys.gc_delay = 300
- h( j/ i; Q6 ^kernel.slow-work.min-threads = 2
/ o* O/ c) @: Xkernel.slow-work.max-threads = 128
4 s- o0 m) P1 I7 ~! {+ R. Wkernel.slow-work.vslow-percentage = 50+ L F4 D g5 m/ a
kernel.perf_event_paranoid = 1
& U' e. [2 m& J" Vkernel.perf_event_mlock_kb = 516
4 p1 w" F3 i4 t4 @4 ikernel.perf_event_max_sample_rate = 100000
1 |% K& L. U; t) |kernel.blk_iopoll = 1
+ D' t* y1 W! d6 ukernel.sched_domain.cpu0.domain0.min_interval = 1
' z7 m/ R) c, K( T. }/ \- p" Akernel.sched_domain.cpu0.domain0.max_interval = 4
% Q! W3 x$ f2 R- P. o5 H! {kernel.sched_domain.cpu0.domain0.busy_idx = 2: u! ?6 C/ }# b* U( A p6 ^
kernel.sched_domain.cpu0.domain0.idle_idx = 1
. {/ d8 Y2 x4 \! J2 v7 _5 X* {kernel.sched_domain.cpu0.domain0.newidle_idx = 0
) E, e" S5 W, ], w9 Fkernel.sched_domain.cpu0.domain0.wake_idx = 0. n$ C# \) N( ]' s. Q
kernel.sched_domain.cpu0.domain0.forkexec_idx = 09 i9 ], A8 w. |( ~& f
kernel.sched_domain.cpu0.domain0.busy_factor = 64
& b5 ?. }) L% c& a5 Ukernel.sched_domain.cpu0.domain0.imbalance_pct = 125" Z ?/ W- K& r$ r5 m! S Y
kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1% P2 E, X* p3 B( d& U+ P7 s
kernel.sched_domain.cpu0.domain0.flags = 4143
I5 b- ~, M: C! b+ |# o3 n4 ?kernel.sched_domain.cpu0.domain0.name = CPU" X4 C- T' j( W, B- c% y4 f8 s
kernel.sched_domain.cpu1.domain0.min_interval = 1% Q) x) f- |& y5 J: z
kernel.sched_domain.cpu1.domain0.max_interval = 4
( A A* u* q) Y# M& W, G }) Dkernel.sched_domain.cpu1.domain0.busy_idx = 2
: F" `! l( K- P8 Ykernel.sched_domain.cpu1.domain0.idle_idx = 1+ z! l! g/ ^' O% C
kernel.sched_domain.cpu1.domain0.newidle_idx = 0
7 n6 _ ?) j! fkernel.sched_domain.cpu1.domain0.wake_idx = 0
. o1 a& E- A @3 G! d N2 Z* ukernel.sched_domain.cpu1.domain0.forkexec_idx = 0
- W v/ ^7 l6 \% X4 Ukernel.sched_domain.cpu1.domain0.busy_factor = 64
* Y) f8 E; {/ \& \6 m) A# Gkernel.sched_domain.cpu1.domain0.imbalance_pct = 125
! O# |- N) a% o ]kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1
( L' p( [# W; N5 t! Skernel.sched_domain.cpu1.domain0.flags = 4143$ M- o; ^! j- T' R! G* P# ?
kernel.sched_domain.cpu1.domain0.name = CPU
2 G/ e8 b9 W. u5 U3 J. Z0 Mkernel.sched_domain.cpu2.domain0.min_interval = 1
% }" P. ^. r* x( w" t0 ^: {kernel.sched_domain.cpu2.domain0.max_interval = 4
& E+ e) w! S* p B8 j: d" [) hkernel.sched_domain.cpu2.domain0.busy_idx = 2
/ U6 o/ h# T) o: akernel.sched_domain.cpu2.domain0.idle_idx = 1
) l; S% t( E+ d& d" g* U/ |kernel.sched_domain.cpu2.domain0.newidle_idx = 05 }) X9 I: p/ s0 i: X1 n/ ^$ I8 d" ~
kernel.sched_domain.cpu2.domain0.wake_idx = 0* `: X2 F5 N- v
kernel.sched_domain.cpu2.domain0.forkexec_idx = 0
- @: h( F3 @0 V1 Z' \" k, z3 E$ Jkernel.sched_domain.cpu2.domain0.busy_factor = 64) x2 u/ _" N `( [3 G# N
kernel.sched_domain.cpu2.domain0.imbalance_pct = 125& I s) S- ^8 Z& g* |, j b9 p
kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
r% x% }6 J4 A9 T) hkernel.sched_domain.cpu2.domain0.flags = 41436 V A: R7 u3 A ^9 \
kernel.sched_domain.cpu2.domain0.name = CPU" n0 c4 O/ s4 h, C6 w
kernel.sched_domain.cpu3.domain0.min_interval = 16 @- z- _; z9 I! p: c H1 |; O
kernel.sched_domain.cpu3.domain0.max_interval = 4
6 O9 s$ O8 R E# I' Z8 P6 f0 b3 Mkernel.sched_domain.cpu3.domain0.busy_idx = 2! `& @2 L# {- s
kernel.sched_domain.cpu3.domain0.idle_idx = 1' g, Y2 k) v3 }* o5 u) N Y) J
kernel.sched_domain.cpu3.domain0.newidle_idx = 0* ?8 y: P9 t) O/ m8 C: M
kernel.sched_domain.cpu3.domain0.wake_idx = 0
7 u; h7 p5 W+ N o* d0 `" v! R9 m- _" ukernel.sched_domain.cpu3.domain0.forkexec_idx = 0( S7 [$ Q/ Y7 g% i) G0 c
kernel.sched_domain.cpu3.domain0.busy_factor = 64
) N# F4 q' L4 M5 p% R! Zkernel.sched_domain.cpu3.domain0.imbalance_pct = 1255 ]$ u' Z% n3 z! N, j$ v
kernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
5 K6 Y" y- J0 C# Y x1 `0 x, K5 |kernel.sched_domain.cpu3.domain0.flags = 41437 V/ `; j$ X) N* n! B; P
kernel.sched_domain.cpu3.domain0.name = CPU0 O4 n2 {! @. i2 {- X
kernel.vsyscall64 = 12 U% h/ I1 Z# r( s5 N: S2 _4 l+ S: h
kernel.ostype = Linux
8 ]" M* T; |/ ?% b* Dkernel.osrelease = 2.6.32-504.el6.x86_64
* H+ G4 G. j0 Kkernel.version = #1 SMP Wed Oct 15 04:27:16 UTC 2014; q4 Z+ Y1 ]% B0 j/ m7 Z
kernel.hostname = xapi.128.com& \" K$ Y7 j, v* |
kernel.domainname = (none)3 U; r- }9 J- R* c' G3 E
kernel.pty.max = 4096
9 L" u# R9 u4 ~9 f" `: a0 [kernel.pty.nr = 10 p- Z& n0 ^+ C7 D+ ^" ]
kernel.shmmax = 68719476736: M% E) |% ]5 T
kernel.shmall = 4294967296
2 n) J1 l' S& q4 Z" I* r- Qkernel.shmmni = 4096
' N L+ O2 n* c1 V2 }kernel.shm_rmid_forced = 0
. w( H9 n* V' Xkernel.msgmax = 65536% ^& {# e6 O. _8 O7 k4 }2 x" @
kernel.msgmni = 76272 r& X {9 B# [/ Z$ P. b
kernel.msgmnb = 65536. y( ~- t1 _: z1 O- v: Z
kernel.sem = 250 32000 32 128
* s; J" {( \' Z$ J2 Zkernel.auto_msgmni = 1
, T: D8 o$ R$ E) u3 S3 cvm.overcommit_memory = 0
& i) {2 J7 A0 w6 _! Z& b' q/ @1 Evm.panic_on_oom = 0
) o. y1 V+ P, V9 p9 j8 ]! O$ cvm.oom_kill_allocating_task = 0& S& r1 \. s0 B- v' B) I
vm.extfrag_threshold = 500' [5 o' p% @4 O
vm.oom_dump_tasks = 1
5 l+ s4 D. f: xvm.would_have_oomkilled = 0# c- I& B/ N/ F) V# j* E7 V
vm.overcommit_ratio = 50& l6 j5 C+ k) D( _! S7 }
vm.overcommit_kbytes = 0
/ j6 R2 ?" p1 Y9 s& Jvm.page-cluster = 3
# C% H5 U1 H, s) t ^1 i+ B' Wvm.dirty_background_ratio = 10$ Z" F9 f! k' Y4 y9 _
vm.dirty_background_bytes = 0* Z) t0 P X. R; f
vm.dirty_ratio = 207 r' [2 K: P2 X3 }* O B- }
vm.dirty_bytes = 07 g$ L, G1 k6 x3 o5 F- ]
vm.dirty_writeback_centisecs = 5002 D, V% f! U" `* W6 _, q
vm.dirty_expire_centisecs = 3000
; B' G. Q3 T* p/ d- Evm.nr_pdflush_threads = 0
2 N, }+ ~4 M6 |3 U! r+ f- rvm.swappiness = 60$ j" ~6 D1 \# z) ]
vm.nr_hugepages = 0) z( m- a6 ]& Y! O
vm.nr_hugepages_mempolicy = 0- O3 \7 S7 x* \/ J. `8 m
vm.hugetlb_shm_group = 0# \# v* v% t/ |* ]% J0 g2 o
vm.hugepages_treat_as_movable = 0. j5 J4 m1 B5 v
vm.nr_overcommit_hugepages = 0 V# v+ m8 S! d. m3 A* _# K
vm.lowmem_reserve_ratio = 256 256 322 R: L t% U% m0 ^1 p% `# K
vm.drop_caches = 0
8 y+ X' x$ H& N( U* x! P) k. uvm.min_free_kbytes = 675848 [" ^$ O+ O4 C
vm.extra_free_kbytes = 0* i3 h; Z K6 ?& D, b0 a
vm.unmap_area_factor = 0
+ g& X. Y1 U7 ~8 F2 L' f1 g/ ]0 pvm.meminfo_legacy_layout = 1
2 G, Z' m8 p: m) F1 n$ E/ [! ^* ]+ Z- yvm.percpu_pagelist_fraction = 0
+ Z" o) d) J# u$ ~vm.max_map_count = 65530
) A7 v3 q' r" ^% l( C# qvm.laptop_mode = 0' K6 p* L& y+ \
vm.block_dump = 0$ F) \5 ~% R6 E' l N( w
vm.vfs_cache_pressure = 100
8 {+ H1 S) }- y4 P8 B3 ivm.legacy_va_layout = 0
! W. [% ^ r. l9 r. svm.zone_reclaim_mode = 0% E* o3 r7 W& i" m/ s1 c
vm.min_unmapped_ratio = 1: O* E- i" v9 Q
vm.min_slab_ratio = 5
: l& U: t3 q: l' \0 Zvm.stat_interval = 1. a( c" O" r8 K9 C0 c
vm.mmap_min_addr = 4096" P% B7 e; t$ O s' a$ J
vm.numa_zonelist_order = default6 B' R( S& ?5 }% y& [4 L' ]
vm.scan_unevictable_pages = 0* ]) p! i8 [) H1 J! j
vm.memory_failure_early_kill = 0
% B ]& X# O7 R+ kvm.memory_failure_recovery = 1 P3 \, D$ s+ q8 l. m
fs.inode-nr = 14659 243
9 s5 a1 ?# A3 `fs.inode-state = 14659 243 0 0 0 0 0
7 Q( n8 t: t! T8 y$ m# Z# K0 ^fs.file-nr = 1216 0 3854920 i+ V% Q$ k. o8 h6 H/ j4 w5 r
- R& F3 J$ z" M5 M$ J& B; G#【nginx】这个参数表示系统(所有)可以同时打开的最大句柄数,这个参数直接限制最大并发连接数,需根据实际情况配置。wd=8115156 K3 V( P( Z" f: L* c
# file-max与ulimit的区别
$ @1 H5 X7 ^: L D% i, z0 m/ q& [fs.file-max = 385492, Y) D4 i* P3 i
y1 T/ O) d) O0 A8 L ?2 ]: E9 ]0 Zfs.nr_open = 1048576
, _0 w- M: i" K2 H pfs.dentry-state = 15088 6375 45 0 0 0
5 S" q* X% x y* Q6 bfs.overflowuid = 65534& \! ~# ]4 O( P. f. P/ F' p! O
fs.overflowgid = 65534
; X8 `" |8 P1 C1 jfs.leases-enable = 1
* c! ]# e( R/ ^fs.dir-notify-enable = 18 e! M4 @2 W: C7 p3 a
fs.lease-break-time = 459 s" J" `5 C0 B4 \/ i; y
fs.aio-nr = 0" i4 N& j' O+ \: o% R
fs.aio-max-nr = 65536
9 D5 r! }& Y$ {0 P' Efs.inotify.max_user_instances = 1287 U1 t2 Z6 Z! Z2 p+ w3 _% P% M) d
fs.inotify.max_user_watches = 8192! a, o& o. k. f3 `0 G, S' S
fs.inotify.max_queued_events = 16384
- n! [' S$ |2 R8 g; z% bfs.epoll.max_user_watches = 7958526 @9 f- N I* E' I5 u9 w4 t
fs.suid_dumpable = 09 _6 Y& E6 j- I# E
fs.binfmt_misc.status = enabled
6 B; g1 ]& g0 u; y8 ~fs.quota.lookups = 0. u6 O$ |. }, c V- [/ `/ {8 N$ Z
fs.quota.drops = 0: ?$ Z6 S$ O6 s3 ?) G
fs.quota.reads = 0
9 V0 B1 e- J- B2 {& _0 nfs.quota.writes = 0- r% ?9 J7 N5 c. U8 @
fs.quota.cache_hits = 0
& {5 y+ U" T9 D# }+ p& pfs.quota.allocated_dquots = 0
) j' I5 U. P1 Vfs.quota.free_dquots = 0' R( w1 Y! |7 f* Q, p! U- S
fs.quota.syncs = 4
! q# _# d" N8 ]7 tfs.quota.warnings = 1
' B. F- L) P( M$ Ufs.mqueue.queues_max = 2560 L- j9 F8 l* v' d d
fs.mqueue.msg_max = 10
! y, o0 a5 {, P" |) }/ Rfs.mqueue.msgsize_max = 8192
- `9 h. C+ X. [4 U# g1 `fs.mqueue.msg_default = 10
- x# x/ ^' H! W( I2 V; `, F- Ofs.mqueue.msgsize_default = 8192
& e9 d3 k. o0 q' \. p. U Ydebug.exception-trace = 1
1 ^6 [$ \# ?7 z1 _debug.kprobes-optimization = 1( _1 T. b* I$ W% N% X9 q8 ]
dev.scsi.logging_level = 0
3 k% e) U1 n* d1 F& Z/ @, b ?5 Xdev.raid.speed_limit_min = 1000
' a7 w8 q. Y5 ?9 ^% r4 ~dev.raid.speed_limit_max = 200000$ l+ x5 C9 M, @, E1 b
dev.hpet.max-user-freq = 64* Q* y0 Z% N3 H. E
dev.mac_hid.mouse_button_emulation = 0
n9 R% O5 G2 {/ o) k2 B8 odev.mac_hid.mouse_button2_keycode = 97# R) J8 \3 q# [# L- t' o. I0 T
dev.mac_hid.mouse_button3_keycode = 100- e) S6 e7 g: H& e5 J# ~
dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17: } o0 z; g% K6 \8 q" X1 m
dev.cdrom.info =6 l+ f' X( `, T
dev.cdrom.info = drive name: sr0
6 p9 M- F5 D% N0 I) D2 fdev.cdrom.info = drive speed: 3064 N% h. a; s% p) r u8 z; ~8 \
dev.cdrom.info = drive # of slots: 1
4 i2 }7 E+ h; m7 mdev.cdrom.info = Can close tray: 14 _- z+ h. \" H( R% ~ l, J9 Z
dev.cdrom.info = Can open tray: 1& u4 W0 Z9 x( x8 u+ [5 }: U; c
dev.cdrom.info = Can lock tray: 1
/ m# J! l& u: \2 d: g! mdev.cdrom.info = Can change speed: 14 z( G5 ]' t7 r$ A9 `: S+ ^# Q8 H
dev.cdrom.info = Can select disk: 0
( G+ {4 ?4 I! l6 @" ?* ~dev.cdrom.info = Can read multisession: 1! o5 O# M2 I$ |$ _8 i
dev.cdrom.info = Can read MCN: 1, j7 L! y* |7 ^! m( X
dev.cdrom.info = Reports media changed: 1
$ m1 Y7 U1 V/ ?9 C" U z/ W% ]6 bdev.cdrom.info = Can play audio: 1
9 {8 y& \9 ~* f: Fdev.cdrom.info = Can write CD-R: 0
( Q! a/ ?9 M8 H4 Y0 v8 c% Kdev.cdrom.info = Can write CD-RW: 0
! N3 E+ {1 N4 Z+ \) A* V, ndev.cdrom.info = Can read DVD: 1
0 h7 x! Z/ n% _& B/ a1 ^' fdev.cdrom.info = Can write DVD-R: 0) P4 M0 R$ w$ N# u; P
dev.cdrom.info = Can write DVD-RAM: 0; ~2 X' H; h. q
dev.cdrom.info = Can read MRW: 1+ ^; p. ]1 @ \# o
dev.cdrom.info = Can write MRW: 10 Q, o% d8 i- D# X! C
dev.cdrom.info = Can write RAM: 1
/ h! i4 ?, E3 j4 t, z. Ndev.cdrom.info =
5 D' n, `$ Z! G5 `; mdev.cdrom.info =
& C* Z# x1 u3 s, mdev.cdrom.autoclose = 1+ U. \6 ^/ y+ O I4 A7 V
dev.cdrom.autoeject = 01 y; o9 f3 T* I( A! L; _8 u B
dev.cdrom.debug = 0
; X4 T2 g" [: P9 Jdev.cdrom.lock = 1! `! C- |9 P9 ^8 S* g' W# i/ C
dev.cdrom.check_media = 0
0 f. P* i/ p, ?2 v& o$ g! hnet.netfilter.nf_log.0 = NONE
1 ]# _6 ~* ]& K) ]8 ^9 @net.netfilter.nf_log.1 = NONE
# J" w+ J) q) N+ k' inet.netfilter.nf_log.2 = NONE/ _. \; `) Z* ?+ B7 V
net.netfilter.nf_log.3 = NONE! c4 B/ ?8 p9 Q7 l8 I8 Z' @( T- o
net.netfilter.nf_log.4 = NONE
4 l: l6 M2 B0 \6 u+ @8 knet.netfilter.nf_log.5 = NONE
! h3 Q l# t' U; c. X' o" H% Inet.netfilter.nf_log.6 = NONE1 L5 i. @/ s& E8 x+ m- |/ ~
net.netfilter.nf_log.7 = NONE
8 j! g, N5 I" g3 T6 O1 Xnet.netfilter.nf_log.8 = NONE: @6 F) y* m2 p2 I
net.netfilter.nf_log.9 = NONE
8 V9 M5 B1 o3 H+ U T; |( lnet.netfilter.nf_log.10 = NONE8 _) V5 @3 `. u! W0 |3 n( t, |
net.netfilter.nf_log.11 = NONE
% p% A+ A1 @, F( anet.netfilter.nf_log.12 = NONE/ T5 o" q3 g9 U7 q. m& X7 @
net.netfilter.nf_conntrack_generic_timeout = 600
5 J3 F: x+ O- V. g. [( O# Bnet.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
3 B' [& `, X/ snet.netfilter.nf_conntrack_tcp_timeout_syn_recv = 602 ]# M' Y( J4 _ H) Q
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
& P- J2 n: ^6 J6 M+ f2 Wnet.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
$ B" @, g$ t6 \/ h" x9 {net.netfilter.nf_conntrack_tcp_timeout_close_wait = 600 J2 L8 \) C+ j+ N2 ~3 K+ Q
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30% F" L, F* ]% u" P$ N& F t+ G: ?
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
5 X# T3 @& r5 b# U% Q( F( P8 f$ ynet.netfilter.nf_conntrack_tcp_timeout_close = 10
# G5 W( `" U' X0 `net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300( k% _5 H3 J/ _, b! @6 N
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 3005 k1 Q; n) y1 \8 O& ~
net.netfilter.nf_conntrack_tcp_loose = 15 {4 S0 w1 B( |/ C
net.netfilter.nf_conntrack_tcp_be_liberal = 0
* e) U) K7 [3 ]net.netfilter.nf_conntrack_tcp_max_retrans = 35 \% B. B% G, N
net.netfilter.nf_conntrack_udp_timeout = 30! t! R* u k& [) K0 S( R* G
net.netfilter.nf_conntrack_udp_timeout_stream = 180" i) q, {/ |! X
net.netfilter.nf_conntrack_icmpv6_timeout = 30
. P7 p7 }5 E% E D8 ynet.netfilter.nf_conntrack_acct = 0! S) J+ j9 [5 q0 n. V
net.netfilter.nf_conntrack_events = 1
1 G' P: [# z0 Bnet.netfilter.nf_conntrack_events_retry_timeout = 15) a k+ f: k7 Y
net.netfilter.nf_conntrack_max = 65536
% K8 f$ ]+ J0 a& r8 p, t1 gnet.netfilter.nf_conntrack_count = 0
+ K) {5 |+ m. x* h- x6 `' ?% znet.netfilter.nf_conntrack_buckets = 16384" m! f% V6 t: t5 [9 p
net.netfilter.nf_conntrack_checksum = 1. \% l( _) r' W7 S& W0 U
net.netfilter.nf_conntrack_log_invalid = 0
6 D& X; I7 H. {net.netfilter.nf_conntrack_expect_max = 256 g0 j7 G; z6 P" @
net.core.somaxconn = 128
& ^! V6 A: P1 q0 C$ r Snet.core.xfrm_aevent_etime = 10& e! n$ `( l2 j: y7 k6 p5 q
net.core.xfrm_aevent_rseqth = 2# _% [ C7 S+ N( R4 E2 g
net.core.xfrm_larval_drop = 1& j& R5 X& P1 t
net.core.xfrm_acq_expires = 30& j# O j2 }* c4 i& r
' ]* N5 {) {8 w#【nginx】这个参数表示内核套接字发送缓存区的最大大小。; z. w& u" ?. G
#【nginx】这个参数表示内核套接字接收缓存区的最大大小。
* J- u. x, i8 b- q; j! v#【nginx】这个参数表示内核套接字发送缓存区默认的大小。* M# q0 C9 ]; h9 E* i7 Y. U
#【nginx】这个参数表示内核套接字接收缓存区默认的大小。
3 F3 ]. }/ R h5 W. _% G' ^4 a#注意 滑动窗口的大小与套接字缓存区会在一定程度上影响并发连接的数目。每个TCP连接都会为维护TCP滑动窗口而消耗内存,这个窗口会根据服务器的处理速度收缩或扩张。
V& W. t0 r X8 ]' u" E5 m! Q& y参数wmem_max的设置,需要平衡物理内存的总大小、Nginx并发处理的最大连接数量(由nginx.conf中的worker_processes和worker_connections参数决定)而确定。当然,如果仅仅为了提高并发量使服务器不出现Out Of Memory问题而去降低滑动窗口大小,那么并不合适,因为滑动窗口过小会影响大数据量的传输速度。rmem_default、wmem_default、rmem_max、wmem_max…
* r+ H8 i) I- w! U8 p( Q#参考:可靠传输的实现
" D& q, y0 V0 P1 T) Ynet.core.wmem_max = 124928 //wd=124928
% }! ?+ N. z" y& [' Mnet.core.rmem_max = 124928 //wd=124928
- C" y K' g7 G- x) Unet.core.wmem_default = 124928 //wd=1249282 W7 l8 p- E$ `5 h a
net.core.rmem_default = 124928//wd=1249280 e" F. D, ~9 t, _
+ \0 e$ w7 f' @
net.core.dev_weight = 64
; u' Z4 z* T( J$ x2 ?8 I4 @# G& t
' q1 L8 J+ O4 j# A* l#【nginx】当网卡接收数据包的速度大于内核处理的速度时,会有一个队列保存这些数据包。这个参数表示该队列的最大值。wd=32768
3 [9 l/ T" q2 J& Fnet.core.netdev_max_backlog = 10004 w9 k: j2 U% s+ N4 f7 N% M
net.core.message_cost = 5
4 D8 m3 L; i! b0 Jnet.core.message_burst = 10$ k5 ~2 ?* E! c5 a9 B; ^1 N) n
net.core.optmem_max = 20480# T Z& M6 H: v
net.core.rps_sock_flow_entries = 0
7 R7 `/ y$ o9 R- Wnet.core.busy_poll = 09 b' V* E8 |0 p K' s+ F: e0 c" R
net.core.busy_read = 0
6 k) B3 Q s: G3 g1 a) B; {net.core.netdev_budget = 3001 {5 q% c' D) A# g" J! C. _
net.core.warnings = 13 v7 a( E% d, e
net.ipv4.route.gc_thresh = 131072
1 g" b. A! D+ w8 j% anet.ipv4.route.max_size = 2097152
( V/ k; F: E, f5 P9 a# N( Unet.ipv4.route.gc_min_interval = 0" ~8 o4 @3 I7 H: N. z
net.ipv4.route.gc_min_interval_ms = 500
2 w; l; b$ }" u; p) T. t ynet.ipv4.route.gc_timeout = 300; i/ g+ d& B- H( L& l
net.ipv4.route.gc_interval = 60
( k" w" S3 M5 A: c$ k- {* } inet.ipv4.route.redirect_load = 20
$ Q# z, R ]' a4 Fnet.ipv4.route.redirect_number = 9
! l& q% b7 _- R2 X9 o; ?( znet.ipv4.route.redirect_silence = 20480( z+ R$ M# m. N# W* }
net.ipv4.route.error_cost = 1000
+ Z. i6 H6 }& L( y3 B9 z9 u, H; M3 Onet.ipv4.route.error_burst = 5000
( d. h" N% R; e6 _4 xnet.ipv4.route.gc_elasticity = 8
3 ^4 c' E5 h: xnet.ipv4.route.mtu_expires = 600
) }. ~& y* @1 w$ ]+ ~- `( u- tnet.ipv4.route.min_pmtu = 552
4 q" O% d( D' enet.ipv4.route.min_adv_mss = 256 k& d, G7 n3 A7 u) I
net.ipv4.route.secret_interval = 6007 H1 [2 [3 }. w; V0 p
net.ipv4.neigh.default.mcast_solicit = 3 a8 n! N; h* Q& ~" @8 G2 B
net.ipv4.neigh.default.ucast_solicit = 3. q. ]% W7 w4 _1 T! w: J+ D X' ?
net.ipv4.neigh.default.app_solicit = 0
% I2 h( Z p- S+ ?. z; l- ynet.ipv4.neigh.default.retrans_time = 99: V+ L* j; n7 F" H& K
net.ipv4.neigh.default.base_reachable_time = 30
3 ^% k( g. g2 L ~; z2 o) |; Wnet.ipv4.neigh.default.delay_first_probe_time = 5: y& W" c2 ?' p) a; n. g
net.ipv4.neigh.default.gc_stale_time = 60' _3 Z: ^ H* n8 U
net.ipv4.neigh.default.unres_qlen = 3
; }7 A- r% Z( Q! N2 znet.ipv4.neigh.default.proxy_qlen = 64
8 C$ i+ H, n* Jnet.ipv4.neigh.default.anycast_delay = 99
4 H1 r8 n7 {2 ^, j1 o; |net.ipv4.neigh.default.proxy_delay = 79, U2 C' z/ R% Q! l, X6 P
net.ipv4.neigh.default.locktime = 99
2 I W6 c9 w/ g6 Knet.ipv4.neigh.default.retrans_time_ms = 1000
6 j# h) t0 D: L/ \net.ipv4.neigh.default.base_reachable_time_ms = 30000
: h' u7 d: ]/ _- gnet.ipv4.neigh.default.gc_interval = 30
9 W# F @5 ^; N' u6 ]net.ipv4.neigh.default.gc_thresh1 = 128
, M/ k" a2 s. a/ q0 }net.ipv4.neigh.default.gc_thresh2 = 512
: [$ X! B3 D6 s6 S" v: ^0 S8 Enet.ipv4.neigh.default.gc_thresh3 = 1024
, }: I& g! O* j2 `$ d* [/ dnet.ipv4.neigh.lo.mcast_solicit = 3
5 h' z3 O% p& \9 R. s/ ~4 a% _net.ipv4.neigh.lo.ucast_solicit = 3
) t9 \. M/ o/ ]" Jnet.ipv4.neigh.lo.app_solicit = 07 S8 w7 P$ k9 j6 r
net.ipv4.neigh.lo.retrans_time = 99
' b* N' D% q, h8 Y* c/ \# bnet.ipv4.neigh.lo.base_reachable_time = 30
- r* D8 |% V3 A6 C- j" s& ]+ |6 Lnet.ipv4.neigh.lo.delay_first_probe_time = 5
& x) g2 d9 |' c) N5 Rnet.ipv4.neigh.lo.gc_stale_time = 60$ c& L! z2 i8 [3 t
net.ipv4.neigh.lo.unres_qlen = 3: G2 g2 [# M+ r6 u
net.ipv4.neigh.lo.proxy_qlen = 64
: x- e- g: {4 f& V4 Y" z _net.ipv4.neigh.lo.anycast_delay = 99+ p' Y( L+ V, ] H- Y6 }* J: P( K( a
net.ipv4.neigh.lo.proxy_delay = 79
/ {+ P: f9 i# X5 l3 ynet.ipv4.neigh.lo.locktime = 99- P. z; `+ H, V( |0 d" G
net.ipv4.neigh.lo.retrans_time_ms = 1000+ M9 q$ y3 ~* \; q$ k
net.ipv4.neigh.lo.base_reachable_time_ms = 300003 ?; G1 P' O: w8 c
net.ipv4.neigh.eth0.mcast_solicit = 35 q5 B) @9 n- }$ \$ Y
net.ipv4.neigh.eth0.ucast_solicit = 3
9 V. e( t7 `8 Dnet.ipv4.neigh.eth0.app_solicit = 0
) Y' Q$ W3 X ?net.ipv4.neigh.eth0.retrans_time = 99& R+ u2 L/ ~. ^# V; s
net.ipv4.neigh.eth0.base_reachable_time = 30. ~' q7 A: `6 r; M5 ~8 C: R
net.ipv4.neigh.eth0.delay_first_probe_time = 5
- M! q9 d$ ~6 v' O7 }. k1 Fnet.ipv4.neigh.eth0.gc_stale_time = 60
; @9 v. [+ k# m- Hnet.ipv4.neigh.eth0.unres_qlen = 3
/ m M" S- P4 E3 X2 Fnet.ipv4.neigh.eth0.proxy_qlen = 64
7 Q$ Q6 C/ a! v( D- l. ^: y) Lnet.ipv4.neigh.eth0.anycast_delay = 99
8 D* B% \" O& Z8 o0 rnet.ipv4.neigh.eth0.proxy_delay = 79
4 f9 ?2 f, R2 o* Qnet.ipv4.neigh.eth0.locktime = 990 T* i" o1 y8 F/ W8 M
net.ipv4.neigh.eth0.retrans_time_ms = 1000' x. I. a8 y+ n/ h1 T
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000+ C5 m; X* i& m( B a5 W( m6 P
net.ipv4.neigh.pan0.mcast_solicit = 3
1 Z, |0 c! H3 \# Enet.ipv4.neigh.pan0.ucast_solicit = 3
' Z! f. j u2 znet.ipv4.neigh.pan0.app_solicit = 0
* c+ G+ s R! lnet.ipv4.neigh.pan0.retrans_time = 991 q6 t. q" M2 ~: t5 T3 o# d
net.ipv4.neigh.pan0.base_reachable_time = 30% f3 ^0 A% ~' f0 Y
net.ipv4.neigh.pan0.delay_first_probe_time = 5* c3 S# u+ i U' P; x
net.ipv4.neigh.pan0.gc_stale_time = 607 w# P U" R, I- j, `
net.ipv4.neigh.pan0.unres_qlen = 3; P3 ^; x3 O! B0 F
net.ipv4.neigh.pan0.proxy_qlen = 64* P K F2 m1 q" [ H: j/ A. _
net.ipv4.neigh.pan0.anycast_delay = 99
: T8 y/ ~9 ]% x5 S: V. R0 G1 enet.ipv4.neigh.pan0.proxy_delay = 79
% l& S( ]9 g1 q% j _net.ipv4.neigh.pan0.locktime = 99 C& D6 b* u0 e) A1 \3 c' @% D
net.ipv4.neigh.pan0.retrans_time_ms = 1000: C/ a8 P; {8 U8 i& J0 V+ G B; ]
net.ipv4.neigh.pan0.base_reachable_time_ms = 30000
2 p; R1 O4 @8 G1 G @net.ipv4.tcp_timestamps = 1
5 ?+ @4 w3 W7 \; _0 O$ snet.ipv4.tcp_window_scaling = 1
A- F5 H7 a9 i, Z# U5 ?9 pnet.ipv4.tcp_sack = 1. r* d3 }6 \% ^, g3 F
net.ipv4.tcp_retrans_collapse = 1
7 h+ G c# A3 d C5 ~net.ipv4.ip_default_ttl = 64
@% {) Q& I, Pnet.ipv4.ip_no_pmtu_disc = 0 \9 a4 N7 p& l
net.ipv4.ip_nonlocal_bind = 02 e# S& W% y0 r1 B
net.ipv4.tcp_syn_retries = 5) V# g7 r; U7 o1 }( P
net.ipv4.tcp_synack_retries = 56 l: I, F: O7 Y1 H6 N" @
net.ipv4.tcp_max_orphans = 262144* ^/ z1 x4 |) k. A( K5 |* f
# a' V! j6 O( b8 c% A$ c, F 7 b) u ~8 s. K# a: F
" ?7 f( N* }( Y, e7 V2 a#【nginx】这个参数表示操作系统允许TIME_WAIT套接字数量的最大值,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。该参数默认为180 000,过多的TIME_WAIT套接字会使Web服务器变慢。wd=10000
4 j6 G# T, U5 e2 e' unet.ipv4.tcp_max_tw_buckets = 262144
1 \, P% j8 [) Y9 O! s6 Q" V
! D, Y/ _4 [& q' q2 F5 ynet.ipv4.ip_dynaddr = 0
- l/ ~0 q1 s* X1 V
1 U8 W( g3 A: Z7 W7 o#【nginx】这个参数表示当keepalive启用时,TCP发送keepalive消息的频度。默认是2小时,若将其设置得小一些,可以更快地清理无效的连接。单位:秒 默认值:2小时。wd=300
4 {3 ]" r/ }0 X/ x- U# }net.ipv4.tcp_keepalive_time = 7200
( K# Y+ o8 B: _! F- i7 H
# A1 b# T$ Q5 c( s1 D) e& Z! {net.ipv4.tcp_keepalive_probes = 9
6 H2 M9 e7 I3 `1 q4 `, ~% `+ rnet.ipv4.tcp_keepalive_intvl = 756 k" R* G7 P$ H, E! d+ J% H
net.ipv4.tcp_retries1 = 36 [( R t* q m4 g+ B6 q
net.ipv4.tcp_retries2 = 15
1 _1 g( h5 y2 B# U
: a7 _: q8 Y5 U" {; H, Q" X#【nginx】这个参数表示当服务器主动关闭连接时,socket保持在FIN-WAIT-2状态的最大时间,单位:秒 wd=30
5 q/ x) ]1 Y ~$ k#参考:tcp参数详解之tcp_fin_timeout/ j) K" J f: t
net.ipv4.tcp_fin_timeout = 60
4 z& Q! C3 F4 n' p( c& ]) ^# [! E2 k$ S, w, E
#【nginx】参数与性能无关,用于解决TCP的SYN攻击。 wd= 1
' ^+ I7 h& `2 M' b4 V0 B3 Inet.ipv4.tcp_syncookies = 1# y1 q0 t4 P: w7 v/ b
, `# U7 x u9 dnet.ipv4.tcp_tw_recycle = 0
$ ~) J$ j' {. S. Znet.ipv4.tcp_abort_on_overflow = 06 k8 g: ]/ M( r
net.ipv4.tcp_stdurg = 0# E/ |( e: h' L: q# a
net.ipv4.tcp_rfc1337 = 0
8 Z2 l! {5 z; p+ K- O
) n/ G c7 Z5 T. L#【nginx】这个参数表示TCP三次握手建立阶段接收SYN请求队列的最大长度,默认为1024,将其设置得大一些可以使出现Nginx繁忙来不及accept新连接的情况时,Linux不至于丢失客户端发起的连接请求,wd=20485 Q; x" R. P2 |4 Q: s1 k4 J H% {4 B
net.ipv4.tcp_max_syn_backlog = 2048' H3 [: P3 Q5 X; r
3 V$ n( R! N/ L# K# ]/ S
( l6 C1 ^; w0 q8 x4 A0 N1 g, S
4 Q5 |# g$ a" F' _2 X- X4 ?#【nginx】这个参数定义了在UDP和TCP连接中本地(不包括连接的远端)端口的取值范围。wd = 10240 65535
9 X5 q- A( z3 ?net.ipv4.ip_local_port_range = 32768 61000
% W1 w3 ^: ~6 X8 M+ n3 c4 _5 u( M6 @/ J3 I8 |0 b8 y
net.ipv4.ip_local_reserved_ports =1 L/ r8 g& Z0 x# e
net.ipv4.igmp_max_memberships = 20
6 r! p9 k2 K$ n3 |8 `" o5 C1 W4 Fnet.ipv4.igmp_max_msf = 10
: g, X( u* Q9 X5 K* h& }2 Unet.ipv4.inet_peer_threshold = 65664$ I! i& k, s, O8 z: q
net.ipv4.inet_peer_minttl = 120
' V. t9 e' r0 b" a% w Tnet.ipv4.inet_peer_maxttl = 6004 b6 m1 w8 y) h0 |3 G3 y+ b
net.ipv4.inet_peer_gc_mintime = 10
+ L$ M3 ?( V* c% dnet.ipv4.inet_peer_gc_maxtime = 120
4 M& z! ^& |0 p, U/ Inet.ipv4.tcp_orphan_retries = 04 w' L( q' a# H6 ?
net.ipv4.tcp_fack = 1. s) b* J1 c% L) ^5 m9 ?
net.ipv4.tcp_reordering = 38 S) Z% A R, L$ Q f" Y
net.ipv4.tcp_ecn = 2
4 N" ~, S6 W7 @. knet.ipv4.tcp_dsack = 1( i& L1 P# f# J, N$ Z) e
net.ipv4.tcp_mem = 364224 485632 728448
# ~0 G! y* x* s) {" P% \' k9 w7 k; N0 H' F
#【nginx】这个参数定义了TCP发送缓存(用于TCP发送滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304
1 N0 ]% W6 a; mnet.ipv4.tcp_wmem = 4096 16384 41943047 }$ W; G7 a1 n
, C9 q+ M4 B: N/ x$ v#【nginx】这个参数定义了TCP接收缓存(用于TCP接收滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304
6 W+ n4 F4 p* F5 gnet.ipv4.tcp_rmem = 4096 87380 4194304/ P; G- P y) q& {
$ o' N! H8 X/ Q5 M. ?7 q6 u( n" _net.ipv4.tcp_app_win = 31
4 g1 f& v, `+ y; V8 O& I8 ynet.ipv4.tcp_adv_win_scale = 2
S1 J2 N& v+ F- e5 k; Q" b* }1 N2 `6 }: V
#【nginx】tw是time wait的简称,表示允许将time-wait状态的socket重新用于新的tcp连接,这对于服务器来说很有意义,因为服务器上总会有大量的time-wait状态的连接。wd=19 y$ j* I+ ]+ T$ I
net.ipv4.tcp_tw_reuse = 0. j; P9 T5 b7 z- I$ [+ b
1 w7 o* i1 ~# O) F3 ynet.ipv4.tcp_frto = 2
' I$ W' k, E" B7 G8 h5 nnet.ipv4.tcp_frto_response = 0
5 h, h4 @$ o" L& y: p" [0 r# R' N5 @/ knet.ipv4.tcp_low_latency = 0, x2 v4 V% Q7 v1 g8 i+ z
net.ipv4.tcp_no_metrics_save = 0
+ _' ]/ E/ D9 M3 s1 H9 ] Unet.ipv4.tcp_moderate_rcvbuf = 1# Y v8 p/ u; L- X7 s, i
net.ipv4.tcp_tso_win_divisor = 3' u+ X2 q2 z' W" c% T5 e# C
net.ipv4.tcp_congestion_control = cubic
$ n$ U4 g) T7 Y6 d1 u i; g# Snet.ipv4.tcp_abc = 0: z( Q7 y( F; i# t
net.ipv4.tcp_mtu_probing = 0
: ~7 R U1 j. x: H9 Bnet.ipv4.tcp_base_mss = 512, y! }8 o0 F4 N
net.ipv4.tcp_workaround_signed_windows = 0
& }( h/ p6 B4 b. A- ? mnet.ipv4.tcp_challenge_ack_limit = 1008 i8 y! _- ^5 u1 B/ ~. f9 J7 D
net.ipv4.tcp_limit_output_bytes = 131072
9 z( ]4 ~. a b# ?. U( }net.ipv4.tcp_dma_copybreak = 4096; b. R4 d k, M, s2 C: ]# b
net.ipv4.tcp_slow_start_after_idle = 1
! j4 Y7 L! M/ R* c4 U% Lnet.ipv4.cipso_cache_enable = 1
' W0 N+ S( J7 f2 Pnet.ipv4.cipso_cache_bucket_size = 10
P" y' B+ Y8 A+ l( F$ Q+ @& _% [net.ipv4.cipso_rbm_optfmt = 04 j) [0 b3 q G; A2 N( N7 |
net.ipv4.cipso_rbm_strictvalid = 1
3 s" e+ I/ k: n0 C+ xnet.ipv4.tcp_available_congestion_control = cubic reno
/ j$ V4 r R# l2 P- L1 m: Mnet.ipv4.tcp_allowed_congestion_control = cubic reno
6 P1 [+ Y3 d$ g& ^net.ipv4.tcp_max_ssthresh = 0
6 g4 u: x' ^! Onet.ipv4.tcp_thin_linear_timeouts = 0
% o. M+ t7 I" i' d- p! Z0 R( Q& e5 nnet.ipv4.tcp_thin_dupack = 0
, G! Y" j, t8 {8 }- vnet.ipv4.tcp_min_tso_segs = 29 Y" j' K7 U0 g" \+ F! D
net.ipv4.udp_mem = 364224 485632 728448
6 D5 F% R* U+ i/ E" wnet.ipv4.udp_rmem_min = 4096
) Z0 Z( |- }6 A0 anet.ipv4.udp_wmem_min = 40968 J* }5 b/ ?1 }8 @6 Y5 H/ d1 M
net.ipv4.conf.all.forwarding = 0
8 C# ?1 b. ~/ ?) {5 M+ _6 v) Mnet.ipv4.conf.all.mc_forwarding = 0' M0 N5 ^# [1 q, A/ _
net.ipv4.conf.all.accept_redirects = 11 q( H1 g h2 c# T$ Y) v$ u: }
net.ipv4.conf.all.secure_redirects = 1
! V$ K. B' V' W4 {5 C( Cnet.ipv4.conf.all.shared_media = 10 a4 P$ R+ R6 g+ F
net.ipv4.conf.all.rp_filter = 0
& j) Q% x* S3 Y% M# Qnet.ipv4.conf.all.send_redirects = 1' V% n; o% ?# l7 N
net.ipv4.conf.all.accept_source_route = 0, E5 K" f+ V5 B4 Q% e i; h
net.ipv4.conf.all.src_valid_mark = 0
5 T: x. M# c4 _4 v3 r! M* i2 t( d! anet.ipv4.conf.all.proxy_arp = 0
4 K A9 s6 a( X! anet.ipv4.conf.all.medium_id = 0
0 O F9 P) f( q& g3 Fnet.ipv4.conf.all.bootp_relay = 0, K" D( `* M: S: G; R5 x# t
net.ipv4.conf.all.log_martians = 0
+ C' Z8 p6 j; T$ y* enet.ipv4.conf.all.tag = 0
$ |0 w+ M; D3 M- ^. Qnet.ipv4.conf.all.arp_filter = 0
" O" l3 ^5 i4 |) q0 s. dnet.ipv4.conf.all.arp_announce = 0
/ o8 q) N% g. k. y) dnet.ipv4.conf.all.arp_ignore = 0; i% r% M, g' X1 h
net.ipv4.conf.all.arp_accept = 0
: N3 f4 @7 F' h+ i+ [2 Z1 J- @1 ^0 l( Tnet.ipv4.conf.all.arp_notify = 0" A* O: w/ F$ f% v) c C, B) d
net.ipv4.conf.all.proxy_arp_pvlan = 0
6 ]' Y9 C! R# S. @ inet.ipv4.conf.all.disable_xfrm = 0. }. w% y0 o3 M" \0 z
net.ipv4.conf.all.disable_policy = 0" W _ Y/ A2 U' h/ n2 {
net.ipv4.conf.all.force_igmp_version = 0/ t/ n1 w( F9 `/ p0 s
net.ipv4.conf.all.promote_secondaries = 0% n* ]; O7 v4 C M
net.ipv4.conf.all.accept_local = 07 P K- ~ g: X4 _9 B
net.ipv4.conf.all.route_localnet = 0
: P% f( O+ w1 Bnet.ipv4.conf.default.forwarding = 04 u- C( j1 D3 @! k* T0 [
net.ipv4.conf.default.mc_forwarding = 0( V6 F- E5 E# X# E! W/ s# q
net.ipv4.conf.default.accept_redirects = 1( n" `# @3 y' J& j+ O& ?
net.ipv4.conf.default.secure_redirects = 1
9 g( J$ @3 M& |2 r1 f- mnet.ipv4.conf.default.shared_media = 1
1 k! N( z5 q9 x, H+ b0 Y# T3 j7 jnet.ipv4.conf.default.rp_filter = 1
1 m! R% D# @0 A3 U2 S7 h! E. Cnet.ipv4.conf.default.send_redirects = 1" | f5 e, P; o4 T' e3 F: a" i- i
net.ipv4.conf.default.accept_source_route = 0
, @' s( X0 O/ bnet.ipv4.conf.default.src_valid_mark = 0* Z# N" o* ^# H& J6 f1 f8 M
net.ipv4.conf.default.proxy_arp = 0, a6 _, o3 p9 H2 Y
net.ipv4.conf.default.medium_id = 0% e/ s S" z# G* x7 L0 I
net.ipv4.conf.default.bootp_relay = 0
3 F' ?; B: [- Q6 Xnet.ipv4.conf.default.log_martians = 0
$ q/ K; u, |7 _) i: A: Inet.ipv4.conf.default.tag = 0
0 q* g5 T) F9 n9 o* y% Xnet.ipv4.conf.default.arp_filter = 0
+ ^% ]2 @5 C2 H ?3 e- Q( Lnet.ipv4.conf.default.arp_announce = 0
( v+ P0 k6 ]& C# i Znet.ipv4.conf.default.arp_ignore = 0
% P% h" X- @. I/ d8 b* s9 Z; rnet.ipv4.conf.default.arp_accept = 0
4 z8 Z+ D @& m9 g% gnet.ipv4.conf.default.arp_notify = 0
. D* z9 A- }7 [& tnet.ipv4.conf.default.proxy_arp_pvlan = 0/ V# C3 R7 B# L0 r' s O
net.ipv4.conf.default.disable_xfrm = 0
$ @ c% C/ l9 |8 {. ]0 ]net.ipv4.conf.default.disable_policy = 0
% ?2 r. ]9 {/ n4 fnet.ipv4.conf.default.force_igmp_version = 0. V: U; \3 n' c0 S8 D" E, \
net.ipv4.conf.default.promote_secondaries = 03 w* w+ P, s1 P9 M" p
net.ipv4.conf.default.accept_local = 0
. a9 k3 h5 H% |" H+ jnet.ipv4.conf.default.route_localnet = 0
3 [0 @ s0 e: P9 g3 q% y- e9 Fnet.ipv4.conf.lo.forwarding = 09 L+ X3 T2 }1 p9 W5 t0 v3 o
net.ipv4.conf.lo.mc_forwarding = 0$ A( O. t# Q. W
net.ipv4.conf.lo.accept_redirects = 1
7 r# z' T/ o* ?5 J7 v8 W7 {net.ipv4.conf.lo.secure_redirects = 1
0 Y# B) k# E, V: k; H& snet.ipv4.conf.lo.shared_media = 1
( b& i0 z/ K9 t4 V1 cnet.ipv4.conf.lo.rp_filter = 1
! s( ]8 d! K: ?! Z" C* Hnet.ipv4.conf.lo.send_redirects = 1% f- W9 i0 m0 X# O
net.ipv4.conf.lo.accept_source_route = 0
( w6 s- G# o) I( d/ ynet.ipv4.conf.lo.src_valid_mark = 07 G/ h1 S0 K; x- L
net.ipv4.conf.lo.proxy_arp = 0) j2 X V/ R1 m, a0 w
net.ipv4.conf.lo.medium_id = 0) ?/ p6 ^! [5 o6 `2 h- ?9 q3 Z
net.ipv4.conf.lo.bootp_relay = 0/ B6 k. }0 h: H2 n- S# |1 o
net.ipv4.conf.lo.log_martians = 08 m3 H$ Y9 B v( _9 P, t i
net.ipv4.conf.lo.tag = 0
; b1 ^- w" k! k# T" x' fnet.ipv4.conf.lo.arp_filter = 0# l9 z: c5 ]; [0 c
net.ipv4.conf.lo.arp_announce = 0
% m0 R! z! F" b9 vnet.ipv4.conf.lo.arp_ignore = 0. q/ j: ~9 {& R* h) h8 B
net.ipv4.conf.lo.arp_accept = 0( d0 h# p! H6 M0 q* J, u0 k
net.ipv4.conf.lo.arp_notify = 0
; w/ G. _* ~+ h1 f" W, _- anet.ipv4.conf.lo.proxy_arp_pvlan = 06 N; M8 q" s% n$ @4 | a: W
net.ipv4.conf.lo.disable_xfrm = 1
2 K3 l0 L! F$ Q) c. rnet.ipv4.conf.lo.disable_policy = 18 ]; b' b; A1 \% M" x
net.ipv4.conf.lo.force_igmp_version = 0
3 `$ n% T4 ~9 {- W W- L9 F7 wnet.ipv4.conf.lo.promote_secondaries = 01 |) x9 h7 }: S l4 Q4 W
net.ipv4.conf.lo.accept_local = 0& i. ]# C! ^* c( Z+ ?) U. f
net.ipv4.conf.lo.route_localnet = 0
8 R6 y+ k* @7 H3 u- knet.ipv4.conf.eth0.forwarding = 0
6 h+ x0 Y. }' X4 \- {1 I+ ]8 hnet.ipv4.conf.eth0.mc_forwarding = 00 r, w2 a. G, p# T* [/ ], `
net.ipv4.conf.eth0.accept_redirects = 1* K! D7 g. o* |$ O" A- v
net.ipv4.conf.eth0.secure_redirects = 1
$ m2 t. l o Y2 Xnet.ipv4.conf.eth0.shared_media = 1
3 K- ]( A$ H7 ?7 q7 d Lnet.ipv4.conf.eth0.rp_filter = 1
; S1 t: X9 o* r: Snet.ipv4.conf.eth0.send_redirects = 18 {! o: ~' i0 K7 W5 l8 Z/ b
net.ipv4.conf.eth0.accept_source_route = 02 X; q, Y/ A+ K9 ^. n8 {: L% A
net.ipv4.conf.eth0.src_valid_mark = 0, C8 D$ u7 v2 U' \. A; {# i4 x
net.ipv4.conf.eth0.proxy_arp = 08 _' P0 x& i+ c7 @
net.ipv4.conf.eth0.medium_id = 0; Q. n6 o' d9 S' L8 `8 N
net.ipv4.conf.eth0.bootp_relay = 07 b' O# r; ]7 W2 i
net.ipv4.conf.eth0.log_martians = 0
p- S3 z( {2 X" d/ U. \net.ipv4.conf.eth0.tag = 00 l* o" p& ?* ^7 C7 e$ s% B+ j" u' W
net.ipv4.conf.eth0.arp_filter = 0
9 o# O$ j1 A5 y2 M. W! ynet.ipv4.conf.eth0.arp_announce = 01 ^9 \. P1 ^! F2 l9 A1 Q3 Y" X1 |. |9 U
net.ipv4.conf.eth0.arp_ignore = 07 w7 z A, J0 V& y9 g* Z8 ?) N3 |
net.ipv4.conf.eth0.arp_accept = 0
! j5 h) D7 J. q* v+ xnet.ipv4.conf.eth0.arp_notify = 0
3 x j% l9 r# o" F6 onet.ipv4.conf.eth0.proxy_arp_pvlan = 0
4 r0 `1 q$ W N3 _net.ipv4.conf.eth0.disable_xfrm = 0
+ K; n# l) i+ v3 H9 c' p& `1 K. l% Knet.ipv4.conf.eth0.disable_policy = 0
5 C' S% c1 O b( v& Q0 N# cnet.ipv4.conf.eth0.force_igmp_version = 0
8 Y& g# F0 u1 inet.ipv4.conf.eth0.promote_secondaries = 0
# ?7 u7 x% _2 Inet.ipv4.conf.eth0.accept_local = 0
5 S. C5 O$ E. N9 O2 W: K1 p4 d- Cnet.ipv4.conf.eth0.route_localnet = 09 E$ B. H; g* a, E
net.ipv4.conf.pan0.forwarding = 0( v0 l9 G! `3 P5 Q9 x% ]4 p
net.ipv4.conf.pan0.mc_forwarding = 0( R. f" U) S. {7 J
net.ipv4.conf.pan0.accept_redirects = 1+ W9 N. W: B- [# M. t
net.ipv4.conf.pan0.secure_redirects = 1
2 Z: e$ [2 G* _8 K; E% v3 Mnet.ipv4.conf.pan0.shared_media = 1
# Q# j, N5 M9 x. g* Q, k" Vnet.ipv4.conf.pan0.rp_filter = 13 {4 m3 x7 p- q: K8 A- q
net.ipv4.conf.pan0.send_redirects = 1
# D/ p: i: L4 L. c- M; pnet.ipv4.conf.pan0.accept_source_route = 0
( P! j1 d% V; g+ xnet.ipv4.conf.pan0.src_valid_mark = 0
) q( D7 N9 R3 S: h wnet.ipv4.conf.pan0.proxy_arp = 03 j) F2 Q7 u/ u3 \5 i) V& Q/ U
net.ipv4.conf.pan0.medium_id = 0
8 L8 ^( Q3 J G* _( f: tnet.ipv4.conf.pan0.bootp_relay = 00 y. @+ I! C% _; q7 W; y6 q% t+ V) N; @
net.ipv4.conf.pan0.log_martians = 0
, x0 j [3 _/ Wnet.ipv4.conf.pan0.tag = 0
* C. c. O& q6 t. w# C4 `- Znet.ipv4.conf.pan0.arp_filter = 02 M: S: k0 n! q4 P* V9 h( H
net.ipv4.conf.pan0.arp_announce = 0
7 N! e8 s! y4 ^( ^net.ipv4.conf.pan0.arp_ignore = 0. m: R( }; D" I: F# ~2 m' v
net.ipv4.conf.pan0.arp_accept = 0& d- J) d" A: G. T6 @, A5 S
net.ipv4.conf.pan0.arp_notify = 0+ [( d0 f9 c# R" _: g' r9 I
net.ipv4.conf.pan0.proxy_arp_pvlan = 0
) O$ s" K/ |% m7 Dnet.ipv4.conf.pan0.disable_xfrm = 0
1 S: F. V r% i ], |9 w: `, ?2 nnet.ipv4.conf.pan0.disable_policy = 0
8 p% o% c, p; }& \$ Y( }0 wnet.ipv4.conf.pan0.force_igmp_version = 0! W7 R2 }0 z2 l" Z* n2 a) s" ?2 c
net.ipv4.conf.pan0.promote_secondaries = 01 y: H* d& @" m% Y, i
net.ipv4.conf.pan0.accept_local = 0
+ L: e- e. G' @1 m/ {1 N) Ynet.ipv4.conf.pan0.route_localnet = 0
# L; ~' [( D- _. [7 A/ c! p. U7 N. W. F$ A9 O
#是否开启ip转发功能,设置为路由服务器,必需开启此项
/ \8 V7 G: ^4 O% f: X- t; s1 |( w( Qnet.ipv4.ip_forward = 0
9 B- U0 i# n( c8 h7 X& lnet.ipv4.xfrm4_gc_thresh = 1048576+ N1 s% V- y9 o( n9 ?% [
net.ipv4.ipfrag_high_thresh = 4194304
) z* ]7 u, {1 V" Jnet.ipv4.ipfrag_low_thresh = 31457287 r( O. z6 e! d0 Y# a5 }" m
net.ipv4.ipfrag_time = 30
5 d; Y* Q2 h3 P ~ Qnet.ipv4.icmp_echo_ignore_all = 0( ]! ]# t( y3 A$ u& l9 `
net.ipv4.icmp_echo_ignore_broadcasts = 1# J: _4 H- `) f4 p3 D; R' r2 @
net.ipv4.icmp_ignore_bogus_error_responses = 1
% P7 w0 e3 y! p% \' znet.ipv4.icmp_errors_use_inbound_ifaddr = 0; K1 X8 B1 w' X% Y( c+ r$ y5 Z- W! B8 w
net.ipv4.icmp_ratelimit = 1000
A$ N* v' w* Dnet.ipv4.icmp_ratemask = 6168: S$ h) y# O) w
net.ipv4.rt_cache_rebuild_count = 42 w8 p: n" x' S8 Z; I8 u% i, a
net.ipv4.ping_group_range = 1 0
, r- y% T" d, T7 dnet.ipv4.ipfrag_secret_interval = 600 U2 G! T( k/ t6 ^
net.ipv4.ipfrag_max_dist = 64' W7 E- `! ?& E- a
net.ipv6.neigh.default.mcast_solicit = 3$ F( }5 e- p; C- C3 L, s- _
net.ipv6.neigh.default.ucast_solicit = 3
1 w3 [' [( D2 F- q! f; N8 Snet.ipv6.neigh.default.app_solicit = 0
0 a+ p* M& O4 Q5 U9 Vnet.ipv6.neigh.default.delay_first_probe_time = 5
1 j. C% J* W/ \: ~: [net.ipv6.neigh.default.gc_stale_time = 60
1 v* h) f8 H- @2 H# ?net.ipv6.neigh.default.unres_qlen = 3
" i7 C( [ [9 v5 B+ ~net.ipv6.neigh.default.proxy_qlen = 64) F' [ L; Q/ k2 W
net.ipv6.neigh.default.anycast_delay = 993 `. a* z$ A; n4 p2 c% E
net.ipv6.neigh.default.proxy_delay = 79! W+ q `. z0 o' v$ C
net.ipv6.neigh.default.locktime = 0 y& G5 S) `) i$ U9 d
net.ipv6.neigh.default.retrans_time_ms = 1000: Q' ~. v6 z+ P$ W
net.ipv6.neigh.default.base_reachable_time_ms = 300006 D$ M4 J, ~: `8 o" O5 W' M+ F" O" o
net.ipv6.neigh.default.gc_interval = 30
$ H! K7 e4 |& I0 {) |net.ipv6.neigh.default.gc_thresh1 = 128# S$ N) l, G" k' x
net.ipv6.neigh.default.gc_thresh2 = 5124 a" Y& W r- }5 q* c
net.ipv6.neigh.default.gc_thresh3 = 1024
6 |- m3 [2 I0 ~' Unet.ipv6.neigh.lo.mcast_solicit = 3
# k7 E: A9 ~" r1 ?2 [. `- {net.ipv6.neigh.lo.ucast_solicit = 3- o5 N2 E9 j: ?
net.ipv6.neigh.lo.app_solicit = 0( L& ~2 H2 a% Q3 G z! o* ]2 \
net.ipv6.neigh.lo.delay_first_probe_time = 5% x2 I/ L; I# N* x6 L2 i _
net.ipv6.neigh.lo.gc_stale_time = 60% x1 b- h+ t+ q6 d3 O4 V
net.ipv6.neigh.lo.unres_qlen = 3
# v. @6 X: o! E3 Gnet.ipv6.neigh.lo.proxy_qlen = 64
" |3 C, ]% l! L" n: s% Unet.ipv6.neigh.lo.anycast_delay = 99
, ^; b% P% C; Unet.ipv6.neigh.lo.proxy_delay = 79
5 u) S/ \. \ F! b1 G' bnet.ipv6.neigh.lo.locktime = 02 W+ M K: ^" K% K7 N: q* @! k
net.ipv6.neigh.lo.retrans_time_ms = 1000
. l5 ~8 s" O: onet.ipv6.neigh.lo.base_reachable_time_ms = 30000
7 t9 O. d1 q/ a: L' ?' w- q2 V: C( dnet.ipv6.neigh.eth0.mcast_solicit = 3
3 X, ^! W4 h( L! ~' B7 [- @ h& Rnet.ipv6.neigh.eth0.ucast_solicit = 33 m+ c# o$ ?2 h" x w; Y t
net.ipv6.neigh.eth0.app_solicit = 09 U8 }, d1 y- r& f
net.ipv6.neigh.eth0.delay_first_probe_time = 5
. R. M1 j6 F; h8 F0 j( t" Ynet.ipv6.neigh.eth0.gc_stale_time = 609 u7 u3 B* l9 n" K( n1 \1 g
net.ipv6.neigh.eth0.unres_qlen = 34 p; b& N. W+ L+ q0 v* g3 a! w
net.ipv6.neigh.eth0.proxy_qlen = 64& l8 [9 ?3 h P' B
net.ipv6.neigh.eth0.anycast_delay = 99
5 \5 Q; g6 Z7 P& u/ R7 Dnet.ipv6.neigh.eth0.proxy_delay = 79
) |" ]) @- H- M% Hnet.ipv6.neigh.eth0.locktime = 0% N$ L9 A- @ a
net.ipv6.neigh.eth0.retrans_time_ms = 1000) f; y% v% k- a; O/ q) N
net.ipv6.neigh.eth0.base_reachable_time_ms = 30000
$ t) Z1 @& o1 Rnet.ipv6.neigh.pan0.mcast_solicit = 34 S* m% q$ B3 C# e
net.ipv6.neigh.pan0.ucast_solicit = 33 j, `2 F- |) m0 D( o, i
net.ipv6.neigh.pan0.app_solicit = 0 o. \9 [3 Q* y2 H b
net.ipv6.neigh.pan0.delay_first_probe_time = 5
6 E0 n9 {0 \! m5 |9 R% tnet.ipv6.neigh.pan0.gc_stale_time = 60/ |8 F3 u+ `$ T5 c
net.ipv6.neigh.pan0.unres_qlen = 36 F }7 l! \6 o" l/ g# E( }" j
net.ipv6.neigh.pan0.proxy_qlen = 643 A! A: }: [* q, v9 ?' x: Y6 b
net.ipv6.neigh.pan0.anycast_delay = 99' _+ S: o9 b5 H" _; t
net.ipv6.neigh.pan0.proxy_delay = 79( A. v0 i1 @! @ u
net.ipv6.neigh.pan0.locktime = 0+ C; V; [: x: y( y6 f+ ~( _7 S! w' G
net.ipv6.neigh.pan0.retrans_time_ms = 1000
2 |( C3 J2 X' b3 V* t5 Y7 x7 Snet.ipv6.neigh.pan0.base_reachable_time_ms = 30000
' d% b% K, g8 ~6 R: b) g- Y' @net.ipv6.xfrm6_gc_thresh = 2048
, j* _$ k% I# N3 snet.ipv6.conf.all.forwarding = 0
X; h" x3 S( A( ynet.ipv6.conf.all.hop_limit = 64
! T6 l3 j* n7 ^) vnet.ipv6.conf.all.mtu = 1280# b1 _, Y K1 a3 X$ X
net.ipv6.conf.all.accept_ra = 1
. `* o0 H$ _9 L! ~0 znet.ipv6.conf.all.accept_redirects = 1+ ?& o, p7 O, P9 D5 f7 X- G1 S- s
net.ipv6.conf.all.autoconf = 11 x# x F( b. C8 x9 G. A5 `4 S
net.ipv6.conf.all.dad_transmits = 17 v; x j& a) B2 c$ \! a
net.ipv6.conf.all.router_solicitations = 3* X8 Y0 Z/ ^9 @9 @/ ?1 ]' ^* `
net.ipv6.conf.all.router_solicitation_interval = 4
5 \( H1 @* b+ a) unet.ipv6.conf.all.router_solicitation_delay = 1
+ n$ Y. L" k5 t( |4 A& e+ U" t9 Anet.ipv6.conf.all.force_mld_version = 0" b! {( B+ ?0 O. L P) p
net.ipv6.conf.all.use_tempaddr = 02 A7 B! W* \" Y1 b- ]
net.ipv6.conf.all.temp_valid_lft = 604800
2 C2 E" r/ a: x) p# {! A: Inet.ipv6.conf.all.temp_prefered_lft = 86400
" ~7 \' ]' V, i" T" R0 mnet.ipv6.conf.all.regen_max_retry = 5$ M1 [1 G' G- \
net.ipv6.conf.all.max_desync_factor = 600
, a* R, l7 L, inet.ipv6.conf.all.max_addresses = 166 o6 k( e& u, \! `4 p, q
net.ipv6.conf.all.accept_ra_defrtr = 1% W+ X1 q0 n7 z- [& }
net.ipv6.conf.all.accept_ra_pinfo = 10 e ^, b. k- q; c
net.ipv6.conf.all.accept_ra_rtr_pref = 1% N1 T9 @% t6 {6 F! A6 d
net.ipv6.conf.all.router_probe_interval = 60
3 ? X+ x( j5 |net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0. r7 x& n6 y7 i! B
net.ipv6.conf.all.proxy_ndp = 0
$ I$ I2 M }$ R9 Qnet.ipv6.conf.all.accept_source_route = 0 b6 T2 D9 P" d" m" d7 g3 ?# I# b
net.ipv6.conf.all.optimistic_dad = 0& i6 o o3 g7 R9 X: S9 L* Y4 M' I7 e
net.ipv6.conf.all.mc_forwarding = 0 y( U y7 I/ _( V
net.ipv6.conf.all.disable_ipv6 = 0
5 c( c w* W6 F, ^net.ipv6.conf.all.accept_dad = 1
& ^, l1 w. R$ v: [' X9 F! tnet.ipv6.conf.default.forwarding = 0
; B$ w* ?& e5 dnet.ipv6.conf.default.hop_limit = 64; P; S% u+ ^5 E. y, A9 A
net.ipv6.conf.default.mtu = 1280
& J% F* E% C0 m& p" e0 a2 U9 N. |net.ipv6.conf.default.accept_ra = 19 u) d' j" R. J8 E) p- K, O
net.ipv6.conf.default.accept_redirects = 1
2 `, M- o- P( k8 D3 {% Nnet.ipv6.conf.default.autoconf = 1) g: S* A& G7 o% {& w7 o( b
net.ipv6.conf.default.dad_transmits = 1. u+ U* Z, J$ d; D1 |8 b& Y
net.ipv6.conf.default.router_solicitations = 34 F- W, _% ~# y, i1 l9 a4 O
net.ipv6.conf.default.router_solicitation_interval = 4
3 n$ _5 t0 d; |& y- ~net.ipv6.conf.default.router_solicitation_delay = 16 J& A; ~& g& r# ]
net.ipv6.conf.default.force_mld_version = 07 o$ z+ g, \/ G" \) Z5 F
net.ipv6.conf.default.use_tempaddr = 0: ?7 l* M( C" e8 b
net.ipv6.conf.default.temp_valid_lft = 604800& w2 O& q1 P) _
net.ipv6.conf.default.temp_prefered_lft = 86400
9 {" u8 m0 }- J* xnet.ipv6.conf.default.regen_max_retry = 5! ~' d o4 T& r+ c# h% X
net.ipv6.conf.default.max_desync_factor = 600
1 q4 v0 g6 |1 xnet.ipv6.conf.default.max_addresses = 16( A6 S9 w; _! q, L+ t' V# p# ^
net.ipv6.conf.default.accept_ra_defrtr = 1
, C8 ~! x% s* m% m, ^! mnet.ipv6.conf.default.accept_ra_pinfo = 1
k0 W% `$ C4 mnet.ipv6.conf.default.accept_ra_rtr_pref = 1' v7 e9 E% }5 c+ T( E. e/ t
net.ipv6.conf.default.router_probe_interval = 60
$ A1 t% i, E& X$ [ c% u" g9 m' W4 x9 Pnet.ipv6.conf.default.accept_ra_rt_info_max_plen = 08 i8 I b0 r2 {8 |. n% Q; v- u
net.ipv6.conf.default.proxy_ndp = 0
, I4 C% R9 g: y( jnet.ipv6.conf.default.accept_source_route = 0& u" A1 P& z+ s( q! L
net.ipv6.conf.default.optimistic_dad = 0
3 b5 w9 ^) v! Rnet.ipv6.conf.default.mc_forwarding = 07 G& C7 m7 F" o- d% a; K
net.ipv6.conf.default.disable_ipv6 = 01 t. A4 }4 T! b
net.ipv6.conf.default.accept_dad = 1# [" ~, w; ^: u& f
net.ipv6.conf.lo.forwarding = 0
8 R& ^# C( W- {! _3 f8 W" ]net.ipv6.conf.lo.hop_limit = 640 e4 `8 G$ h$ A2 ` K4 J
net.ipv6.conf.lo.mtu = 65536
/ Y: v# ?8 T2 @net.ipv6.conf.lo.accept_ra = 1
9 H7 |& P( i8 O4 Mnet.ipv6.conf.lo.accept_redirects = 1
8 f) k; W, B4 K+ }4 u$ m3 o0 qnet.ipv6.conf.lo.autoconf = 14 @+ z2 k& E1 _2 h: M" Q- h, ]( C; T
net.ipv6.conf.lo.dad_transmits = 16 x0 F i6 A& g/ Q& T2 E
net.ipv6.conf.lo.router_solicitations = 3
( Y, M& j3 C4 W; ^; F9 e ^net.ipv6.conf.lo.router_solicitation_interval = 4
' E/ s% E+ K2 c% a: lnet.ipv6.conf.lo.router_solicitation_delay = 1
3 B6 r4 Q4 ?' w/ O- tnet.ipv6.conf.lo.force_mld_version = 04 ]- C+ i/ k u9 L! a$ x% {
net.ipv6.conf.lo.use_tempaddr = -1
0 k8 `3 k6 z; q9 e+ o$ Onet.ipv6.conf.lo.temp_valid_lft = 6048008 |# Y5 [9 Q* x) _
net.ipv6.conf.lo.temp_prefered_lft = 86400
( ]0 a3 s3 w8 B6 Qnet.ipv6.conf.lo.regen_max_retry = 5
. X- C" e* I3 Z ?7 znet.ipv6.conf.lo.max_desync_factor = 6002 }* H& N* w3 k! ^3 L F
net.ipv6.conf.lo.max_addresses = 16
* ^ @ t; A% I* Onet.ipv6.conf.lo.accept_ra_defrtr = 13 |% G, X) F; }& z w5 D
net.ipv6.conf.lo.accept_ra_pinfo = 1
( G% c- \& A6 lnet.ipv6.conf.lo.accept_ra_rtr_pref = 1
1 w* s9 g2 Q, i% o" u9 u' Nnet.ipv6.conf.lo.router_probe_interval = 60
' y4 K0 s1 \5 t) y" Hnet.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0
/ b( N m. P: u+ d2 N. ?. Wnet.ipv6.conf.lo.proxy_ndp = 0; q) w' W0 {' L( i' U9 @. }3 X. h: Q* f
net.ipv6.conf.lo.accept_source_route = 0
3 v4 A/ d* Y1 {6 F! J/ u5 ?$ fnet.ipv6.conf.lo.optimistic_dad = 01 W( C& {2 Z) `! h
net.ipv6.conf.lo.mc_forwarding = 0, G8 ^( u- \7 |. t) d2 x
net.ipv6.conf.lo.disable_ipv6 = 0
- F! o& l: V. x V& Ynet.ipv6.conf.lo.accept_dad = -1
3 u4 y* W$ t* i Snet.ipv6.conf.eth0.forwarding = 0
1 }( b; E) w) f4 _net.ipv6.conf.eth0.hop_limit = 64
& k: e4 G( H4 f) |" Snet.ipv6.conf.eth0.mtu = 1500 s# @: R% i% ^% s. u* r
net.ipv6.conf.eth0.accept_ra = 1+ N/ t3 S" E/ `5 L) Y, M6 p
net.ipv6.conf.eth0.accept_redirects = 1
+ U/ h. u7 w. s5 Q- T- Qnet.ipv6.conf.eth0.autoconf = 1! P3 k3 S/ U4 p0 J; [* l
net.ipv6.conf.eth0.dad_transmits = 1
6 v4 ` \! _( O4 X0 H& \5 Gnet.ipv6.conf.eth0.router_solicitations = 3( G4 m/ p: ~# ]) o# N
net.ipv6.conf.eth0.router_solicitation_interval = 4
) O/ X9 z4 c8 q9 @net.ipv6.conf.eth0.router_solicitation_delay = 1' g# t! S# N& f/ N6 m1 a+ `' ?
net.ipv6.conf.eth0.force_mld_version = 0+ H& z; m$ |/ D. A' i) J8 e
net.ipv6.conf.eth0.use_tempaddr = 04 H5 s4 Z$ ]. c9 w* [
net.ipv6.conf.eth0.temp_valid_lft = 6048003 Y* D1 L3 |2 _1 D
net.ipv6.conf.eth0.temp_prefered_lft = 864004 @# y2 s% n% X0 f
net.ipv6.conf.eth0.regen_max_retry = 55 g9 `0 @5 {: S+ Q* O2 t, L
net.ipv6.conf.eth0.max_desync_factor = 6001 M5 b n5 Z8 h6 v- J
net.ipv6.conf.eth0.max_addresses = 16. B& U- l4 S7 F4 j& |7 X
net.ipv6.conf.eth0.accept_ra_defrtr = 1# b% G& o% y# w6 H$ d
net.ipv6.conf.eth0.accept_ra_pinfo = 11 t5 g* W! b+ a+ J# B9 M9 N
net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
6 j% y1 B" N9 U' j6 U3 gnet.ipv6.conf.eth0.router_probe_interval = 60
. Y3 K6 [+ n9 _$ a5 g( |, l8 H+ ]net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0
j, i, m; n) X+ [* ynet.ipv6.conf.eth0.proxy_ndp = 0( _. t) |% Q! m0 j5 V
net.ipv6.conf.eth0.accept_source_route = 0+ q* b( Q/ D0 i1 d" P% M
net.ipv6.conf.eth0.optimistic_dad = 0
( t( w) d5 l" u, y; n3 P$ @net.ipv6.conf.eth0.mc_forwarding = 0# S: P3 u, h4 ]+ V, J( W
net.ipv6.conf.eth0.disable_ipv6 = 0
3 x4 e$ v% q& A6 I4 w6 anet.ipv6.conf.eth0.accept_dad = 1
$ i3 l& c4 S$ L; Onet.ipv6.conf.pan0.forwarding = 0/ E( s1 O/ _" a- O# d+ x
net.ipv6.conf.pan0.hop_limit = 649 p( {' s: _# G) r o8 Q
net.ipv6.conf.pan0.mtu = 1500
& r; G/ R4 P8 b9 V8 `# Knet.ipv6.conf.pan0.accept_ra = 16 j$ x- u1 F. k
net.ipv6.conf.pan0.accept_redirects = 1: K: s7 `, h% K3 w
net.ipv6.conf.pan0.autoconf = 1
" |5 n( b% b4 X- O- s! M7 onet.ipv6.conf.pan0.dad_transmits = 1
8 F9 i$ B" t6 |! L, ]) ^net.ipv6.conf.pan0.router_solicitations = 35 F0 P1 S: `) R# E ~5 J0 _
net.ipv6.conf.pan0.router_solicitation_interval = 4& t8 `/ |; p) ~" z
net.ipv6.conf.pan0.router_solicitation_delay = 1& f( O$ W! v% ^4 e% Q3 w: r
net.ipv6.conf.pan0.force_mld_version = 0
) f1 Z: N& e) Y9 y# ]( O# T" onet.ipv6.conf.pan0.use_tempaddr = 0
9 L* B ?' r8 y0 G# e) x+ @5 jnet.ipv6.conf.pan0.temp_valid_lft = 604800
; P# k. n/ B0 a4 J5 V0 @net.ipv6.conf.pan0.temp_prefered_lft = 86400
+ b+ q# V: u+ H" K" pnet.ipv6.conf.pan0.regen_max_retry = 5
3 k% b8 m; ^1 ?net.ipv6.conf.pan0.max_desync_factor = 600% n% Y1 v; y! _5 n+ V3 V
net.ipv6.conf.pan0.max_addresses = 16' G& R9 C- l7 ], Y6 C1 E: t# h
net.ipv6.conf.pan0.accept_ra_defrtr = 1* _. @' E0 o( i9 m$ `( y8 S6 g4 B+ d& T
net.ipv6.conf.pan0.accept_ra_pinfo = 1- Y: z3 d7 ?2 L, x
net.ipv6.conf.pan0.accept_ra_rtr_pref = 1
5 H" o. g ~" @0 y ~net.ipv6.conf.pan0.router_probe_interval = 60* R) V3 F* b8 @, `4 F9 q
net.ipv6.conf.pan0.accept_ra_rt_info_max_plen = 0
. e' [3 C8 o& `0 ^2 A0 ]* H1 G. \4 ynet.ipv6.conf.pan0.proxy_ndp = 0
& R" R+ E4 D2 J/ K$ y' I* q: d8 mnet.ipv6.conf.pan0.accept_source_route = 0. \6 L/ [: b; m( F- Q* b
net.ipv6.conf.pan0.optimistic_dad = 0, q2 P( `' ]% e* f5 D
net.ipv6.conf.pan0.mc_forwarding = 0
A/ `. C. X' y# H+ @; Knet.ipv6.conf.pan0.disable_ipv6 = 0
; k/ }9 {7 p- Qnet.ipv6.conf.pan0.accept_dad = 19 K) ?4 ~4 S6 V
net.ipv6.ip6frag_high_thresh = 41943041 A. L X; K& q7 Z* d% D" U
net.ipv6.ip6frag_low_thresh = 3145728
7 ]: Y; m; R _' Q, N0 Bnet.ipv6.ip6frag_time = 600 }/ D% h2 F. {) J7 ^2 w
net.ipv6.route.gc_thresh = 1024& [# B: L; g% Z: S- F8 `' d
net.ipv6.route.max_size = 4096* t# U8 ]- o% _6 f
net.ipv6.route.gc_min_interval = 0+ A! C! {0 C, M6 W+ w1 A# Y- v
net.ipv6.route.gc_timeout = 60
8 `5 `2 K" C! n0 S* w; z* lnet.ipv6.route.gc_interval = 303 J2 D' l; h& ?; i0 s
net.ipv6.route.gc_elasticity = 06 w; ~( C" B/ V0 @! @" t
net.ipv6.route.mtu_expires = 600! s( [8 z9 l0 C& y
net.ipv6.route.min_adv_mss = 1 s& q+ m& V8 D/ T! {' w
net.ipv6.route.gc_min_interval_ms = 5000 v/ X* R3 \& m V H/ n
net.ipv6.icmp.ratelimit = 1000, d& p# J/ ]( `. y& f' ]. a+ _3 N
net.ipv6.bindv6only = 0
8 v5 Y B1 n! {9 {* g1 V1 S' anet.ipv6.nf_conntrack_frag6_timeout = 60
# g+ F4 _7 t- d/ R: \! mnet.ipv6.nf_conntrack_frag6_low_thresh = 3145728- S8 ?6 r& q1 y3 R \7 d9 Y
net.ipv6.nf_conntrack_frag6_high_thresh = 4194304
4 @) I9 h8 F7 o) |2 e0 k9 ^* o& I8 Jnet.ipv6.ip6frag_secret_interval = 600: v, F. f* }' m/ e8 W' X/ d
net.ipv6.mld_max_msf = 64
; u4 T+ h$ J, q! lnet.nf_conntrack_max = 65536- S9 ~9 Q; @. q' r" d4 v
net.bridge.bridge-nf-call-arptables = 1
' _5 j' O; d; b) c3 ?net.bridge.bridge-nf-call-iptables = 1
8 e% V; A8 ]! G8 h3 y+ dnet.bridge.bridge-nf-call-ip6tables = 1
" d$ j4 x- G- F# E) n |4 [- A) jnet.bridge.bridge-nf-filter-vlan-tagged = 0
+ U% O/ g# _7 U+ k# rnet.bridge.bridge-nf-filter-pppoe-tagged = 08 f$ s2 {; v0 o2 R+ f5 @' C& z! X
net.unix.max_dgram_qlen = 10
* _+ i$ }0 ~$ v1 sabi.vsyscall32 = 1. K* A# ~9 Z+ a/ G/ D
crypto.fips_enabled = 0 |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2022-7-16 07:25:10
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜