Difference between revisions of "Talk:Sysctl"

From ArchWiki
Jump to: navigation, search
m
m ('sysctl -p' does not work: Remove closed discussion.)
(19 intermediate revisions by 4 users not shown)
Line 7: Line 7:
  
 
:it's read only which might mean that it has to be changed while compiling the kernel, I'm not sure (it used to work), it is disabled by default anyway [[User:Thestinger|thestinger]] 16:39, 26 October 2010 (EDT)
 
:it's read only which might mean that it has to be changed while compiling the kernel, I'm not sure (it used to work), it is disabled by default anyway [[User:Thestinger|thestinger]] 16:39, 26 October 2010 (EDT)
 +
 +
== net.ipv4.tcp_rfc1337 ==
 +
 +
From [https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt kernel doc]:
 +
 +
{{bc|
 +
tcp_rfc1337 - BOOLEAN
 +
If set, the TCP stack behaves conforming to RFC1337. If unset,
 +
we are not conforming to RFC, but prevent TCP TIME_WAIT
 +
assassination.
 +
Default: 0
 +
}}
 +
 +
So, isn't {{ic|0}} the safe value? Our wiki says otherwise. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:56, 17 September 2013 (UTC)
 +
:With setting {{ic|0}} the system would 'assassinate' a socket in time_wait prematurely upon receiving a RST. While this might sound like a good idea (it frees up a socket quicker), it opens the door for tcp sequence problems/syn replay. Those problems were described in RFC1337 and enabling the setting {{ic|1}} is one way to deal with them (letting TIME_WAIT packets idle out even if a reset is received, so that the sequence number cannot be reused meanwhile). The wiki is correct in my view. Kernel doc is wrong here - "prevent" should read "enable".  --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 21:12, 17 September 2013 (UTC)

Revision as of 13:01, 11 November 2013

I can't imagine this being a very long article, but I do find it useful. I didn't have a clue what this command did until I came across it now. I recall it from my first time installing Arch, with regard to storing the volume levels in alsamixer. --Mustard 10:31, 22 October 2010 (EDT)

error: permission denied on key 'net.ipv4.conf.all.mc_forwarding'
error: permission denied on key 'net.ipv4.conf.default.mc_forwarding'

Are these not used any-more?

it's read only which might mean that it has to be changed while compiling the kernel, I'm not sure (it used to work), it is disabled by default anyway thestinger 16:39, 26 October 2010 (EDT)

net.ipv4.tcp_rfc1337

From kernel doc:

tcp_rfc1337 - BOOLEAN
	If set, the TCP stack behaves conforming to RFC1337. If unset,
	we are not conforming to RFC, but prevent TCP TIME_WAIT
	assassination.
	Default: 0

So, isn't 0 the safe value? Our wiki says otherwise. -- Lahwaacz (talk) 08:56, 17 September 2013 (UTC)

With setting 0 the system would 'assassinate' a socket in time_wait prematurely upon receiving a RST. While this might sound like a good idea (it frees up a socket quicker), it opens the door for tcp sequence problems/syn replay. Those problems were described in RFC1337 and enabling the setting 1 is one way to deal with them (letting TIME_WAIT packets idle out even if a reset is received, so that the sequence number cannot be reused meanwhile). The wiki is correct in my view. Kernel doc is wrong here - "prevent" should read "enable". --Indigo (talk) 21:12, 17 September 2013 (UTC)