Difference between revisions of "Talk:Sysctl"

From ArchWiki
Jump to: navigation, search
(sysctl -p does not work)
m ('sysctl -p' does not work: Remove closed discussion.)
(15 intermediate revisions by 3 users not shown)
Line 22: Line 22:
 
So, isn't {{ic|0}} the safe value? Our wiki says otherwise. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:56, 17 September 2013 (UTC)
 
So, isn't {{ic|0}} the safe value? Our wiki says otherwise. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:56, 17 September 2013 (UTC)
 
:With setting {{ic|0}} the system would 'assassinate' a socket in time_wait prematurely upon receiving a RST. While this might sound like a good idea (it frees up a socket quicker), it opens the door for tcp sequence problems/syn replay. Those problems were described in RFC1337 and enabling the setting {{ic|1}} is one way to deal with them (letting TIME_WAIT packets idle out even if a reset is received, so that the sequence number cannot be reused meanwhile). The wiki is correct in my view. Kernel doc is wrong here - "prevent" should read "enable".  --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 21:12, 17 September 2013 (UTC)
 
:With setting {{ic|0}} the system would 'assassinate' a socket in time_wait prematurely upon receiving a RST. While this might sound like a good idea (it frees up a socket quicker), it opens the door for tcp sequence problems/syn replay. Those problems were described in RFC1337 and enabling the setting {{ic|1}} is one way to deal with them (letting TIME_WAIT packets idle out even if a reset is received, so that the sequence number cannot be reused meanwhile). The wiki is correct in my view. Kernel doc is wrong here - "prevent" should read "enable".  --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 21:12, 17 September 2013 (UTC)
 
 
== 'sysctl -p' does not work ==
 
The tip about reloading the configuration with 'sysctl -p' does not work. Complains about missing file "/etc/sysctl.conf". Probably does not work after systemd not reading from /etc/sysctl.conf... [[User:Olivervbk|olivervbk]] 23:12, 17 September 2013 (UTC-0300)
 

Revision as of 13:01, 11 November 2013

I can't imagine this being a very long article, but I do find it useful. I didn't have a clue what this command did until I came across it now. I recall it from my first time installing Arch, with regard to storing the volume levels in alsamixer. --Mustard 10:31, 22 October 2010 (EDT)

error: permission denied on key 'net.ipv4.conf.all.mc_forwarding'
error: permission denied on key 'net.ipv4.conf.default.mc_forwarding'

Are these not used any-more?

it's read only which might mean that it has to be changed while compiling the kernel, I'm not sure (it used to work), it is disabled by default anyway thestinger 16:39, 26 October 2010 (EDT)

net.ipv4.tcp_rfc1337

From kernel doc:

tcp_rfc1337 - BOOLEAN
	If set, the TCP stack behaves conforming to RFC1337. If unset,
	we are not conforming to RFC, but prevent TCP TIME_WAIT
	assassination.
	Default: 0

So, isn't 0 the safe value? Our wiki says otherwise. -- Lahwaacz (talk) 08:56, 17 September 2013 (UTC)

With setting 0 the system would 'assassinate' a socket in time_wait prematurely upon receiving a RST. While this might sound like a good idea (it frees up a socket quicker), it opens the door for tcp sequence problems/syn replay. Those problems were described in RFC1337 and enabling the setting 1 is one way to deal with them (letting TIME_WAIT packets idle out even if a reset is received, so that the sequence number cannot be reused meanwhile). The wiki is correct in my view. Kernel doc is wrong here - "prevent" should read "enable". --Indigo (talk) 21:12, 17 September 2013 (UTC)