Changeset View
Changeset View
Standalone View
Standalone View
share/man/man4/inet.4
Show First 20 Lines • Show All 152 Lines • ▼ Show 20 Lines | |||||
The returned value is in | The returned value is in | ||||
.Ft struct ifreq . | .Ft struct ifreq . | ||||
This way of address information retrieval is obsoleted, a | This way of address information retrieval is obsoleted, a | ||||
preferred way is to use | preferred way is to use | ||||
.Xr getifaddrs 3 | .Xr getifaddrs 3 | ||||
API. | API. | ||||
.El | .El | ||||
.Ss MIB Variables | .Ss MIB Variables | ||||
A number of variables are implemented in the net.inet branch of the | In addition to the variables supported by the transport protocols in | ||||
.Va net.inet | |||||
(for which the respective manual pages may be consulted), | |||||
there are a number of general variables implemented in the | |||||
.Va net.inet.ip | |||||
branch of the | |||||
.Xr sysctl 3 | .Xr sysctl 3 | ||||
MIB. | MIB. | ||||
In addition to the variables supported by the transport protocols | The following general variabls are defined: | ||||
(for which the respective manual pages may be consulted), | .Bl -tag -width ".Va accept_sourceroute" | ||||
the following general variables are defined: | .It Va forwarding | ||||
.Bl -tag -width IPCTL_ACCEPTSOURCEROUTE | |||||
.It Dv IPCTL_FORWARDING | |||||
.Pq ip.forwarding | |||||
Boolean: enable/disable forwarding of IP packets. | Boolean: enable/disable forwarding of IP packets. | ||||
Defaults to off. | Defaults to off. | ||||
rpokala: I think this paragraph reads more clearly like this:
```
In addition to the variables supported… | |||||
Done Inline ActionsThanks, that is a definite improvement. karels: Thanks, that is a definite improvement. | |||||
Not Done Inline ActionsThanks! rpokala: Thanks! | |||||
.It Dv IPCTL_SENDREDIRECTS | .It Va redirect | ||||
.Pq ip.redirect | |||||
Boolean: enable/disable sending of ICMP redirects in response to | Boolean: enable/disable sending of ICMP redirects in response to | ||||
.Tn IP | .Tn IP | ||||
packets for which a better, and for the sender directly reachable, route | packets for which a better, and for the sender directly reachable, route | ||||
and next hop is known. | and next hop is known. | ||||
Defaults to on. | Defaults to on. | ||||
.It Dv IPCTL_DEFTTL | .It Va ttl | ||||
.Pq ip.ttl | |||||
Integer: default time-to-live | Integer: default time-to-live | ||||
.Pq Dq TTL | .Pq Dq TTL | ||||
to use for outgoing | to use for outgoing | ||||
.Tn IP | .Tn IP | ||||
packets. | packets. | ||||
.It Dv IPCTL_ACCEPTSOURCEROUTE | .It Va accept_sourceroute | ||||
.Pq ip.accept_sourceroute | |||||
Boolean: enable/disable accepting of source-routed IP packets (default false). | Boolean: enable/disable accepting of source-routed IP packets (default false). | ||||
.It Dv IPCTL_SOURCEROUTE | .It Va sourceroute | ||||
.Pq ip.sourceroute | |||||
Boolean: enable/disable forwarding of source-routed IP packets (default false). | Boolean: enable/disable forwarding of source-routed IP packets (default false). | ||||
.It Va ip.process_options | .It Va process_options | ||||
Integer: control IP options processing. | Integer: control IP options processing. | ||||
By setting this variable to 0, all IP options in the incoming packets | By setting this variable to 0, all IP options in the incoming packets | ||||
will be ignored, and the packets will be passed unmodified. | will be ignored, and the packets will be passed unmodified. | ||||
By setting to 1, IP options in the incoming packets will be processed | By setting to 1, IP options in the incoming packets will be processed | ||||
accordingly. | accordingly. | ||||
By setting to 2, an | By setting to 2, an | ||||
.Tn ICMP | .Tn ICMP | ||||
.Dq "prohibited by filter" | .Dq "prohibited by filter" | ||||
message will be sent back in response to incoming packets with IP options. | message will be sent back in response to incoming packets with IP options. | ||||
Default is 1. | Default is 1. | ||||
This | This | ||||
.Xr sysctl 8 | .Xr sysctl 8 | ||||
variable affects packets destined for a local host as well as packets | variable affects packets destined for a local host as well as packets | ||||
forwarded to some other host. | forwarded to some other host. | ||||
.It Va ip.rfc1122_strong_es | .It Va rfc1122_strong_es | ||||
Boolean: in non-forwarding mode | Boolean: in non-forwarding mode | ||||
.Pq ip.forwarding is disabled | .Pq forwarding is disabled | ||||
partially implement the Strong End System model per RFC1122. | partially implement the Strong End System model per RFC1122. | ||||
If a packet with destination address that is local arrives on a different | If a packet with destination address that is local arrives on a different | ||||
interface than the interface the address belongs to, the packet would be | interface than the interface the address belongs to, the packet would be | ||||
silently dropped. | silently dropped. | ||||
Enabling this option may break certain setups, e.g. having an alias address(es) | Enabling this option may break certain setups, e.g. having an alias address(es) | ||||
on loopback that are expected to be reachable by outside traffic. | on loopback that are expected to be reachable by outside traffic. | ||||
Enabling some other network features, e.g. | Enabling some other network features, e.g. | ||||
.Xr carp 4 | .Xr carp 4 | ||||
or destination address rewriting | or destination address rewriting | ||||
.Xr pfil 4 | .Xr pfil 4 | ||||
filters may override and bypass this check. | filters may override and bypass this check. | ||||
Disabled by default. | Disabled by default. | ||||
.It Va ip.source_address_validation | .It Va source_address_validation | ||||
Boolean: perform source address validation for packets destined for the local | Boolean: perform source address validation for packets destined for the local | ||||
host. | host. | ||||
Consider this as following Section 3.2 of RFC3704/BCP84, where we treat local | Consider this as following Section 3.2 of RFC3704/BCP84, where we treat local | ||||
host as our own infrastructure. | host as our own infrastructure. | ||||
This has no effect on packets to be forwarded, so don't consider it as | This has no effect on packets to be forwarded, so don't consider it as | ||||
anti-spoof feature for a router. | anti-spoof feature for a router. | ||||
Enabled by default. | Enabled by default. | ||||
.It Va ip.rfc6864 | .It Va rfc6864 | ||||
Boolean: control IP IDs generation behaviour. | Boolean: control IP IDs generation behaviour. | ||||
True value enables RFC6864 support, which specifies that IP ID field of | True value enables RFC6864 support, which specifies that IP ID field of | ||||
.Em atomic | .Em atomic | ||||
datagrams can be set to any value. | datagrams can be set to any value. | ||||
The | The | ||||
.Fx implementation sets it to zero. | .Fx implementation sets it to zero. | ||||
Enabled by default. | Enabled by default. | ||||
.It Va ip.random_id | .It Va random_id | ||||
Boolean: control IP IDs generation behaviour. | Boolean: control IP IDs generation behaviour. | ||||
Setting this | Setting this | ||||
.Xr sysctl 8 | .Xr sysctl 8 | ||||
to 1 causes the ID field in | to 1 causes the ID field in | ||||
.Em non-atomic | .Em non-atomic | ||||
IP datagrams (or all IP datagrams, if | IP datagrams (or all IP datagrams, if | ||||
.Va ip.rfc6864 | .Va rfc6864 | ||||
is disabled) to be randomized instead of incremented by 1 with each packet | is disabled) to be randomized instead of incremented by 1 with each packet | ||||
generated. | generated. | ||||
This closes a minor information leak which allows remote observers to | This closes a minor information leak which allows remote observers to | ||||
determine the rate of packet generation on the machine by watching the | determine the rate of packet generation on the machine by watching the | ||||
counter. | counter. | ||||
At the same time, on high-speed links, it can decrease the ID reuse | At the same time, on high-speed links, it can decrease the ID reuse | ||||
cycle greatly. | cycle greatly. | ||||
Default is 0 (sequential IP IDs). | Default is 0 (sequential IP IDs). | ||||
IPv6 flow IDs and fragment IDs are always random. | IPv6 flow IDs and fragment IDs are always random. | ||||
.It Va ip.maxfrags | .It Va maxfrags | ||||
Integer: maximum number of fragments the host will accept and simultaneously | Integer: maximum number of fragments the host will accept and simultaneously | ||||
hold across all reassembly queues in all VNETs. | hold across all reassembly queues in all VNETs. | ||||
If set to 0, reassembly is disabled. | If set to 0, reassembly is disabled. | ||||
If set to -1, this limit is not applied. | If set to -1, this limit is not applied. | ||||
This limit is recalculated when the number of mbuf clusters is changed. | This limit is recalculated when the number of mbuf clusters is changed. | ||||
This is a global limit. | This is a global limit. | ||||
.It Va ip.maxfragpackets | .It Va maxfragpackets | ||||
Integer: maximum number of fragmented packets the host will accept and | Integer: maximum number of fragmented packets the host will accept and | ||||
simultaneously hold in the reassembly queue for a particular VNET. | simultaneously hold in the reassembly queue for a particular VNET. | ||||
0 means that the host will not accept any fragmented packets for that VNET. | 0 means that the host will not accept any fragmented packets for that VNET. | ||||
\-1 means that the host will not apply this limit for that VNET. | \-1 means that the host will not apply this limit for that VNET. | ||||
This limit is recalculated when the number of mbuf clusters is changed. | This limit is recalculated when the number of mbuf clusters is changed. | ||||
This is a per-VNET limit. | This is a per-VNET limit. | ||||
.It Va ip.maxfragbucketsize | .It Va maxfragbucketsize | ||||
Integer: maximum number of reassembly queues per bucket. | Integer: maximum number of reassembly queues per bucket. | ||||
Fragmented packets are hashed to buckets. | Fragmented packets are hashed to buckets. | ||||
Each bucket has a list of reassembly queues. | Each bucket has a list of reassembly queues. | ||||
The system must compare the incoming packets to the existing reassembly queues | The system must compare the incoming packets to the existing reassembly queues | ||||
in the bucket to find a matching reassembly queue. | in the bucket to find a matching reassembly queue. | ||||
To preserve system resources, the system limits the number of reassembly | To preserve system resources, the system limits the number of reassembly | ||||
queues allowed in each bucket. | queues allowed in each bucket. | ||||
This limit is recalculated when the number of mbuf clusters is changed or | This limit is recalculated when the number of mbuf clusters is changed or | ||||
when the value of | when the value of | ||||
.Va ip.maxfragpackets | .Va maxfragpackets | ||||
changes. | changes. | ||||
This is a per-VNET limit. | This is a per-VNET limit. | ||||
.It Va ip.maxfragsperpacket | .It Va maxfragsperpacket | ||||
Integer: maximum number of fragments the host will accept and hold | Integer: maximum number of fragments the host will accept and hold | ||||
in the reassembly queue for a packet. | in the reassembly queue for a packet. | ||||
0 means that the host will not accept any fragmented packets for the VNET. | 0 means that the host will not accept any fragmented packets for the VNET. | ||||
This is a per-VNET limit. | This is a per-VNET limit. | ||||
.It Va ip.allow_net0 | .It Va allow_net0 | ||||
Boolean: allow experimental use of addresses in 0.0.0.0/8 as endpoints, | Boolean: allow experimental use of addresses in 0.0.0.0/8 as endpoints, | ||||
and allow forwarding of packets with these addresses. | and allow forwarding of packets with these addresses. | ||||
.It Va ip.allow_net240 | .It Va allow_net240 | ||||
Boolean: allow experimental use of addresses in 240.0.0.0/4 as endpoints, | Boolean: allow experimental use of addresses in 240.0.0.0/4 as endpoints, | ||||
and allow forwarding of packets with these addresses. | and allow forwarding of packets with these addresses. | ||||
.It Va ip.loopback_prefixlen | .It Va loopback_prefixlen | ||||
Integer: prefix length of the address space reserved for loopback purposes. | Integer: prefix length of the address space reserved for loopback purposes. | ||||
The default is 8, meaning that 127.0.0.0/8 is reserved for loopback, | The default is 8, meaning that 127.0.0.0/8 is reserved for loopback, | ||||
and cannot be sent, received, or forwarded on a non-loopback interface. | and cannot be sent, received, or forwarded on a non-loopback interface. | ||||
Use of other values is experimental. | Use of other values is experimental. | ||||
.El | .El | ||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
.Xr ioctl 2 , | .Xr ioctl 2 , | ||||
.Xr socket 2 , | .Xr socket 2 , | ||||
Show All 35 Lines |
I think this paragraph reads more clearly like this: