sys_attrs_inet(5)sys_attrs_inet(5)NAMEsys_attrs_inet - inet subsystem attributes
DESCRIPTION
This reference page lists and describes attributes for the Internet
(inet) kernel subsystem. Refer to the sys_attrs(5) reference page for
an introduction to the topic of kernel subsystem attributes.
The maximum amount of time that a route created by an ICMP redi‐
rect can exist before it is removed from the system's routing
tables. The default value of 0 means that entries will not be
removed from the routing table.
Default value: 0 (seconds)
Minimum value: 0
Maximum value: UINT_MAX, or 4 billion
A bit mask that designates the ICMP codes that the system should
reject. For example, to reject ICMP redirects, you would set the
mask bit position for the ICMP_REDIRECT code (5), which is 2^5
(32) in integer, or 0x20 in hexadecimal. Multiple masks can be
combined to reject more than one code. Code definitions can be
found in the /usr/sys/include/netinet/ip_icmp.h file. HP recom‐
mends setting icmp_rejectcodemask to ignore all ICMP Source
Quench packets.
Default value: 0 (bits)
Minimum value: 0
Maximum value: 131072, or 0x2000 in hexadecimal Mitigates ICMP
attacks against TCP by checking that the TCP sequence number
contained in the payload of the ICMP error message is within the
range of the data already sent but not yet acknowledged. An ICMP
error message that does not pass this check is discarded. This
behavior protects TCP against spoofed ICMP packets.
icmp_tcpseqcheck=1 (default)
Setting the value to icmp_tcpseqcheck=0 allows TCP to accept all
ICMP packets.
The number of hash buckets in the kernel interface alias table
(in_ifaddr). The value of the inifaddr_hsize attribute is
always rounded down to the nearest power of 2. The maximum
value is 512.
Default value: 32 (hash buckets)
Minimum value: 16
Maximum value: 512
The default Internet Protocol (IP) time-to-live value.
Default value: DEFTTL, or 64 (router hops)
Minimum value: 0
Maximum value: 255
A value that enables (1) or disables (0) a check to determine
whether an IP datagram whose destination address is a directed
broadcast address has been received on the interface correspond‐
ing to that broadcast address.
Default value: 0 (disabled)
A value that enables (1) or disables (0) a system's ability to
forward IP packets that are not addressed to the system. You
can also enable this functionality by using the
/usr/sbin/iprsetup command.
Default value: 0 (disabled)
For systems functioning as routers, both ipforwarding and
ipgateway attributes must be 1.
Maximum time an IP fragment can spend waiting to be reassembled.
Default value: IPFRAGTTL (60, in units of .5 seconds, or 30 sec‐
onds)
Minimum value: 1
Maximum value: INT_MAX, or 2 billion
When using ipfragttl to protect against malicious packet frag‐
ments, care must be taken not to discard legitimate packet frag‐
ments. Consider the following guidelines: Provides a level of
protection that significantly reduces the time that IP fragments
are retained for reassembly. Provides greatest security against
a potential Denial of Service (DoS) condition without signifi‐
cant impact caused by discarding legitimate packet fragments.
A value that enables (1) or disables (0) a system's ability to
forward IP packets that are not addressed to the system. This
functionality is usually enabled by using the /usr/sbin/iprsetup
command.
Default value: 0 (disabled)
For systems functioning as routers, both ipforwarding and
ipgateway attributes must be 1.
Maximum number of IP fragment reassembly queues.
Default value: IP_DEFAULT_FRAG_INDEX, or 64 (queues)
Minimum value: 1
Maximum value: USHRT_MAX, or 65535
The number of times a system can simultaneously make outgoing
connections to other systems. The number of outgoing ports is
the value of the ipport_userreserved attribute minus the value
of the ipport_userreserved_min attribute. The default value of
the attribute is 5000; therefore, the default number of outgoing
ports is 3976.
Default value: 5000
Minimum value: 1
Maximum value: 65535
The lower limit of range of port numbers available for use by a
TCP or UDP application. The number of outgoing ports is the
value of the ipport_userreserved attribute minus the value of
the ipport_userreserved_min attribute. The default value of the
attribute is 5000; therefore, the default number of outgoing
ports is 3976.
Default value: 1024
Minimum value: 1
Maximum value: 65535
Maximum length of the IP input queue (ipintrq) before input
packets are dropped.
Default value: 2048 (bytes)
Minimum value: 1024
Maximum value: 65535
Maximum number of IP input queues.
Default value: 1 (queues)
Minimum value: 1
Maximum value: 64
A value that enables (1) or disables (0) the sending of ICMP re‐
direct messages.
Default value: 1 (enabled)
Enables (1) or disables (0) source routing.
Default value: 1 (enabled)
Time to wait after a decrease in a PMTU value before attempting
to determine if the PMTU value has increased.
Default value: PMTU_DECREASE_INTVL, or 1200 (in units of .5
seconds)
Minimum value: 1
Maximum value: UINT_MAX, or 4 billion
A value that enables (1) or disables (0) discovery of the path
maximum transfer unit (PMTU).
Default value: 1 (enabled)
Time to wait after an increase in a PMTU value before attempting
to determine if the PMTU has increased.
Default value: PMTU_INCREASE_INTVL, or 240 (in units of .5 sec‐
onds)
Minimum value: 1
Maximum value: UINT_MAX, or 4 billion
The timer processing interval for routes participating in the
PMTU discovery process.
Default value: PMTU_RT_CHECK_INTVL, or 20 (in units of .5 sec‐
onds)
Minimum value: 1
Maximum value: UINT_MAX, or 4 billion
A value that enables (1) or disables (0), consideration of all
IP addresses in the same network as being local. When this
value is 1, all IP addresses that are in different subnets but
in the same network are considered local. When this value is 0,
only the IP addresses that match a directly connected subnet are
considered local.
Default value: 1 (enabled)
The number of Transmission Control Protocol (TCP) hash tables.
Default value: 1 (table)
Minimum value: 1
Maximum value: 64
The number of buckets in the TCP inpcb hash table.
Default value: 512 (buckets)
Minimum value: 0
Maximum value: INT_MAX, or 2 billion
Enables (1) or disables (0) optimization of the listen path for
server sockets.
Default value: 1 (enabled)
A value that enables (1) or disables (0) 4.2 BSD-compatible
behavior for the initial send sequence of numbers and
keepalives.
Default value: 1 (enabled)
The number of initial segments to send during congestion window
negotiation.
Default value: 2 (segments)
Minimum value: 1
Maximum value: INT_MAX, or 2 billion
A value that enables (0) or disables (1) window scaling.
Default value: 0 (enabled)
Note
The values for disabling and enabling are the reverse of what
they are for most other attributes.
A value that enables (1) or disables (0) TCP keepalive for all
sockets. TCP keepalive supports the periodic transmission of
messages on a connected socket in order to keep connections
active. If keepalive is enabled, sockets that do not exit
cleanly are cleaned up when the keepalive interval expires. If
keepalive is not enabled, those sockets will continue to exist
until you reboot the system.
Default value: 0 (disabled)
Applications enable keepalive for sockets by setting the set‐
sockopt() function's SO_KEEPALIVE option. Use the
tcp_keepalive_default attribute to override programs that do not
set keepalive on their own, particularly if you have no access
to the sources for those programs.
Maximum number of keepalive probes that can be sent before a
connection is dropped.
Default value: TCPTV_KEEPCNT, or 8 (probes)
Minimum value: 1
Maximum value: 32767
Idle time before the first keepalive probe.
Default value: TCPTV_KEEP_IDLE, or 14400 (in units of .5 sec‐
onds)
Minimum value: 2
Maximum value: 32767
Initial connect timeout.
Default value: TCPTV_KEEP_INIT, or 150 (in units of .5 seconds)
Minimum value: 2
Maximum value: 32767
Time between keepalive probes.
Default value: TCPTV_KEEP_INTVL, or 150 (in units of .5 seconds)
Minimum value: 2
Maximum value: 32767
The maximum lifetime of a TCP segment.
Default value: 60 (in units of .5 seconds)
Minimum value: 1
Maximum value: 2 billion
Default maximum segment size.
Default value: TCP_MSS, or 536 (bytes)
Minimum value: 1
Maximum value: 2 billion
Default receive buffer size for TCP sockets.
Default value: TCP_RECVSPACE, or 61440 (bytes)
Minimum value: 1
Maximum value: 4 billion (cannot be larger than sb_max)
Mitigates against TCP reset attacks by reducing the window sizes
into which a TCP RST packet will be accepted by the system. (See
also tcp_syn_win.) Set the tunable values as follows: Retains
existing TCP behavior with respect to reset packets. Provides a
level of protection that significantly reduces the size of the
TCP reset window while allowing for common TCP client/server
sequence number variations. This allows a reset packet to be
accepted when the remote machine has unacknowledged outstanding
packets of up to a total of 2048 bytes. Provides maximum secu‐
rity against a potential denial of service (DoS) condition. Set‐
ting tcp_rst_win to 0 provides the highest level of protection
without migrating to an IPSec environment. This setting
restricts the acceptance of a reset packet to the current
sequence number and may result in the rejection of valid reset
packets where sent data packets have not been acknowledged.
Minimum amount of time between TCP retransmissions.
Default value: 2 (in units of .5 seconds), or 1 second
Minimum value: 1
Maximum value: 2 billion
The maximum amount of time between TCP retransmissions.
Default value: 128 (in units of .5 seconds), or 64 seconds
Minimum value: 1
Maximum value: INT_MAX, or 2 billion
Initial assumed round-trip time, in seconds.
Default value: 3 (seconds)
Minimum value: 0
Maximum value: INT_MAX, or 2 billion
Default send buffer size, in bytes, for TCP sockets.
Default value: TCP_SENDSPACE, or 61440 (bytes)
Minimum value: 1
Maximum value: UINT_MAX, or 4 billion (cannot be larger than
sb_max)
Mitigates against TCP reset attacks by reducing the window sizes
into which a TCP SYN packet will be accepted by the system. (See
also tcp_rst_win.) Note that by setting this attribute down to
2048 or less, the probability increases that a rebooted client
will not be able to reconnect to a former server. For this rea‐
son, setting tcp_syn_win to a value other than the default value
of -1 is not recommended. Retains existing TCP behavior with
respect to SYN packets. Provides a level of protection that
significantly reduces the size of the TCP SYN window while
allowing for common TCP client/server sequence number varia‐
tions. This allows a SYN packet to be accepted when the remote
machine has unacknowledged outstanding packets of up to a total
of 2048 bytes. This setting should not be used without evidence
of an active SYN attack. Using this setting may cause a valid
SYN to fail at resetting an established connection, as evidenced
by a rebooted client failing to connect during initial attempts
to re-establish previous socket connections.
IP time-to-live, in router hops, for TCP packets.
Default value: TCP_TTL, or 128 (router hops)
Minimum value: 0
Maximum value: 255
A value that enables (1) or disables (0) 4.2 BSD-compatible
behavior for an urgent pointer. The urgent pointer is a pointer
to the first octet of data past the urgent section. When dis‐
abled, the urgent pointer is a pointer to the last octet of data
in the urgent section.
Default value: 1 (enabled)
A value that enables (0) or disables (1) delayed acknowledg‐
ments.
Default value: 0 (enabled)
Note
The values for disabling and enabling are the reverse of what
they are for most other attributes.
Number of duplicate acknowledgments (ACKs) before retransmis‐
sion.
Default value: TCPREXMTTHRESH, or 3 (duplicate acknowledgements)
Minimum value: 1
Maximum value: INT_MAX, or 2 billion
A value that enables (1) or disables (0) the movement of TCP
inpcbs in the TIME_WAIT state to the end of the inpcb list.
Default value: 0 (disabled)
Default receive buffer size, in bytes, for UDP sockets.
Default value: UDP_RECVSPACE, or 42240 (bytes)
Minimum value: 1
Maximum value: UINT_MAX, or 4 billion (cannot be larger than
sb_max)
Default send buffer size, in bytes, for UDP sockets.
Default value: UDP_SENDSPACE, or 9216 (bytes)
Minimum value: 1
Maximum value: UINT_MAX, or 4 billion (cannot be larger than
sb_max)
IP time-to-live, in router hops, for UDP packets.
Default value: UDP_TTL, or 128 (router hops)
Minimum value: 0
Maximum value: 255
A value that enables (1) or disables (0) checksumming in the
Internet user datagram protocol (UDP).
Default value: 1 (enabled)
SEE ALSOsys_attrs(5)
Tuning Tru64 UNIX for Internet Servers at the following location:
http://www.digital.com/internet/document/ias/tuning.html.
System Configuration and Tuning
sys_attrs_inet(5)