git: ace68b1f3629 - main - icmp.4 inet.4 udp.4: sort sysctl variables
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 20 Jul 2022 13:10:40 UTC
The branch main has been updated by karels: URL: https://cgit.FreeBSD.org/src/commit/?id=ace68b1f362953edef79809accb128ad05ffab33 commit ace68b1f362953edef79809accb128ad05ffab33 Author: Mike Karels <karels@FreeBSD.org> AuthorDate: 2022-07-18 16:33:31 +0000 Commit: Mike Karels <karels@FreeBSD.org> CommitDate: 2022-07-20 13:07:20 +0000 icmp.4 inet.4 udp.4: sort sysctl variables Sort the sysctl(3)/sysctl(8) variables in the MIB Variables section alphabetically. This is in preparation for adding missing variables (at least in inet.4 and icmp.4). A few other touchups suggested in review. Reviewed by: bcr Differential Revision: https://reviews.freebsd.org/D35843 MFC after: 1 week (cherry picked from commit 3b656d465127de066511b6ffd02fb9fef85c7a53) --- share/man/man4/icmp.4 | 54 ++++++++-------- share/man/man4/inet.4 | 170 +++++++++++++++++++++++++------------------------- share/man/man4/udp.4 | 20 +++--- 3 files changed, 122 insertions(+), 122 deletions(-) diff --git a/share/man/man4/icmp.4 b/share/man/man4/icmp.4 index fe932a790831..70a9562a442c 100644 --- a/share/man/man4/icmp.4 +++ b/share/man/man4/icmp.4 @@ -28,7 +28,7 @@ .\" @(#)icmp.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd March 26, 2015 +.Dd July 20, 2022 .Dt ICMP 4 .Os .Sh NAME @@ -162,18 +162,14 @@ branch of the .Xr sysctl 3 MIB. .Bl -tag -width ".Va icmplim_output" -.It Va maskrepl +.It Va bmcastecho .Pq Vt boolean -Enable/disable replies to ICMP Address Mask Request packets. +Enable/disable ICMP replies received via broadcast or multicast. +Defaults to false. +.It Va drop_redirect +.Pq Vt boolean +Enable/disable dropping of ICMP Redirect packets. Defaults to false. -.It Va maskfake -.Pq Vt "unsigned integer" -When -.Va maskrepl -is set and this value is non-zero, -it will be used instead of the real address mask when -the system replies to an ICMP Address Mask Request packet. -Defaults to 0. .It Va icmplim .Pq Vt integer Bandwidth limit for ICMP replies in packets/second. @@ -183,23 +179,27 @@ Defaults to 200. .Pq Vt boolean Enable/disable logging of ICMP replies bandwidth limiting. Defaults to true. -.It Va drop_redirect -.Pq Vt boolean -Enable/disable dropping of ICMP Redirect packets. -Defaults to false. .It Va log_redirect .Pq Vt boolean Enable/disable logging of ICMP Redirect packets. Defaults to false. -.It Va bmcastecho +.It Va maskfake +.Pq Vt "unsigned integer" +When +.Va maskrepl +is set and this value is non-zero, +it will be used instead of the real address mask when +the system replies to an ICMP Address Mask Request packet. +Defaults to 0. +.It Va maskrepl .Pq Vt boolean -Enable/disable ICMP replies received via broadcast or multicast. +Enable/disable replies to ICMP Address Mask Request packets. Defaults to false. -.It Va reply_src -.Pq Vt str -An interface name used for the ICMP reply source in response to packets -which are not directly addressed to us. -By default continue with normal source selection. +.It Va quotelen +.Pq Vt integer +Number of bytes from original packet to quote in ICMP reply. +This number is internally enforced to be at least 8 bytes (per RFC792) +and at most the maximal space left in the ICMP reply mbuf. .It Va reply_from_interface .Pq Vt boolean Use the IP address of the interface the packet came through in for @@ -209,11 +209,11 @@ By default, continue with normal source selection. Enabling this option is particularly useful on routers because it makes external traceroutes show the actual path a packet has taken instead of the possibly different return path. -.It Va quotelen -.Pq Vt integer -Number of bytes from original packet to quote in ICMP reply. -This number is internally enforced to be at least 8 bytes (per RFC792) -and at most the maximal space left in the ICMP reply mbuf. +.It Va reply_src +.Pq Vt str +An interface name used for the ICMP reply source in response to packets +which are not directly addressed to us. +By default continue with normal source selection. .It Va tstamprepl .Pq Vt boolean Enable/disable replies to ICMP Timestamp packets. diff --git a/share/man/man4/inet.4 b/share/man/man4/inet.4 index c28866893f16..c2b94ba3ecf6 100644 --- a/share/man/man4/inet.4 +++ b/share/man/man4/inet.4 @@ -28,7 +28,7 @@ .\" From: @(#)inet.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd July 14, 2022 +.Dd July 20, 2022 .Dt INET 4 .Os .Sh NAME @@ -168,25 +168,54 @@ branch of the MIB. The following general variables are defined: .Bl -tag -width ".Va accept_sourceroute" +.It Va accept_sourceroute +Boolean: enable/disable accepting of source-routed IP packets (default false). +.It Va allow_net0 +Boolean: allow experimental use of addresses in 0.0.0.0/8 as endpoints, +and allow forwarding of packets with these addresses. +.It Va allow_net240 +Boolean: allow experimental use of addresses in 240.0.0.0/4 as endpoints, +and allow forwarding of packets with these addresses. .It Va forwarding Boolean: enable/disable forwarding of IP packets. Defaults to off. -.It Va redirect -Boolean: enable/disable sending of ICMP redirects in response to -.Tn IP -packets for which a better, and for the sender directly reachable, route -and next hop is known. -Defaults to on. -.It Va ttl -Integer: default time-to-live -.Pq Dq TTL -to use for outgoing -.Tn IP -packets. -.It Va accept_sourceroute -Boolean: enable/disable accepting of source-routed IP packets (default false). -.It Va sourceroute -Boolean: enable/disable forwarding of source-routed IP packets (default false). +.It Va loopback_prefixlen +Integer: prefix length of the address space reserved for loopback purposes. +The default is 8, meaning that 127.0.0.0/8 is reserved for loopback, +and cannot be sent, received, or forwarded on a non-loopback interface. +Use of other values is experimental. +.It Va maxfragbucketsize +Integer: maximum number of reassembly queues per bucket. +Fragmented packets are hashed to buckets. +Each bucket has a list of reassembly queues. +The system must compare the incoming packets to the existing reassembly queues +in the bucket to find a matching reassembly queue. +To preserve system resources, the system limits the number of reassembly +queues allowed in each bucket. +This limit is recalculated when the number of mbuf clusters is changed or +when the value of +.Va maxfragpackets +changes. +This is a per-VNET limit. +.It Va maxfragpackets +Integer: maximum number of fragmented packets the host will accept and +simultaneously hold in the reassembly queue for a particular VNET. +0 means that the host will not accept any fragmented packets for that VNET. +\-1 means that the host will not apply this limit for that VNET. +This limit is recalculated when the number of mbuf clusters is changed. +This is a per-VNET limit. +.It Va maxfrags +Integer: maximum number of fragments the host will accept and simultaneously +hold across all reassembly queues in all VNETs. +If set to 0, reassembly is disabled. +If set to -1, this limit is not applied. +This limit is recalculated when the number of mbuf clusters is changed. +This is a global limit. +.It Va maxfragsperpacket +Integer: maximum number of fragments the host will accept and hold +in the reassembly queue for a packet. +0 means that the host will not accept any fragmented packets for the VNET. +This is a per-VNET limit. .It Va process_options Integer: control IP options processing. By setting this variable to 0, all IP options in the incoming packets @@ -202,6 +231,29 @@ This .Xr sysctl 8 variable affects packets destined for a local host as well as packets forwarded to some other host. +.It Va random_id +Boolean: control IP IDs generation behavior. +Setting this +.Xr sysctl 8 +to 1 causes the ID field in +.Em non-atomic +IP datagrams (or all IP datagrams, if +.Va rfc6864 +is disabled) to be randomized instead of incremented by 1 with each packet +generated. +This closes a minor information leak which allows remote observers to +determine the rate of packet generation on the machine by watching the +counter. +At the same time, on high-speed links, it can decrease the ID reuse +cycle greatly. +Default is 0 (sequential IP IDs). +IPv6 flow IDs and fragment IDs are always random. +.It Va redirect +Boolean: enable/disable sending of ICMP redirects in response to +.Tn IP +packets for which a better, and for the sender directly reachable, route +and next hop is known. +Defaults to on. .It Va rfc1122_strong_es Boolean: in non-forwarding mode .Pq forwarding is disabled @@ -217,14 +269,6 @@ or destination address rewriting .Xr pfil 4 filters may override and bypass this check. Disabled by default. -.It Va source_address_validation -Boolean: perform source address validation for packets destined for the local -host. -Consider this as following Section 3.2 of RFC3704/BCP84, where we treat local -host as our own infrastructure. -This has no effect on packets to be forwarded, so don't consider it as -anti-spoof feature for a router. -Enabled by default. .It Va rfc6864 Boolean: control IP IDs generation behaviour. True value enables RFC6864 support, which specifies that IP ID field of @@ -233,66 +277,22 @@ datagrams can be set to any value. The .Fx implementation sets it to zero. Enabled by default. -.It Va random_id -Boolean: control IP IDs generation behaviour. -Setting this -.Xr sysctl 8 -to 1 causes the ID field in -.Em non-atomic -IP datagrams (or all IP datagrams, if -.Va rfc6864 -is disabled) to be randomized instead of incremented by 1 with each packet -generated. -This closes a minor information leak which allows remote observers to -determine the rate of packet generation on the machine by watching the -counter. -At the same time, on high-speed links, it can decrease the ID reuse -cycle greatly. -Default is 0 (sequential IP IDs). -IPv6 flow IDs and fragment IDs are always random. -.It Va maxfrags -Integer: maximum number of fragments the host will accept and simultaneously -hold across all reassembly queues in all VNETs. -If set to 0, reassembly is disabled. -If set to -1, this limit is not applied. -This limit is recalculated when the number of mbuf clusters is changed. -This is a global limit. -.It Va maxfragpackets -Integer: maximum number of fragmented packets the host will accept and -simultaneously hold in the reassembly queue for a particular VNET. -0 means that the host will not accept any fragmented packets for that VNET. -\-1 means that the host will not apply this limit for that VNET. -This limit is recalculated when the number of mbuf clusters is changed. -This is a per-VNET limit. -.It Va maxfragbucketsize -Integer: maximum number of reassembly queues per bucket. -Fragmented packets are hashed to buckets. -Each bucket has a list of reassembly queues. -The system must compare the incoming packets to the existing reassembly queues -in the bucket to find a matching reassembly queue. -To preserve system resources, the system limits the number of reassembly -queues allowed in each bucket. -This limit is recalculated when the number of mbuf clusters is changed or -when the value of -.Va maxfragpackets -changes. -This is a per-VNET limit. -.It Va maxfragsperpacket -Integer: maximum number of fragments the host will accept and hold -in the reassembly queue for a packet. -0 means that the host will not accept any fragmented packets for the VNET. -This is a per-VNET limit. -.It Va allow_net0 -Boolean: allow experimental use of addresses in 0.0.0.0/8 as endpoints, -and allow forwarding of packets with these addresses. -.It Va allow_net240 -Boolean: allow experimental use of addresses in 240.0.0.0/4 as endpoints, -and allow forwarding of packets with these addresses. -.It Va loopback_prefixlen -Integer: prefix length of the address space reserved for loopback purposes. -The default is 8, meaning that 127.0.0.0/8 is reserved for loopback, -and cannot be sent, received, or forwarded on a non-loopback interface. -Use of other values is experimental. +.It Va source_address_validation +Boolean: perform source address validation for packets destined for the local +host. +Consider this as following Section 3.2 of RFC3704/BCP84, where we treat local +host as our own infrastructure. +Forwarded packets are unaffected by this +and it should not be considered an anti-spoof feature for a router. +Enabled by default. +.It Va sourceroute +Boolean: enable/disable forwarding of source-routed IP packets (default false). +.It Va ttl +Integer: default time-to-live +.Pq Dq TTL +to use for outgoing +.Tn IP +packets. .El .Sh SEE ALSO .Xr ioctl 2 , diff --git a/share/man/man4/udp.4 b/share/man/man4/udp.4 index 119cc6e609ff..895cd1b01adf 100644 --- a/share/man/man4/udp.4 +++ b/share/man/man4/udp.4 @@ -28,7 +28,7 @@ .\" @(#)udp.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd July 14, 2022 +.Dd July 20, 2022 .Dt UDP 4 .Os .Sh NAME @@ -119,21 +119,21 @@ branch of the .Xr sysctl 3 MIB: .Bl -tag -width ".Va log_in_vain" -.It Va checksum -Enable udp checksums (enabled by default). -.It Va maxdgram -Maximum outgoing UDP datagram size -.It Va recvspace -Maximum space for incoming UDP datagrams -.It Va log_in_vain -For all udp datagrams, to ports on which there is no socket -listening, log the connection attempt (disabled by default). .It Va blackhole When a datagram is received on a port where there is no socket listening, do not return an ICMP port unreachable message. (Disabled by default. See .Xr blackhole 4 . ) +.It Va checksum +Enable UDP checksums (enabled by default). +.It Va log_in_vain +For all UDP datagrams, to ports on which there is no socket +listening, log the connection attempt (disabled by default). +.It Va maxdgram +Maximum outgoing UDP datagram size +.It Va recvspace +Maximum space for incoming UDP datagrams .El .Sh ERRORS A socket operation may fail with one of the following errors returned: