inconfig(1Mtcp)

Synopsis

Description

inconfig reads a configuration file to obtain the list of kernel parameters and their values. This file is normally /etc/inet/inet.dfl, but a different file can be specified with the -f option. See ``Parameters'' for a description of the parameters.

For each parameter listed in the configuration file, inconfig initializes the parameter to the specified value.

The current value of a single parameter can be retrieved by specifying only the parameter name as an argument to inconfig.

If a ``parameter value'' pair is specified, the associated kernel parameter is modified. The configuration file is also updated so that the parameter will be correctly initialized the next time the system is restarted. The -n flag causes the configuration file to remain unchanged. This is useful when turning on debugging messages that are not desired in normal operation.

Each configuration parameter has a minimum and a maximum allowable value enforced by the kernel. Attempts to set the parameter to a value outside of the allowable range will be disallowed.

inconfig goes to great lengths to preserve the current configuration in the event of an I/O error. Before the new configuration is generated, file is renamed to file.bak. If the configuration cannot be updated, inconfig will attempt to restore the old one. If the restore fails, the configuration is left in file.bak. If the new configuration is successfully saved, the backup file will be deleted. inconfig blocks SIGHUP, SIGINT, and SIGTERM while the configuration is being updated.

The -v flag causes inconfig to display information about each parameter found in the configuration file as it is being processed.

If the -d option is used, neither the kernel nor the configuration file will be updated. Instead inconfig will display every change it would have made if the -d option had not been used.

Only root may use this command.

Parameters

• ``Address Resolution Protocol (ARP) parameters''

• ``Internet Control Message Protocol Version 4 (ICMPv4) parameters''

• ``Internet Group Management Protocol Version 4 (IGMPv4) parameters''

• ``Internet Protocol Version 4 (IPv4) parameters''

• ``Transmission Control Protocol (TCP) parameters''

• ``User Datagram Protocol (UDP) parameters''

The default values of the parameters are configured to work efficiently in most situations.

Address Resolution Protocol (ARP) parameters

The following parameters control the behavior of the Address Resolution Protocol (ARP).

arpprintfs

Controls logging of warnings from the kernel ARP driver. These are displayed on the console. Logging is turned on if this parameter is set to 1. If set to 0 (the default), debugging information is not displayed.

arp_maxretries

Sets the maximum number of retries for the address resolution protocol (ARP) before it gives up. The default value is 5; the minimum and maximum configurable values are 1 and 128.

arpt_down

Sets the time to hold onto an incomplete ARP cache entry if ARP lookup fails. The default value is 20 seconds; the minimum and maximum configurable values are 1 and 600 seconds.

arpt_keep

Sets the time to keep a valid entry in the ARP cache. The default value is 1200 seconds; the minimum and maximum configurable values are 1 and 2400 seconds.

arpt_prune

Sets the interval between scanning the ARP table for stale entries. The default value is 300 seconds; the minimum and maximum configurable values are 1 and 1800 seconds.

Internet Control Message Protocol Version 4 (ICMPv4) parameters

icmp_answermask

If set to 1, the system will respond to ICMP subnet mask request messages. This parameter must be set to 1 to support certain hosts such as diskless workstations. The default value is 0, do not respond, as specified in RFC 1122.

icmp_quenchsz

Controls how many addresses to remember every 200ms when performing ICMP source quenching. If a host's address is remembered, this ensures that no more than five quench messages can be sent to it per second. The default value is 32. The minimum and maximum configurable values are 1 and 4096.

icmpprintfs

Controls logging of warnings from the kernel ICMP driver. These are displayed on the console. Logging is turned on if this parameter is set to 1. If set to 0 (the default), debugging information is not displayed.

Internet Group Management Protocol Version 4 (IGMPv4) parameters

igmpprintfs

Controls logging of warnings from the kernel IGMP driver. These are displayed on the console. Logging is turned on if this parameter is set to 1. If set to 0 (the default), debugging information is not displayed.

Internet Protocol Version 4 (IPv4) parameters

in_fullsize

Controls the systemwide default TCP behavior for attempting to negotiate the use of full-sized segments. If set to 1 (the default), TCP attempts to use a segment size equal to the interface MTU minus the size of the TCP/IP headers. If set to 0, TCP rounds the segment size down to the nearest multiple of 1KB.

in_loglimit

Controls how many bytes of the error packet to display when debugging. Note that the appropriate xxxprintfs parameter (such as tcpprintfs) must be set to a non-zero value to enable logging. The default value is 64. The minimum and maximum configurable values are 1 and 255.

in_recvspace

Sets the systemwide default size of the TCP/IP receive window in bytes. (This can be overridden by using setsockopt(3sock) to set SO_RCVBUF.) The default value is 4096 bytes. The minimum and maximum configurable values are 2048 and 65535 bytes.

in_sendspace

Sets the systemwide default size of the TCP/IP send window in bytes. This should be at least as large as the loopback MTU. (This can be overridden by using setsockopt(3sock) to set SO_SNDBUF.) The default value is 8192 bytes. The minimum and maximum configurable values are 2048 and 65535 bytes.

ip_checkbroadaddr

Controls whether IP checks whether unicast packets specify a broadcast address. If set to 1 (the default as specified in RFC 1122), IP discards non-broadcast packets sent to a link-level broadcast address. In the unlikely event that a data-link driver does not support this, packets may be discarded erroneously. If the netstat -sp ip command shows that many packets cannot be forwarded, set this parameter to 0 to turn off checking.

ip_dirbroadcast

If set to 1 (the default), allows receipt of broadcast packets only if they match one of the broadcast addresses configured for the interface upon which the packet was received. If set to 0, allows receipt of broadcast packets that match any configured broadcast address.

ip_perform_pmtu

IP performs Path Maximum Transmission Unit (Path MTU or PMTU) discovery as specified in RFC 1191 if set to 1 (the default). This causes IP to send packets with the ``do not fragment'' bit set so that routers will generate ``Fragmentation Required'' messages if they cannot forward the whole packet. Retransmission with a smaller packet size allows the minimum MTU in the path to the destination to be established. If you experience interoperability problems because intermediate routers do not support this feature, a value of 0 disables PMTU.

If you disable PMTU, you should also set tcp_offer_big_mss (described in ``Transmission Control Protocol (TCP) parameters'') to 0.

ip_pmtu_decrease_age

Controls how many seconds IP will wait (while performing PMTU) after decreasing an MTU estimate before it starts raising it. The default value is 600 seconds. The maximum configurable value is 32667. If set to 0xffffffff, the estimate is never raised; this is useful if there is only one path out of your local network and its MTU is known to be constant.

ip_pmtu_increase_age

Sets the number of seconds between increasing the MTU estimate for a destination once it starts to increase. The default value is 120 seconds. The minimum and maximum configurable values are 0 and 600 seconds.

ip_settos

If set to 1 (the default), IP sets type-of service TOS information (as specified in RFC 1122) in packets that it sends down to the data-link layer. Set this to 0 if your network card link-level driver cannot handle this.

ip_subnetsarelocal

The default value of 1 specifies that other subnets of the network are to be considered as local -- that is, directly connected. TCP assumes them to be connected via high-MSS paths and adjusts its idea of the MSS to be negotiated. Otherwise, TCP uses the default MSS specified by tcp_mssdflt (described in ``Transmission Control Protocol (TCP) parameters'') -- this is typically 512 bytes in accordance with RFC 793 and RFC 1122. By default, the parameter tcp_offer_big_mss is set to 1 so that Path MTU discovery can be used to provide the maximum benefit. If the value of tcp_offer_big_mss is set to 0, setting the value of ip_subnetsarelocal to 1 allows for good local performance even though PMTU discovery is not used.

The message ``ICMP Host Unreachable'' is generated for local subnet routing failures. When this value is set to 0, the packet size is set to 576 bytes, as specified in RFC 1122.

The default value of 1 enables this feature; if set to 0, it is disabled.

ip_ttl

Sets the time to live (TTL) of an IP packet as a number of hops. This value is used by all kernel drivers that need it (including TCP). The default value is 64 as recommended by RFC 1340. The minimum and maximum configurable values are 1 and 255.

ipforwarding

ipsendredirects

If you want to use your machine as a unicast or multicast router, set both these parameters to 1.

ipforwarding controls whether the system will forward packets sent to it which are destined for another system (that is, act as a router). The default value is 0 (off) as defined by RFC 1122. A system acting as a host will still forward source-routed datagrams unless ipnonlocalsrcroute is set to 0.

ipsendredirects controls whether IP will send an ICMP redirect error message to a host when forwarding a packet out of the same interface on which it was received. The message informs the sending host which is the correct router to use in the future. This allows the sending host to adjust its routing table appropriately. This should be set to 1 if ipforwarding is set to 1.

ipnonlocalsrcroute

Controls whether source-routed datagrams will be forwarded if they are not destined for the local system. On hosts, the default value is 0 (off). If your machine is acting as a router (ipforwarding is set to 1), set the value of ipnonlocalsrcroute to 1 unless you are concerned that this may open a security hole.

ipprintfs

Controls logging of warnings from the kernel IP driver. These are displayed on the console. Logging is turned on if this parameter is set to 1. If set to 0 (the default), debugging information is not displayed.

Transmission Control Protocol (TCP) parameters

tcp_2msl

Sets the time in seconds that a TCP connection will remain in the TIME_WAIT state waiting for a FIN from the remote side before being moved to the CLOSED state. The default time period is 240 seconds as defined by RFC 793. The minimum and maximum configurable values are 30 and 240 seconds.

tcp_delay_acks

Selects TCP delayed acknowledgements (ACKs) if set to 1 (default), and selects immediate ACKs if set to 0. If delayed ACKs are set, TCP does not send an ACK immediately on receiving data. TCP normally delays sending an ACK to improve the chance that it can bundle it with transmitted data.

tcp_do_rfc1323

Control system-wide implementation of TCP performance extensions including timestamps and large window scaling (as defined in RFC 1323). These features provide more efficient and reliable usage of high-bandwidth, high-latency links. If set to 1 (the default), negotiation is turned on and will permit a TCP receive window size as large as 1GB. If set to 0, negotiation is disabled and the largest possible window size is 64KB.

Window size negotiation may be disabled on a per-interface basis by specifying the no1323opt option to ifconfig(1Mtcp). This is necessary for PPP and SLIP interfaces that allow header compression.

tcp_initial_timeout

Sets the TCP/IP retransmit time for an initial SYN segment when establishing a connection. The default value is 180 seconds as defined by RFC 1122. The minimum and maximum configurable values are 1 and 7200 seconds.

tcp_keepidle

Sets the idle time before TCP/IP keepalives are sent (if enabled). The default value is 7200 seconds. The minimum and maximum configurable values are 300 and 86400 seconds.

tcp_keepintvl

Sets the TCP/IP keepalive interval between keepalive packets once they start being sent. The default value is 75 seconds. The minimum and maximum configurable values are 1 and 43200 seconds.

tcp_maxdata

Sets the maximum TCP receive window size in bytes if tcp_do_rfc1323 is set to 1 to enable large window scaling. The maximum and default value is 0x3FFFFFFF (1GB-1). The minimum value is 1.

tcp_mss_sw_threshold

Defines the small window threshold for interface MTUs. If the MTU of an interface is small enough to force TCP to use an MSS smaller than this threshold, then TCP will use the receive window size specified by tcp_small_recvspace. This is an optimization to avoid buffering too much data on low-speed links such as SLIP and PPP. The default value is 1024 bytes. The minimum and maximum configurable values are 512 and 4096 bytes.

tcp_mssdflt

Sets the default TCP segment size to use on interfaces for which no MSS and Path MTU information is available. The default and minimum value is 512 bytes. The maximum configurable values is 32768. You should keep the value of this parameter small if possible.

tcp_nkeep

Sets the number of TCP/IP keepalives that will be sent before giving up. The default value is 8. The minimum and maximum configurable values are 1 and 256.

tcp_offer_big_mss

In order to get the maximum benefit out of Path MTU (PMTU) discovery, TCP normally offers an MSS that is derived from the local interface MTU (after subtracting the packet header sizes). This allows the remote system to send the biggest segments that the network can handle. Set this parameter to 0 for systems that cannot handle this, or that do not implement PMTU discovery. This causes TCP to offer a smaller MTU for non-local connections (see ip_subnetsarelocal in ``Internet Protocol Version 4 (IPv4) parameters''). The default value of 1 (offer it) allows maximum benefit to be gained from PMTU discovery; a value of 0 disables this.

tcp_secret

tcp_seqbits

To protect against IP address spoofing attacks, a random element is introduced into how TCP chooses the initial send sequence number and its increment.

tcp_secret seeds the random number sequence. Its value can be set to any integer from 0 through 2147483647.

tcp_seqbits selects the number of bits of tcp_secret that are used to seed the sequence number increment value. The default value of tcp_seqbits is 21; its minimum and maximum values are 16 and 26. The default value represents a compromise between security and the uniqueness of the sequence number. If the value of tcp_seqbits is small, this increases the possibility that an attacker can guess the random number. A large value for tcp_seqbits decreases the time before a given sequence number occurs again.

tcp_small_recvspace

If the MTU is less than the small window threshold, tcp_mss_sw_threshold, sets the receive window size to use on interfaces that require small windows. The default value is 4096 bytes. The minimum and maximum configurable values are 1024 and 16384 bytes.

tcp_urgbehavior

Controls how TCP interprets urgent data. If set to 0, it interprets it in RFC 1122 mode; if set to 1 (the default), it interprets it in BSD mode.

tcpalldebug

If set to 1, captures trace information for all connections. The default value is 0 which causes TCP to trace only those connections that set the SO_DEBUG option. This information can be retrieved using the trpt(1Mtcp) command, or displayed on the console if tcpconsdebug is set.

tcpconsdebug

Directs TCP/IP connection trace output to the console if set to 1 (see also tcpalldebug). The default value is 0.

tcpprintfs

Controls logging of warnings from the kernel TCP driver. These are displayed on the console. Logging is turned on if this parameter is set to 1. If set to 0 (the default), debugging information is not displayed.

User Datagram Protocol (UDP) parameters

udpprintfs

Controls logging of warnings from the kernel UDP driver. These are displayed on the console. Logging is turned on if this parameter is set to 1. If set to 0 (the default), debugging information is not displayed.

Files

/etc/inet/inet.dfl

configuration file

References

RFC 793, RFC 1122, RFC 1191, RFC 1323, RFC 1340