Differences

This shows you the differences between two versions of the page.

--- linux:sysctl [2006/02/10 12:44]
193.77.56.193 default sysctl conf
+++ linux:sysctl [2006/04/06 17:58]
a more stuff
@@ Line 1: / Line 1: @@
 ====== Linux sysctl options ======
+==== 2.6 net/ipv4 options ====
+more detailed: [[:linux:sysctl:26netipv4|/proc/net/ipv4]] and [[http://dsd.lbl.gov/TCP-tuning/linux.html|Linux TCP tunning]]
 ==== Reboot on kernel panic ====
@@ Line 7: / Line 11: @@
 |  0  | won't reboot on kernel panic |
 |  n  | number of seconds to wait before reboot |
+==== Linux 2.6 has only 32Mb shared memory ====
+  kernel.shmmax = 67108864
+==== ip_conntrack: maximum limit of XXX entries exceeded ====
+If you notice the following message in syslog, it looks like the conntrack database doesn't have enough entries for your environment. Connection tracking by default handles up to a certain number of simultaneous connections. This number is dependent on you system's maximum memory size (at 64MB: 4096, 128MB: 8192, ...).
+You can easily increase the number of maximal tracked connections, but be **aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!** ''Your kernel will crash for sure, althouh routing/forwarding should still be "working".''
+To increase this limit to e.g. 8192, type:
+   echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max
+To optimize performance, please also raise the number of hash buckets by using the hashsize module loadtime parameter of the ip_conntrack.o module. Please note that due to the nature of the current hashing algorithm, an even hash bucket count (and esp. values of the power of two) are a bad choice.
+Example (with 1023 buckets):
+   modprobe ip_conntrack hashsize=1023
+[[http://www.netfilter.org/documentation/FAQ/netfilter-faq.html#toc3.7]]
+===== GrSecurity options =====
+{{page>linux:grsec#sysctl}}
+About GrSecurity see [[linux:grsec#sysctl|this page]]
@@ Line 12: / Line 44: @@
 Download {{linux:sysctl.conf}}