Red Hat ENTERPRISE LINUX 3 Reference Manual page 91

proc
Chapter 5. The
— Displays the date and time the kernel was last compiled. The first field in this file, such
• version
as , relates to the number of times a kernel was built from the source base.
#3
5.3.9.4.
/proc/sys/net/
This directory contains subdirectories concerning various networking topics. Various configurations
at the time of kernel compilation make different directories available here, such as
, ,
ethernet/ ipv4/
trators are able to adjust the network configuration on a running system.
Given the wide variety of possible networking options available with Linux, only the most common
directories are discussed.
/proc/sys/net/
The
/proc/sys/net/core/
tween the kernel and networking layers. The most important of these files are:
• message_burst
message. This setting is used to mitigate Denial of Service (DoS) attacks. The default setting is
— Sets a cost on every warning message. The higher the value of this file (default
• message_cost
of ), the more likely the warning message is ignored. This setting is used to mitigate DoS attacks.
5
The idea of a DoS attack is to bombard the targeted system with requests that generate errors and fill
up disk partitions with log files or require all of the system's resources to handle the error logging.
The settings in
message_burst
system's acceptable risk versus the need for comprehensive logging.
• netdev_max_backlog
ular interface receives packets faster than the kernel can process them. The default value for this
file is .
300
— Configures the maximum ancillary buffer size allowed per socket.
• optmem_max
— Sets the receive socket buffer default size in bytes.
• rmem_default
— Sets the receive socket buffer maximum size in bytes.
• rmem_max
— Sets the send socket buffer default size in bytes.
•
wmem_default
— Sets the send socket buffer maximum size in bytes.
•
wmem_max
The
/proc/sys/net/ipv4/
tings, used in conjunction with one another, are useful in preventing attacks on the system or when
using the system to act as a router.
Caution
An erroneous change to these files may affect remote connectivity to the system.
The following is a list of some of the more important files within the
tory:
• icmp_destunreach_rate
icmp_timeexeed_rate
hosts under certain conditions. A setting of
• icmp_echo_ignore_all
ICMP ECHO packets from every host or only those originating from broadcast and multicast ad-
File System
, and . By altering the files within these directories, system adminis-
ipx/ ipv6/
directory contains a variety of settings that control the interaction be-
— Sets the amount of time in tenths of a second required to write a new warning
and
— Sets the maximum number of packets allowed to queue when a partic-
directory contains additional networking settings. Many of these set-
,
icmp_echoreply_rate
— Set the maximum ICMP send packet rate, in 1/100 of a second, to
and
icmp_echo_ignore_broadcasts
are designed to be modified based on the
message_cost
,
removes any delay and is not a good idea.
0
appletalk/
/proc/sys/net/ipv4/
icmp_paramprob_rate
— Allows the kernel to ignore
73
,
.
50
direc-
, and