--- elwix/config/etc/default/sysctl.conf	2017/02/13 16:52:47	1.9
+++ elwix/config/etc/default/sysctl.conf	2021/03/11 13:59:50	1.10
@@ -2,28 +2,74 @@
 #
 # elwix sysctl.conf
 #
-# $Id: sysctl.conf,v 1.9 2017/02/13 16:52:47 misho Exp $
+# $Id: sysctl.conf,v 1.10 2021/03/11 13:59:50 misho Exp $
 
 sysctl -w kern.coredump=0
+sysctl -w debug.debugger_on_panic=0
+sysctl -w net.bpf.zerocopy_enable=1
+sysctl -w net.bpf.optimize_writers=1
 sysctl -w kern.ipc.somaxconn=1024
 sysctl -w kern.eventtimer.periodic=1
+sysctl -w net.route.netisr_maxqlen=2048
+sysctl -w net.inet.ip.redirect=0
 sysctl -w net.inet.ip.forwarding=1
+sysctl -w net.inet.icmp.reply_from_interface=1
+sysctl -w net.inet.tcp.rfc1323=1
 sysctl -w net.inet.tcp.ecn.enable=1
 sysctl -w net.inet6.ip6.forwarding=1
 sysctl -w net.inet6.ip6.accept_rtadv=0
 sysctl -w net.inet6.ip6.no_radr=0
 sysctl -w kern.maxfilesperproc=4096
-sysctl -w kern.maxfiles=1024
-#sysctl -w kern.ipc.maxsockets=16384
+#sysctl -w kern.maxfiles=65536
+#sysctl -w kern.ipc.maxsockets=65536
 #sysctl -w kern.ipc.maxsockbuf=16777216
 #sysctl -w kern.ipc.maxpipekva=16777216
-#sysctl -w net.graph.maxalloc=2048
-sysctl -w net.graph.maxdgram=128000
-sysctl -w net.graph.recvspace=128000
+#sysctl -w net.graph.maxdgram=131072
+#sysctl -w net.graph.recvspace=131072
+# Sendmsg() cat't send messages more than maxdgram length.
+# Default value causes routing software to fail with OSPF if jumbo frames is turned on.
+sysctl -w net.inet.raw.maxdgram=16384
+sysctl -w net.inet.raw.recvspace=16384
+# Current CPU can manage a lot's more of interrupts than default (1000)
+# The 9000 value was found in /usr/src/sys/dev/ixgbe/README
+sysctl -w hw.intr_storm_threshold=9000
 
-#sysctl -w hw.ath.bstuck=8
+sysctl -w kern.random.harvest.mask=351
 
+# Improve a lot's the polling performance
+# Enable idle_poll
+#sysctl -w kern.polling.idle_poll=1
+# The default value of 150 was for FastEthernet:
+#sysctl -w kern.polling.burst_max=20000
+#sysctl -w kern.polling.each_burst=50
+# For a router, don't need to share 50/50 with user process
+#sysctl -w kern.polling.user_frac=30
+
+#sysctl -w hw.ath.bstuck=8
 #net.inet.tcp.mssdflt=1452
 #net.inet.tcp.hostcache.expire=1
-
 #dev.ath.0.hal.ar5416_biasadj=1
+
+#Power save: Disable power for device with no driver loaded
+sysctl -w hw.pci.do_power_nodriver=3
+
+# blackhole(8)
+# Disable this feature because prevent traceroute to works correctly
+#sysctl -w net.inet.tcp.blackhole=2
+#sysctl -w net.inet.udp.blackhole=1
+# prevent users from seeing information about processes that
+# are being run under another UID.
+#sysctl -w security.bsd.see_other_uids=0
+#sysctl -w security.bsd.see_other_gids=0
+# Prevent some potential exploit
+#sysctl -w security.bsd.unprivileged_proc_debug=0
+
+# Intel NIC tunning
+#sysctl -w hw.em.rx_process_limit=-1
+#sysctl -w hw.em.txd=2048
+#sysctl -w hw.em.rxd=048
+
+#sysctl -w hw.igb.rx_process_limit=-1
+#sysctl -w hw.igb.txd=2048
+#sysctl -w hw.igb.rxd=048
+#sysctl -w hw.igb.max_interrupt_rate=16000