version 1.7.10.2, 2014/02/05 02:22:14
|
version 1.10.4.1, 2024/01/29 13:59:19
|
Line 5
|
Line 5
|
# $Id$ |
# $Id$ |
|
|
sysctl -w kern.coredump=0 |
sysctl -w kern.coredump=0 |
|
sysctl -w debug.debugger_on_panic=0 |
|
sysctl -w net.bpf.zerocopy_enable=1 |
|
sysctl -w net.bpf.optimize_writers=1 |
sysctl -w kern.ipc.somaxconn=1024 |
sysctl -w kern.ipc.somaxconn=1024 |
sysctl -w kern.ipc.nmbclusters=2048 |
|
sysctl -w kern.eventtimer.periodic=1 |
sysctl -w kern.eventtimer.periodic=1 |
|
sysctl -w net.route.netisr_maxqlen=2048 |
|
sysctl -w net.inet.ip.redirect=0 |
sysctl -w net.inet.ip.forwarding=1 |
sysctl -w net.inet.ip.forwarding=1 |
sysctl -w net.inet.ip.fastforwarding=1 | sysctl -w net.inet.icmp.reply_from_interface=1 |
| sysctl -w net.inet.tcp.rfc1323=1 |
sysctl -w net.inet.tcp.ecn.enable=1 |
sysctl -w net.inet.tcp.ecn.enable=1 |
sysctl -w net.inet6.ip6.forwarding=1 |
sysctl -w net.inet6.ip6.forwarding=1 |
sysctl -w net.inet6.ip6.accept_rtadv=0 |
sysctl -w net.inet6.ip6.accept_rtadv=0 |
sysctl -w net.inet6.ip6.no_radr=0 |
sysctl -w net.inet6.ip6.no_radr=0 |
sysctl -w kern.maxfilesperproc=4096 |
sysctl -w kern.maxfilesperproc=4096 |
sysctl -w kern.maxfiles=1024 | sysctl -w net.inet.tcp.sendbuf_auto=1 |
#sysctl -w kern.ipc.maxsockets=16384 | sysctl -w net.inet.tcp.recvbuf_auto=1 |
| sysctl -w net.inet.tcp.sendbuf_inc=16384 |
| sysctl -w net.inet.tcp.recvbuf_inc=524288 |
| #sysctl -w kern.maxfiles=65536 |
| #sysctl -w kern.ipc.maxsockets=65536 |
#sysctl -w kern.ipc.maxsockbuf=16777216 |
#sysctl -w kern.ipc.maxsockbuf=16777216 |
|
#sysctl -w net.inet.tcp.sendbuf_max=16777216 |
|
#sysctl -w net.inet.tcp.recvbuf_max=16777216 |
#sysctl -w kern.ipc.maxpipekva=16777216 |
#sysctl -w kern.ipc.maxpipekva=16777216 |
#sysctl -w net.graph.maxalloc=2048 | #sysctl -w net.graph.maxdgram=131072 |
sysctl -w net.graph.maxdgram=128000 | #sysctl -w net.graph.recvspace=131072 |
sysctl -w net.graph.recvspace=128000 | # Sendmsg() cat't send messages more than maxdgram length. |
| # Default value causes routing software to fail with OSPF if jumbo frames is turned on. |
| sysctl -w net.inet.raw.maxdgram=16384 |
| sysctl -w net.inet.raw.recvspace=16384 |
| # Current CPU can manage a lot's more of interrupts than default (1000) |
| # The 9000 value was found in /usr/src/sys/dev/ixgbe/README |
| sysctl -w hw.intr_storm_threshold=9000 |
|
|
|
sysctl -w kern.random.harvest.mask=351 |
|
|
|
# Improve a lot's the polling performance |
|
# Enable idle_poll |
|
#sysctl -w kern.polling.idle_poll=1 |
|
# The default value of 150 was for FastEthernet: |
|
#sysctl -w kern.polling.burst_max=20000 |
|
#sysctl -w kern.polling.each_burst=50 |
|
# For a router, don't need to share 50/50 with user process |
|
#sysctl -w kern.polling.user_frac=30 |
|
|
|
#sysctl -w hw.ath.bstuck=8 |
#net.inet.tcp.mssdflt=1452 |
#net.inet.tcp.mssdflt=1452 |
#net.inet.tcp.hostcache.expire=1 |
#net.inet.tcp.hostcache.expire=1 |
|
|
#dev.ath.0.hal.ar5416_biasadj=1 |
#dev.ath.0.hal.ar5416_biasadj=1 |
|
|
|
#Power save: Disable power for device with no driver loaded |
|
sysctl -w hw.pci.do_power_nodriver=3 |
|
|
|
# blackhole(8) |
|
# Disable this feature because prevent traceroute to works correctly |
|
#sysctl -w net.inet.tcp.blackhole=2 |
|
#sysctl -w net.inet.udp.blackhole=1 |
|
# prevent users from seeing information about processes that |
|
# are being run under another UID. |
|
#sysctl -w security.bsd.see_other_uids=0 |
|
#sysctl -w security.bsd.see_other_gids=0 |
|
# Prevent some potential exploit |
|
#sysctl -w security.bsd.unprivileged_proc_debug=0 |
|
|
|
# Intel NIC tunning |
|
#sysctl -w hw.em.rx_process_limit=-1 |
|
#sysctl -w hw.em.txd=2048 |
|
#sysctl -w hw.em.rxd=048 |
|
|
|
#sysctl -w hw.igb.rx_process_limit=-1 |
|
#sysctl -w hw.igb.txd=2048 |
|
#sysctl -w hw.igb.rxd=048 |
|
#sysctl -w hw.igb.max_interrupt_rate=16000 |