version 1.9.2.1, 2017/06/08 11:12:45
|
version 1.10, 2021/03/11 13:59:50
|
Line 5
|
Line 5
|
# $Id$ |
# $Id$ |
|
|
sysctl -w kern.coredump=0 |
sysctl -w kern.coredump=0 |
# Enable Fastforwarding (man 4 inet) and BREAK IPsec (but TCP_MD5 stills works with fastforwarding): | sysctl -w debug.debugger_on_panic=0 |
sysctl -w net.inet.ip.fastforwarding=1 | |
sysctl -w net.bpf.zerocopy_enable=1 |
sysctl -w net.bpf.zerocopy_enable=1 |
|
sysctl -w net.bpf.optimize_writers=1 |
sysctl -w kern.ipc.somaxconn=1024 |
sysctl -w kern.ipc.somaxconn=1024 |
sysctl -w kern.eventtimer.periodic=1 |
sysctl -w kern.eventtimer.periodic=1 |
sysctl -w net.route.netisr_maxqlen=2048 |
sysctl -w net.route.netisr_maxqlen=2048 |
sysctl -w net.inet.ip.redirect=0 |
sysctl -w net.inet.ip.redirect=0 |
sysctl -w net.inet.ip.forwarding=1 |
sysctl -w net.inet.ip.forwarding=1 |
sysctl -w net.inet.icmp.reply_from_interface=1 |
sysctl -w net.inet.icmp.reply_from_interface=1 |
|
sysctl -w net.inet.tcp.rfc1323=1 |
sysctl -w net.inet.tcp.ecn.enable=1 |
sysctl -w net.inet.tcp.ecn.enable=1 |
sysctl -w net.inet6.ip6.forwarding=1 |
sysctl -w net.inet6.ip6.forwarding=1 |
sysctl -w net.inet6.ip6.accept_rtadv=0 |
sysctl -w net.inet6.ip6.accept_rtadv=0 |
sysctl -w net.inet6.ip6.no_radr=0 |
sysctl -w net.inet6.ip6.no_radr=0 |
sysctl -w kern.maxfilesperproc=4096 |
sysctl -w kern.maxfilesperproc=4096 |
sysctl -w kern.maxfiles=1024 | #sysctl -w kern.maxfiles=65536 |
#sysctl -w kern.ipc.maxsockets=16384 | #sysctl -w kern.ipc.maxsockets=65536 |
#sysctl -w kern.ipc.maxsockbuf=16777216 |
#sysctl -w kern.ipc.maxsockbuf=16777216 |
#sysctl -w kern.ipc.maxpipekva=16777216 |
#sysctl -w kern.ipc.maxpipekva=16777216 |
#sysctl -w net.graph.maxdgram=131072 |
#sysctl -w net.graph.maxdgram=131072 |
Line 29 sysctl -w kern.maxfiles=1024
|
Line 30 sysctl -w kern.maxfiles=1024
|
# Default value causes routing software to fail with OSPF if jumbo frames is turned on. |
# Default value causes routing software to fail with OSPF if jumbo frames is turned on. |
sysctl -w net.inet.raw.maxdgram=16384 |
sysctl -w net.inet.raw.maxdgram=16384 |
sysctl -w net.inet.raw.recvspace=16384 |
sysctl -w net.inet.raw.recvspace=16384 |
# Increasing bpf perfs (in -current only ?) |
|
#sysctl -w net.bpf.optimize_writers=1 |
|
# Current CPU can manage a lot's more of interrupts than default (1000) |
# Current CPU can manage a lot's more of interrupts than default (1000) |
# The 9000 value was found in /usr/src/sys/dev/ixgbe/README |
# The 9000 value was found in /usr/src/sys/dev/ixgbe/README |
sysctl -w hw.intr_storm_threshold=9000 |
sysctl -w hw.intr_storm_threshold=9000 |
|
|
|
sysctl -w kern.random.harvest.mask=351 |
|
|
# Improve a lot's the polling performance |
# Improve a lot's the polling performance |
# Enable idle_poll |
# Enable idle_poll |
#sysctl -w kern.polling.idle_poll=1 |
#sysctl -w kern.polling.idle_poll=1 |
Line 62 sysctl -w hw.pci.do_power_nodriver=3
|
Line 63 sysctl -w hw.pci.do_power_nodriver=3
|
#sysctl -w security.bsd.see_other_gids=0 |
#sysctl -w security.bsd.see_other_gids=0 |
# Prevent some potential exploit |
# Prevent some potential exploit |
#sysctl -w security.bsd.unprivileged_proc_debug=0 |
#sysctl -w security.bsd.unprivileged_proc_debug=0 |
|
|
|
# Intel NIC tunning |
|
#sysctl -w hw.em.rx_process_limit=-1 |
|
#sysctl -w hw.em.txd=2048 |
|
#sysctl -w hw.em.rxd=048 |
|
|
|
#sysctl -w hw.igb.rx_process_limit=-1 |
|
#sysctl -w hw.igb.txd=2048 |
|
#sysctl -w hw.igb.rxd=048 |
|
#sysctl -w hw.igb.max_interrupt_rate=16000 |