1: #!/bin/sh
2: #
3: # elwix sysctl.conf
4: #
5: # $Id: sysctl.conf,v 1.10.4.1 2024/01/29 13:59:19 misho Exp $
6:
7: sysctl -w kern.coredump=0
8: sysctl -w debug.debugger_on_panic=0
9: sysctl -w net.bpf.zerocopy_enable=1
10: sysctl -w net.bpf.optimize_writers=1
11: sysctl -w kern.ipc.somaxconn=1024
12: sysctl -w kern.eventtimer.periodic=1
13: sysctl -w net.route.netisr_maxqlen=2048
14: sysctl -w net.inet.ip.redirect=0
15: sysctl -w net.inet.ip.forwarding=1
16: sysctl -w net.inet.icmp.reply_from_interface=1
17: sysctl -w net.inet.tcp.rfc1323=1
18: sysctl -w net.inet.tcp.ecn.enable=1
19: sysctl -w net.inet6.ip6.forwarding=1
20: sysctl -w net.inet6.ip6.accept_rtadv=0
21: sysctl -w net.inet6.ip6.no_radr=0
22: sysctl -w kern.maxfilesperproc=4096
23: sysctl -w net.inet.tcp.sendbuf_auto=1
24: sysctl -w net.inet.tcp.recvbuf_auto=1
25: sysctl -w net.inet.tcp.sendbuf_inc=16384
26: sysctl -w net.inet.tcp.recvbuf_inc=524288
27: #sysctl -w kern.maxfiles=65536
28: #sysctl -w kern.ipc.maxsockets=65536
29: #sysctl -w kern.ipc.maxsockbuf=16777216
30: #sysctl -w net.inet.tcp.sendbuf_max=16777216
31: #sysctl -w net.inet.tcp.recvbuf_max=16777216
32: #sysctl -w kern.ipc.maxpipekva=16777216
33: #sysctl -w net.graph.maxdgram=131072
34: #sysctl -w net.graph.recvspace=131072
35: # Sendmsg() cat't send messages more than maxdgram length.
36: # Default value causes routing software to fail with OSPF if jumbo frames is turned on.
37: sysctl -w net.inet.raw.maxdgram=16384
38: sysctl -w net.inet.raw.recvspace=16384
39: # Current CPU can manage a lot's more of interrupts than default (1000)
40: # The 9000 value was found in /usr/src/sys/dev/ixgbe/README
41: sysctl -w hw.intr_storm_threshold=9000
42:
43: sysctl -w kern.random.harvest.mask=351
44:
45: # Improve a lot's the polling performance
46: # Enable idle_poll
47: #sysctl -w kern.polling.idle_poll=1
48: # The default value of 150 was for FastEthernet:
49: #sysctl -w kern.polling.burst_max=20000
50: #sysctl -w kern.polling.each_burst=50
51: # For a router, don't need to share 50/50 with user process
52: #sysctl -w kern.polling.user_frac=30
53:
54: #sysctl -w hw.ath.bstuck=8
55: #net.inet.tcp.mssdflt=1452
56: #net.inet.tcp.hostcache.expire=1
57: #dev.ath.0.hal.ar5416_biasadj=1
58:
59: #Power save: Disable power for device with no driver loaded
60: sysctl -w hw.pci.do_power_nodriver=3
61:
62: # blackhole(8)
63: # Disable this feature because prevent traceroute to works correctly
64: #sysctl -w net.inet.tcp.blackhole=2
65: #sysctl -w net.inet.udp.blackhole=1
66: # prevent users from seeing information about processes that
67: # are being run under another UID.
68: #sysctl -w security.bsd.see_other_uids=0
69: #sysctl -w security.bsd.see_other_gids=0
70: # Prevent some potential exploit
71: #sysctl -w security.bsd.unprivileged_proc_debug=0
72:
73: # Intel NIC tunning
74: #sysctl -w hw.em.rx_process_limit=-1
75: #sysctl -w hw.em.txd=2048
76: #sysctl -w hw.em.rxd=048
77:
78: #sysctl -w hw.igb.rx_process_limit=-1
79: #sysctl -w hw.igb.txd=2048
80: #sysctl -w hw.igb.rxd=048
81: #sysctl -w hw.igb.max_interrupt_rate=16000
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>