Chinaunix首页 | 论坛 | 博客
  • 博客访问: 233948
  • 博文数量: 52
  • 博客积分: 3010
  • 博客等级: 中校
  • 技术积分: 731
  • 用 户 组: 普通用户
  • 注册时间: 2008-09-25 17:46
文章分类
文章存档

2009年(13)

2008年(39)

我的朋友

分类: LINUX

2008-11-26 23:20:00

 
 本人最近会把proc目录详解给大家弄一下,欢迎翻译,有问题责留言。虽然是英文的,但都比较好理解,如有问题,请留言,我们共同为Linux社区而努力。proc /sys/net/ipv4/conf的all  default  eth0  lo其中他们下面都是一个意思,菜单进入eth0
如下
[root@jiangtao eth0]# ls
accept_redirects     bootp_relay         mc_forwarding        send_redirects
accept_source_route  disable_policy      medium_id            shared_media
arp_accept           disable_xfrm        promote_secondaries  tag
arp_announce         force_igmp_version  proxy_arp
arp_filter           forwarding          rp_filter
arp_ignore           log_martians        secure_redirects
一 accept_redirects
    Accept ICMP redirect messages.

accept_redirects for the interface will be enabled if

  • both conf/{all,interface}/accept_redirects are 1 - in the case forwarding for the interface is enabled, or
  • at least one of conf/{all,interface}/accept_redirects is 1 - in the case forwarding for the interface is disabled

accept_redirects for the interface will be disabled otherwise.

Default: 1 (host), 0 (router).

二 accept_source_route

Accept packets with SRR option.

conf/all/accept_source_route must also be set to 1 to accept packets with SRR option on the interface.

Default: 1 (router), 0 (host).

三,arp_accept

Define behavior when gratuitous ARP replies are received:

  • 0 - drop gratuitous ARP frames
  • 1 - accept gratuitous ARP frames

四arp_announce

 

Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface:

  • 0 - (default) Use any local address, configured on any interface.
  • 1 - Try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2.
  • 2 - Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce.

The max value from conf/{all,interface}/arp_announce is used.

Increasing the restriction level gives more chance for receiving answer from the resolved target while decreasing the level announces more valid sender's information.

五arp_filter

  • 0 - (default) The kernel can respond to ARP requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems.
  • 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an ARP request.

arp_filter for the interface will be enabled if at least one of conf/{all,interface}/arp_filter is set to 1, it will be disabled otherwise.

六 arp_ignore

Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:

  • 0 - (default) reply for any local target IP address, configured on any interface
  • 1 - reply only if the target IP address is local address configured on the incoming interface
  • 2 - reply only if the target IP address is local address configured on the incoming interface and both with the sender's IP address are part from same subnet on this interface
  • 3 - do not reply for local addresses configured with scope host, only resolutions for global and link addresses are replied
  • 4 - 7 - reserved
  • 8 - do not reply for all local addresses

The max value from conf/{all,interface}/arp_ignore is used when ARP request is received on the {interface}.

七 bootp_relay

Accept packets with source address 0.b.c.d destined not to this host as local ones. It is supposed, that BOOTP relay daemon will catch and forward such packets.

conf/all/bootp_relay must also be set to 1 to enable BOOTP relay for the interface.

Default: 0

disable_policy

  Disable IPSEC policy (SPD) for this interface

九 disable_xfrm

  Disable IPSEC encryption on this interface, whatever the policy

十 force_igmp_version

   Force IGMP protocol version.

十一 forwarding

Enable IP forwarding on this interface

十二 log_martians

Log packets with impossible addresses to kernel log.

log_martians for the interface will be enabled if at least one of conf/{all,interface}/log_martians is set to 1, it will be disabled otherwise

十三 mc_forwarding

Do multicast routing. The kernel needs to be compiled with CONFIG_IP_MROUTE and a multicast routing daemon is required.

conf/all/mc_forwarding must also be set to 1 to enable multicast routing for the interface.

十四 medium_id

Integer value used to differentiate the devices by the medium they are attached to. Two devices can have different id values when the broadcast packets are received only on one of them.

The default value 0 means that the device is the only interface to its medium, value of -1 means that medium is not known.

Currently, it is used to change the proxy_arp behavior: the proxy_arp feature is enabled for packets forwarded between two devices attached to different media.

十五 promote_secondaries

If this is enabled, and primary address of an interface gets deleted, an alias of the interface (secondary) will be upgraded to become primary.

The default is to purge all the secondaries when you delete the primary.

十六  proxy_arp

Do proxy ARP.

proxy_arp for the interface will be enabled if at least one of conf/{all,interface}/proxy_arp is set to 1, it will be disabled otherwise.

十七 rp_filter

  • 0 - No source validation.
  • 1 - Do source validation by reversed path, as specified in RFC1812. Recommended option for single homed hosts and stub network routers. Could cause troubles for complicated (not loop free) networks running a slow unreliable protocol (sort of RIP), or using static routes.

conf/all/rp_filter must also be set to 1 to do source validation on the interface.

If you set this to 1 on a router that is the only connection for a network to the net, it will prevent spoofing attacks against your internal networks (external addresses can still be spoofed), without the need for additional firewall rules.

The default value is 0, but note that some distributions enable it in startup scripts.

十八 secure_redirects

Accept ICMP redirect messages only for gateways, listed in default gateway list.

secure_redirects for the interface will be enabled if at least one of conf/{all,interface}/secure_redirects is set to 1, it will be disabled otherwise.

Default: 1

十九 send_redirects

Send redirects, if router.

send_redirects for the interface will be enabled if at least one of conf/{all,interface}/send_redirects is set to 1, it will be disabled otherwise.

Default: 1

二十 shared_media

Send(router) or accept(host) RFC1620 shared media redirects. If it is not set the kernel does not assume that different subnets on this device can communicate directly. Overrides secure_redirects.

shared_media for the interface will be enabled if at least one of conf/{all,interface}/shared_media is set to 1, it will be disabled otherwise.

Default: 1

二十一 tag

Allows you to write a number, which can be used as required. The default value is 0.

 

阅读(7978) | 评论(0) | 转发(2) |
0

上一篇:sar命令

下一篇:proc /sys/net/core 终结版

给主人留下些什么吧!~~