50

Chapter 2. The

proc

File System

  icmp_echo_ignore_all

and

icmp_echo_ignore_broadcasts

  Allows the kernel to ignore

ICMP ECHO packets from every host or only those originating from broadcast and multicast ad 

dresses, respectively. A value of

0

allows the kernel to respond, while a value of

1

ignores the

packets.

  ip_default_ttl

  Sets the default Time To Live (TTL), which limits the number of hops a packet

may make before reaching its destination. Increasing this value can diminish system performance.

  ip_forward

  Permits interfaces on the system to forward packets to one other. By default, this

file is set to

0

. Setting this file to

1

will enable network packet forwarding.

  ip_local_port_range

  Specifies the range of ports to be used by TCP or UDP when a local

port is needed. The first number is the lowest port to be used, and the second number specifies the

highest port. Any systems that expect to require more ports than the default 1024 to 4999 should

use the 32768 to 61000 range in this file.

  tcp_syn_retries

  Provides a limit on the number of times your system will re transmit a SYN

packet when attempting to make a connection.

  tcp_retries1

  Sets the number of permitted re transmissions attempting to answer an incom 

ing connection. Default of

3

.

  tcp_retries2

  Sets the number of permitted re transmissions of TCP packets. Default of

15

.

The

/usr/src/linux 2.4/Documentation/networking/ip sysctl.txt

file contains a com 

plete list of files and options available in the

/proc/sys/net/ipv4/

directory.

A number of other directories exist within the

/proc/sys/net/ipv4/

directory cover specific top 

ics. The

conf

directory allows each of the systems interfaces to be configured in different ways,

including the use of a default settings for unconfigured devices (in the

default

subdirectory) and

settings that override all special configurations (in the

all

subdirectory).

In order to control connections between direct neighbors, meaning any other system directly con 

nected to your system, the

neigh

directory allows special configurations for each interface. This

would allow you to treat systems differently that you trust more due to their relatively proximity to

your system. At the same time, it also makes it easy to put strict rules in place for systems several

hops away.

Routing over IPV4 also has its own directory,

route

. Unlike

conf

and

neigh

, the

route

directory

contains specifications that apply to routing with any interfaces on the system. Many of these settings,

such as

max_size

,

max_delay

, and

min_delay

, relate to controlling the size of the routing cache.

To clear the routing cache, simply write any value to the

flush

file.

Additional information about these directories and the possible values for their configuration files can

be found in

/usr/src/linux 2.4/Documentation/filesystems/proc.txt

.

2.3.9.5.

/proc/sys/vm/

This directory facilitates the configuration of the Linux kernel's virtual memory (VM) subsystem. The

kernel makes extensive and intelligent use of virtual memory, which is commonly called swap space.

The following files are commonly found in the

/proc/sys/vm/

directory:

  bdflush

  Sets various values related to the

bdflush

kernel daemon.

  buffermem

  Allows you to control the percentage amount of total system memory to be used for

buffer memory. Typical output for this file looks like this:

2

10

60

The first and last values set the minimum and maximum percentage of memory to be used as buffer

memory, respectively. The middle value sets the percentage of system memory dedicated to buffer

memory where the memory management subsystem will begin to clear buffer cache more than other

kinds of memory to compensate for a general lack of free memory.