.\" Copyright, the authors of the Linux man-pages project
.\"
.\" SPDX-License-Identifier: Linux-man-pages-copyleft
.\"
.TH proc_sys_net_ipv4 5 (date) "Linux man-pages (unreleased)"
.SH NAME
/proc/sys/net/ipv4/
\-
IPv4
.SH DESCRIPTION
The IP protocol
supports a set of
.I /proc
interfaces to configure some global parameters.
The parameters can be accessed by reading or writing files in the directory
.IR /proc/sys/net/ipv4/ .
.\" FIXME As at 2.6.12, 14 Jun 2005, the following are undocumented:
.\"  /proc/sys/net/ipv4/ip_queue_maxlen
.\"  /proc/sys/net/ipv4/ip_conntrack_max
Interfaces described as
.I Boolean
take an integer value, with a nonzero value ("true") meaning that
the corresponding option is enabled, and a zero value ("false")
meaning that the option is disabled.
.\"
.TP
.IR /proc/sys/net/ipv4/ip_always_defrag " (Boolean; since Linux 2.2.13)"
[New with Linux 2.2.13;
in earlier kernel versions this feature
was controlled at compile time by the
.B CONFIG_IP_ALWAYS_DEFRAG
option; this option is not present in Linux 2.4.x and later]
.IP
When this boolean flag is enabled (not equal 0), incoming fragments
(parts of IP packets
that arose when some host between origin and destination decided
that the packets were too large and cut them into pieces) will be
reassembled (defragmented) before being processed, even if they are
about to be forwarded.
.IP
Enable only if running
either a firewall that is the sole link to your network
or a transparent proxy;
never ever use it for a normal router or host.
Otherwise,
fragmented communication can be disturbed
if the fragments travel over different links.
Defragmentation also has a large memory and CPU time cost.
.IP
This is automagically turned on
when masquerading or transparent proxying are configured.
.\"
.TP
.IR /proc/sys/net/ipv4/ip_autoconfig " (since Linux 2.2 to Linux 2.6.17)"
.\" Precisely: since Linux 2.1.68
.\" FIXME document /proc/sys/net/ipv4/ip_autoconfig
Not documented.
.\"
.TP
.IR /proc/sys/net/ipv4/ip_default_ttl " (integer; default: 64; since Linux 2.2)"
.\" Precisely: since Linux 2.1.15
Set the default time-to-live value of outgoing packets.
This can be changed per socket with the
.B IP_TTL
option.
.\"
.TP
.IR /proc/sys/net/ipv4/ip_dynaddr " (Boolean; default: disabled; since Linux 2.0.31)"
Enable dynamic socket address and masquerading entry rewriting on interface
address change.
This is useful for dialup interface with changing IP addresses.
0 means no rewriting, 1 turns it on and 2 enables verbose mode.
.\"
.TP
.IR /proc/sys/net/ipv4/ip_forward " (Boolean; default: disabled; since Linux 1.2)"
Enable IP forwarding with a boolean flag.
IP forwarding can be also set on a per-interface basis.
.\"
.TP
.IR /proc/sys/net/ipv4/ip_local_port_range " (since Linux 2.2)"
.\" Precisely: since Linux 2.1.68
This file contains two integers that define the default local port range
allocated to sockets that are not explicitly bound to a port number\[em]that
is, the range used for
.IR "ephemeral ports" .
An ephemeral port is allocated to a socket in the following circumstances:
.RS
.IP \[bu] 3
the port number in a socket address is specified as 0 when calling
.BR bind (2);
.IP \[bu]
.BR listen (2)
is called on a stream socket that was not previously bound;
.IP \[bu]
.BR connect (2)
was called on a socket that was not previously bound;
.IP \[bu]
.BR sendto (2)
is called on a datagram socket that was not previously bound.
.RE
.IP
Allocation of ephemeral ports starts with the first number in
.I /proc/sys/net/ipv4/ip_local_port_range
and ends with the second number.
If the range of ephemeral ports is exhausted,
then the relevant system call returns an error (but see BUGS).
.IP
Note that the port range in
.I /proc/sys/net/ipv4/ip_local_port_range
should not conflict with the ports used by masquerading
(although the case is handled).
Also, arbitrary choices may cause problems with some firewall packet
filters that make assumptions about the local ports in use.
The first number should be at least greater than 1024,
or better, greater than 4096, to avoid clashes
with well known ports and to minimize firewall problems.
.\"
.TP
.IR /proc/sys/net/ipv4/ip_no_pmtu_disc " (Boolean; default: disabled; since Linux 2.2)"
.\" Precisely: 2.1.15
If enabled, don't do Path MTU Discovery for TCP sockets by default.
Path MTU discovery may fail if misconfigured firewalls (that drop
all ICMP packets) or misconfigured interfaces (e.g., a point-to-point
link where the both ends don't agree on the MTU) are on the path.
It is better to fix the broken routers on the path than to turn off
Path MTU Discovery globally, because not doing it incurs a high cost
to the network.
.\"
.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt
.TP
.IR /proc/sys/net/ipv4/ip_nonlocal_bind " (Boolean; default: disabled; since Linux 2.4)"
.\" Precisely: patch-2.4.0-test10
If set, allows processes to
.BR bind (2)
to nonlocal IP addresses,
which can be quite useful, but may break some applications.
.\"
.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt
.TP
.IR /proc/sys/net/ipv4/ip6frag_time " (integer; default: 30)"
Time in seconds to keep an IPv6 fragment in memory.
.\"
.\" The following is from Linux 2.6.12: Documentation/networking/ip-sysctl.txt
.TP
.IR /proc/sys/net/ipv4/ip6frag_secret_interval " (integer; default: 600)"
Regeneration interval (in seconds) of the hash secret (or lifetime
for the hash secret) for IPv6 fragments.
.TP
.IR /proc/sys/net/ipv4/ipfrag_high_thresh " (integer)"
.TQ
.IR /proc/sys/net/ipv4/ipfrag_low_thresh " (integer)"
If the amount of queued IP fragments reaches
.IR /proc/sys/net/ipv4/ipfrag_high_thresh ,
the queue is pruned down to
.IR /proc/sys/net/ipv4/ipfrag_low_thresh .
Contains an integer with the number of bytes.
.TP
.IR /proc/sys/net/ipv4/neigh/ *
See
.BR arp (7).
.\" FIXME Document the conf/*/* interfaces
.\"
.\" FIXME Document the route/* interfaces
.SH SEE ALSO
.BR proc (5),
.BR proc_sys_net (5),
.BR ip (7)