Commit 13df433f authored by Mauro Carvalho Chehab's avatar Mauro Carvalho Chehab Committed by David S. Miller

docs: networking: convert nf_conntrack-sysctl.txt to ReST

- add SPDX header;
- add a document title;
- mark lists as such;
- add to networking/index.rst.
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent c4d5dff6
...@@ -85,6 +85,7 @@ Contents: ...@@ -85,6 +85,7 @@ Contents:
netdevices netdevices
netfilter-sysctl netfilter-sysctl
netif-msg netif-msg
nf_conntrack-sysctl
.. only:: subproject and html .. only:: subproject and html
......
.. SPDX-License-Identifier: GPL-2.0
===================================
Netfilter Conntrack Sysfs variables
===================================
/proc/sys/net/netfilter/nf_conntrack_* Variables: /proc/sys/net/netfilter/nf_conntrack_* Variables:
=================================================
nf_conntrack_acct - BOOLEAN nf_conntrack_acct - BOOLEAN
0 - disabled (default) - 0 - disabled (default)
not 0 - enabled - not 0 - enabled
Enable connection tracking flow accounting. 64-bit byte and packet Enable connection tracking flow accounting. 64-bit byte and packet
counters per flow are added. counters per flow are added.
...@@ -16,8 +23,8 @@ nf_conntrack_buckets - INTEGER ...@@ -16,8 +23,8 @@ nf_conntrack_buckets - INTEGER
This sysctl is only writeable in the initial net namespace. This sysctl is only writeable in the initial net namespace.
nf_conntrack_checksum - BOOLEAN nf_conntrack_checksum - BOOLEAN
0 - disabled - 0 - disabled
not 0 - enabled (default) - not 0 - enabled (default)
Verify checksum of incoming packets. Packets with bad checksums are Verify checksum of incoming packets. Packets with bad checksums are
in INVALID state. If this is enabled, such packets will not be in INVALID state. If this is enabled, such packets will not be
...@@ -27,8 +34,8 @@ nf_conntrack_count - INTEGER (read-only) ...@@ -27,8 +34,8 @@ nf_conntrack_count - INTEGER (read-only)
Number of currently allocated flow entries. Number of currently allocated flow entries.
nf_conntrack_events - BOOLEAN nf_conntrack_events - BOOLEAN
0 - disabled - 0 - disabled
not 0 - enabled (default) - not 0 - enabled (default)
If this option is enabled, the connection tracking code will If this option is enabled, the connection tracking code will
provide userspace with connection tracking events via ctnetlink. provide userspace with connection tracking events via ctnetlink.
...@@ -62,8 +69,8 @@ nf_conntrack_generic_timeout - INTEGER (seconds) ...@@ -62,8 +69,8 @@ nf_conntrack_generic_timeout - INTEGER (seconds)
protocols. protocols.
nf_conntrack_helper - BOOLEAN nf_conntrack_helper - BOOLEAN
0 - disabled (default) - 0 - disabled (default)
not 0 - enabled - not 0 - enabled
Enable automatic conntrack helper assignment. Enable automatic conntrack helper assignment.
If disabled it is required to set up iptables rules to assign If disabled it is required to set up iptables rules to assign
...@@ -81,14 +88,14 @@ nf_conntrack_icmpv6_timeout - INTEGER (seconds) ...@@ -81,14 +88,14 @@ nf_conntrack_icmpv6_timeout - INTEGER (seconds)
Default for ICMP6 timeout. Default for ICMP6 timeout.
nf_conntrack_log_invalid - INTEGER nf_conntrack_log_invalid - INTEGER
0 - disable (default) - 0 - disable (default)
1 - log ICMP packets - 1 - log ICMP packets
6 - log TCP packets - 6 - log TCP packets
17 - log UDP packets - 17 - log UDP packets
33 - log DCCP packets - 33 - log DCCP packets
41 - log ICMPv6 packets - 41 - log ICMPv6 packets
136 - log UDPLITE packets - 136 - log UDPLITE packets
255 - log packets of any protocol - 255 - log packets of any protocol
Log invalid packets of a type specified by value. Log invalid packets of a type specified by value.
...@@ -97,15 +104,15 @@ nf_conntrack_max - INTEGER ...@@ -97,15 +104,15 @@ nf_conntrack_max - INTEGER
nf_conntrack_buckets value * 4. nf_conntrack_buckets value * 4.
nf_conntrack_tcp_be_liberal - BOOLEAN nf_conntrack_tcp_be_liberal - BOOLEAN
0 - disabled (default) - 0 - disabled (default)
not 0 - enabled - not 0 - enabled
Be conservative in what you do, be liberal in what you accept from others. Be conservative in what you do, be liberal in what you accept from others.
If it's non-zero, we mark only out of window RST segments as INVALID. If it's non-zero, we mark only out of window RST segments as INVALID.
nf_conntrack_tcp_loose - BOOLEAN nf_conntrack_tcp_loose - BOOLEAN
0 - disabled - 0 - disabled
not 0 - enabled (default) - not 0 - enabled (default)
If it is set to zero, we disable picking up already established If it is set to zero, we disable picking up already established
connections. connections.
...@@ -148,8 +155,8 @@ nf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds) ...@@ -148,8 +155,8 @@ nf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds)
default 300 default 300
nf_conntrack_timestamp - BOOLEAN nf_conntrack_timestamp - BOOLEAN
0 - disabled (default) - 0 - disabled (default)
not 0 - enabled - not 0 - enabled
Enable connection tracking flow timestamping. Enable connection tracking flow timestamping.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment