X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kernel_hardening_checker%2Fconfig_files%2Fdistros%2Fexample_sysctls.txt;h=e6e8757c5068115b71d8e07db8ecbc4ed93f7767;hb=367dce1fe514e7b9addce74f5ca7c9b8fe1750a6;hp=b00b45e83b6f51cb938a3ea5fa90489a13eb569b;hpb=35f90af9096a0dad868107ea6dc005468badd5c3;p=kconfig-hardened-check.git diff --git a/kernel_hardening_checker/config_files/distros/example_sysctls.txt b/kernel_hardening_checker/config_files/distros/example_sysctls.txt index b00b45e..e6e8757 100644 --- a/kernel_hardening_checker/config_files/distros/example_sysctls.txt +++ b/kernel_hardening_checker/config_files/distros/example_sysctls.txt @@ -1,7 +1,4 @@ abi.vsyscall32 = 1 -crypto.fips_enabled = 0 -crypto.fips_name = Linux Kernel Cryptographic API -crypto.fips_version = 6.4.8-200.fc38.x86_64 debug.exception-trace = 1 debug.kprobes-optimization = 1 dev.cdrom.autoclose = 1 @@ -10,32 +7,30 @@ dev.cdrom.check_media = 0 dev.cdrom.debug = 0 dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17 dev.cdrom.info = -dev.cdrom.info = drive name: -dev.cdrom.info = drive speed: -dev.cdrom.info = drive # of slots: -dev.cdrom.info = Can close tray: -dev.cdrom.info = Can open tray: -dev.cdrom.info = Can lock tray: -dev.cdrom.info = Can change speed: -dev.cdrom.info = Can select disk: -dev.cdrom.info = Can read multisession: -dev.cdrom.info = Can read MCN: -dev.cdrom.info = Reports media changed: -dev.cdrom.info = Can play audio: -dev.cdrom.info = Can write CD-R: -dev.cdrom.info = Can write CD-RW: -dev.cdrom.info = Can read DVD: -dev.cdrom.info = Can write DVD-R: -dev.cdrom.info = Can write DVD-RAM: -dev.cdrom.info = Can read MRW: -dev.cdrom.info = Can write MRW: -dev.cdrom.info = Can write RAM: +dev.cdrom.info = drive name: sr0 +dev.cdrom.info = drive speed: 1 +dev.cdrom.info = drive # of slots: 1 +dev.cdrom.info = Can close tray: 1 +dev.cdrom.info = Can open tray: 1 +dev.cdrom.info = Can lock tray: 1 +dev.cdrom.info = Can change speed: 1 +dev.cdrom.info = Can select disk: 0 +dev.cdrom.info = Can read multisession: 1 +dev.cdrom.info = Can read MCN: 1 +dev.cdrom.info = Reports media changed: 1 +dev.cdrom.info = Can play audio: 1 +dev.cdrom.info = Can write CD-R: 1 +dev.cdrom.info = Can write CD-RW: 1 +dev.cdrom.info = Can read DVD: 1 +dev.cdrom.info = Can write DVD-R: 1 +dev.cdrom.info = Can write DVD-RAM: 1 +dev.cdrom.info = Can read MRW: 1 +dev.cdrom.info = Can write MRW: 1 +dev.cdrom.info = Can write RAM: 1 dev.cdrom.info = dev.cdrom.info = -dev.cdrom.lock = 1 +dev.cdrom.lock = 0 dev.hpet.max-user-freq = 64 -dev.i915.oa_max_sample_rate = 100000 -dev.i915.perf_stream_paranoid = 1 dev.mac_hid.mouse_button2_keycode = 97 dev.mac_hid.mouse_button3_keycode = 100 dev.mac_hid.mouse_button_emulation = 0 @@ -43,209 +38,22 @@ dev.raid.speed_limit_max = 200000 dev.raid.speed_limit_min = 1000 dev.scsi.logging_level = 0 dev.tty.ldisc_autoload = 1 -dev.tty.legacy_tiocsti = 0 -fs.aio-max-nr = 1048576 +fs.aio-max-nr = 65536 fs.aio-nr = 0 -fs.binfmt_misc.qemu-xtensaeb = enabled -fs.binfmt_misc.qemu-xtensaeb = interpreter /usr/bin/qemu-xtensaeb-static -fs.binfmt_misc.qemu-xtensaeb = flags: F -fs.binfmt_misc.qemu-xtensaeb = offset 0 -fs.binfmt_misc.qemu-xtensaeb = magic 7f454c460102010000000000000000000002005e -fs.binfmt_misc.qemu-xtensaeb = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-xtensa = enabled -fs.binfmt_misc.qemu-xtensa = interpreter /usr/bin/qemu-xtensa-static -fs.binfmt_misc.qemu-xtensa = flags: F -fs.binfmt_misc.qemu-xtensa = offset 0 -fs.binfmt_misc.qemu-xtensa = magic 7f454c4601010100000000000000000002005e00 -fs.binfmt_misc.qemu-xtensa = mask ffffffffffffff00fffffffffffffffffeffffff -fs.binfmt_misc.qemu-sparc64 = enabled -fs.binfmt_misc.qemu-sparc64 = interpreter /usr/bin/qemu-sparc64-static -fs.binfmt_misc.qemu-sparc64 = flags: F -fs.binfmt_misc.qemu-sparc64 = offset 0 -fs.binfmt_misc.qemu-sparc64 = magic 7f454c460202010000000000000000000002002b -fs.binfmt_misc.qemu-sparc64 = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-sparc32plus = enabled -fs.binfmt_misc.qemu-sparc32plus = interpreter /usr/bin/qemu-sparc32plus-static -fs.binfmt_misc.qemu-sparc32plus = flags: F -fs.binfmt_misc.qemu-sparc32plus = offset 0 -fs.binfmt_misc.qemu-sparc32plus = magic 7f454c4601020100000000000000000000020012 -fs.binfmt_misc.qemu-sparc32plus = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-sparc = enabled -fs.binfmt_misc.qemu-sparc = interpreter /usr/bin/qemu-sparc-static -fs.binfmt_misc.qemu-sparc = flags: F -fs.binfmt_misc.qemu-sparc = offset 0 -fs.binfmt_misc.qemu-sparc = magic 7f454c4601020100000000000000000000020002 -fs.binfmt_misc.qemu-sparc = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-sh4eb = enabled -fs.binfmt_misc.qemu-sh4eb = interpreter /usr/bin/qemu-sh4eb-static -fs.binfmt_misc.qemu-sh4eb = flags: F -fs.binfmt_misc.qemu-sh4eb = offset 0 -fs.binfmt_misc.qemu-sh4eb = magic 7f454c460102010000000000000000000002002a -fs.binfmt_misc.qemu-sh4eb = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-sh4 = enabled -fs.binfmt_misc.qemu-sh4 = interpreter /usr/bin/qemu-sh4-static -fs.binfmt_misc.qemu-sh4 = flags: F -fs.binfmt_misc.qemu-sh4 = offset 0 -fs.binfmt_misc.qemu-sh4 = magic 7f454c4601010100000000000000000002002a00 -fs.binfmt_misc.qemu-sh4 = mask ffffffffffffff00fffffffffffffffffeffffff -fs.binfmt_misc.qemu-s390x = enabled -fs.binfmt_misc.qemu-s390x = interpreter /usr/bin/qemu-s390x-static -fs.binfmt_misc.qemu-s390x = flags: F -fs.binfmt_misc.qemu-s390x = offset 0 -fs.binfmt_misc.qemu-s390x = magic 7f454c4602020100000000000000000000020016 -fs.binfmt_misc.qemu-s390x = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-riscv64 = enabled -fs.binfmt_misc.qemu-riscv64 = interpreter /usr/bin/qemu-riscv64-static -fs.binfmt_misc.qemu-riscv64 = flags: F -fs.binfmt_misc.qemu-riscv64 = offset 0 -fs.binfmt_misc.qemu-riscv64 = magic 7f454c460201010000000000000000000200f300 -fs.binfmt_misc.qemu-riscv64 = mask ffffffffffffff00fffffffffffffffffeffffff -fs.binfmt_misc.qemu-riscv32 = enabled -fs.binfmt_misc.qemu-riscv32 = interpreter /usr/bin/qemu-riscv32-static -fs.binfmt_misc.qemu-riscv32 = flags: F -fs.binfmt_misc.qemu-riscv32 = offset 0 -fs.binfmt_misc.qemu-riscv32 = magic 7f454c460101010000000000000000000200f300 -fs.binfmt_misc.qemu-riscv32 = mask ffffffffffffff00fffffffffffffffffeffffff -fs.binfmt_misc.qemu-ppc64le = enabled -fs.binfmt_misc.qemu-ppc64le = interpreter /usr/bin/qemu-ppc64le-static -fs.binfmt_misc.qemu-ppc64le = flags: F -fs.binfmt_misc.qemu-ppc64le = offset 0 -fs.binfmt_misc.qemu-ppc64le = magic 7f454c4602010100000000000000000002001500 -fs.binfmt_misc.qemu-ppc64le = mask ffffffffffffff00fffffffffffffffffeffff00 -fs.binfmt_misc.qemu-ppc64 = enabled -fs.binfmt_misc.qemu-ppc64 = interpreter /usr/bin/qemu-ppc64-static -fs.binfmt_misc.qemu-ppc64 = flags: F -fs.binfmt_misc.qemu-ppc64 = offset 0 -fs.binfmt_misc.qemu-ppc64 = magic 7f454c4602020100000000000000000000020015 -fs.binfmt_misc.qemu-ppc64 = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-ppc = enabled -fs.binfmt_misc.qemu-ppc = interpreter /usr/bin/qemu-ppc-static -fs.binfmt_misc.qemu-ppc = flags: F -fs.binfmt_misc.qemu-ppc = offset 0 -fs.binfmt_misc.qemu-ppc = magic 7f454c4601020100000000000000000000020014 -fs.binfmt_misc.qemu-ppc = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-or1k = enabled -fs.binfmt_misc.qemu-or1k = interpreter /usr/bin/qemu-or1k-static -fs.binfmt_misc.qemu-or1k = flags: F -fs.binfmt_misc.qemu-or1k = offset 0 -fs.binfmt_misc.qemu-or1k = magic 7f454c460102010000000000000000000002005c -fs.binfmt_misc.qemu-or1k = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-mipsn32el = enabled -fs.binfmt_misc.qemu-mipsn32el = interpreter /usr/bin/qemu-mipsn32el-static -fs.binfmt_misc.qemu-mipsn32el = flags: F -fs.binfmt_misc.qemu-mipsn32el = offset 0 -fs.binfmt_misc.qemu-mipsn32el = magic 7f454c46010101000000000000000000020008000100000000000000000000000000000020000000 -fs.binfmt_misc.qemu-mipsn32el = mask ffffffffffffff0000fffffffffffffffeffffffffffffff00000000000000000000000020000000 -fs.binfmt_misc.qemu-mipsn32 = enabled -fs.binfmt_misc.qemu-mipsn32 = interpreter /usr/bin/qemu-mipsn32-static -fs.binfmt_misc.qemu-mipsn32 = flags: F -fs.binfmt_misc.qemu-mipsn32 = offset 0 -fs.binfmt_misc.qemu-mipsn32 = magic 7f454c46010201000000000000000000000200080000000100000000000000000000000000000020 -fs.binfmt_misc.qemu-mipsn32 = mask ffffffffffffff0000fffffffffffffffffeffffffffffff00000000000000000000000000000020 -fs.binfmt_misc.qemu-mipsel = enabled -fs.binfmt_misc.qemu-mipsel = interpreter /usr/bin/qemu-mipsel-static -fs.binfmt_misc.qemu-mipsel = flags: F -fs.binfmt_misc.qemu-mipsel = offset 0 -fs.binfmt_misc.qemu-mipsel = magic 7f454c46010101000000000000000000020008000100000000000000000000000000000000000000 -fs.binfmt_misc.qemu-mipsel = mask ffffffffffffff0000fffffffffffffffeffffffffffffff00000000000000000000000020000000 -fs.binfmt_misc.qemu-mips64el = enabled -fs.binfmt_misc.qemu-mips64el = interpreter /usr/bin/qemu-mips64el-static -fs.binfmt_misc.qemu-mips64el = flags: F -fs.binfmt_misc.qemu-mips64el = offset 0 -fs.binfmt_misc.qemu-mips64el = magic 7f454c4602010100000000000000000002000800 -fs.binfmt_misc.qemu-mips64el = mask ffffffffffffff0000fffffffffffffffeffffff -fs.binfmt_misc.qemu-mips64 = enabled -fs.binfmt_misc.qemu-mips64 = interpreter /usr/bin/qemu-mips64-static -fs.binfmt_misc.qemu-mips64 = flags: F -fs.binfmt_misc.qemu-mips64 = offset 0 -fs.binfmt_misc.qemu-mips64 = magic 7f454c4602020100000000000000000000020008 -fs.binfmt_misc.qemu-mips64 = mask ffffffffffffff0000fffffffffffffffffeffff -fs.binfmt_misc.qemu-mips = enabled -fs.binfmt_misc.qemu-mips = interpreter /usr/bin/qemu-mips-static -fs.binfmt_misc.qemu-mips = flags: F -fs.binfmt_misc.qemu-mips = offset 0 -fs.binfmt_misc.qemu-mips = magic 7f454c46010201000000000000000000000200080000000100000000000000000000000000000000 -fs.binfmt_misc.qemu-mips = mask ffffffffffffff0000fffffffffffffffffeffffffffffff00000000000000000000000000000020 -fs.binfmt_misc.qemu-microblazeel = enabled -fs.binfmt_misc.qemu-microblazeel = interpreter /usr/bin/qemu-microblazeel-static -fs.binfmt_misc.qemu-microblazeel = flags: F -fs.binfmt_misc.qemu-microblazeel = offset 0 -fs.binfmt_misc.qemu-microblazeel = magic 7f454c460101010000000000000000000200abba -fs.binfmt_misc.qemu-microblazeel = mask ffffffffffffff00fffffffffffffffffeffffff -fs.binfmt_misc.qemu-microblaze = enabled -fs.binfmt_misc.qemu-microblaze = interpreter /usr/bin/qemu-microblaze-static -fs.binfmt_misc.qemu-microblaze = flags: F -fs.binfmt_misc.qemu-microblaze = offset 0 -fs.binfmt_misc.qemu-microblaze = magic 7f454c460102010000000000000000000200baab -fs.binfmt_misc.qemu-microblaze = mask ffffffffffffff00fffffffffffffffffeffffff -fs.binfmt_misc.qemu-m68k = enabled -fs.binfmt_misc.qemu-m68k = interpreter /usr/bin/qemu-m68k-static -fs.binfmt_misc.qemu-m68k = flags: F -fs.binfmt_misc.qemu-m68k = offset 0 -fs.binfmt_misc.qemu-m68k = magic 7f454c4601020100000000000000000000020004 -fs.binfmt_misc.qemu-m68k = mask fffffffffffffe00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-loongarch64 = enabled -fs.binfmt_misc.qemu-loongarch64 = interpreter /usr/bin/qemu-loongarch64-static -fs.binfmt_misc.qemu-loongarch64 = flags: F -fs.binfmt_misc.qemu-loongarch64 = offset 0 -fs.binfmt_misc.qemu-loongarch64 = magic 7f454c4602010100000000000000000002000201 -fs.binfmt_misc.qemu-loongarch64 = mask fffffffffffffffc00fffffffffffffffeffffff -fs.binfmt_misc.qemu-hppa = enabled -fs.binfmt_misc.qemu-hppa = interpreter /usr/bin/qemu-hppa-static -fs.binfmt_misc.qemu-hppa = flags: F -fs.binfmt_misc.qemu-hppa = offset 0 -fs.binfmt_misc.qemu-hppa = magic 7f454c460102010000000000000000000002000f -fs.binfmt_misc.qemu-hppa = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-hexagon = enabled -fs.binfmt_misc.qemu-hexagon = interpreter /usr/bin/qemu-hexagon-static -fs.binfmt_misc.qemu-hexagon = flags: F -fs.binfmt_misc.qemu-hexagon = offset 0 -fs.binfmt_misc.qemu-hexagon = magic 7f454c460101010000000000000000000200a400 -fs.binfmt_misc.qemu-hexagon = mask ffffffffffffff00fffffffffffffffffeffffff -fs.binfmt_misc.qemu-armeb = enabled -fs.binfmt_misc.qemu-armeb = interpreter /usr/bin/qemu-armeb-static -fs.binfmt_misc.qemu-armeb = flags: F -fs.binfmt_misc.qemu-armeb = offset 0 -fs.binfmt_misc.qemu-armeb = magic 7f454c4601020100000000000000000000020028 -fs.binfmt_misc.qemu-armeb = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-arm = enabled -fs.binfmt_misc.qemu-arm = interpreter /usr/bin/qemu-arm-static -fs.binfmt_misc.qemu-arm = flags: F -fs.binfmt_misc.qemu-arm = offset 0 -fs.binfmt_misc.qemu-arm = magic 7f454c4601010100000000000000000002002800 -fs.binfmt_misc.qemu-arm = mask ffffffffffffff00fffffffffffffffffeffffff -fs.binfmt_misc.qemu-alpha = enabled -fs.binfmt_misc.qemu-alpha = interpreter /usr/bin/qemu-alpha-static -fs.binfmt_misc.qemu-alpha = flags: F -fs.binfmt_misc.qemu-alpha = offset 0 -fs.binfmt_misc.qemu-alpha = magic 7f454c4602010100000000000000000002002690 -fs.binfmt_misc.qemu-alpha = mask fffffffffffefe00fffffffffffffffffeffffff -fs.binfmt_misc.qemu-aarch64_be = enabled -fs.binfmt_misc.qemu-aarch64_be = interpreter /usr/bin/qemu-aarch64_be-static -fs.binfmt_misc.qemu-aarch64_be = flags: F -fs.binfmt_misc.qemu-aarch64_be = offset 0 -fs.binfmt_misc.qemu-aarch64_be = magic 7f454c46020201000000000000000000000200b7 -fs.binfmt_misc.qemu-aarch64_be = mask ffffffffffffff00fffffffffffffffffffeffff -fs.binfmt_misc.qemu-aarch64 = enabled -fs.binfmt_misc.qemu-aarch64 = interpreter /usr/bin/qemu-aarch64-static -fs.binfmt_misc.qemu-aarch64 = flags: F -fs.binfmt_misc.qemu-aarch64 = offset 0 -fs.binfmt_misc.qemu-aarch64 = magic 7f454c460201010000000000000000000200b700 -fs.binfmt_misc.qemu-aarch64 = mask ffffffffffffff00fffffffffffffffffeffffff fs.binfmt_misc.status = enabled -fs.dentry-state = 96160 60449 45 0 18216 0 +fs.dentry-state = 371268 317893 45 0 59993 0 fs.dir-notify-enable = 1 -fs.epoll.max_user_watches = 1767869 +fs.epoll.max_user_watches = 1779801 fs.fanotify.max_queued_events = 16384 fs.fanotify.max_user_groups = 128 -fs.fanotify.max_user_marks = 64337 -fs.file-max = 9223372036854775807 -fs.file-nr = 16182 0 9223372036854775807 -fs.inode-nr = 78029 667 -fs.inode-state = 78029 667 0 0 0 0 0 +fs.fanotify.max_user_marks = 64771 +fs.file-max = 1000000 +fs.file-nr = 3552 0 1000000 +fs.inode-nr = 318298 27310 +fs.inode-state = 318298 27310 0 0 0 0 0 fs.inotify.max_queued_events = 16384 fs.inotify.max_user_instances = 128 -fs.inotify.max_user_watches = 60507 +fs.inotify.max_user_watches = 60915 fs.lease-break-time = 45 fs.leases-enable = 1 fs.mount-max = 100000 @@ -254,7 +62,7 @@ fs.mqueue.msg_max = 10 fs.mqueue.msgsize_default = 8192 fs.mqueue.msgsize_max = 8192 fs.mqueue.queues_max = 256 -fs.nr_open = 1073741816 +fs.nr_open = 1048576 fs.overflowgid = 65534 fs.overflowuid = 65534 fs.pipe-max-size = 1048576 @@ -262,7 +70,7 @@ fs.pipe-user-pages-hard = 0 fs.pipe-user-pages-soft = 16384 fs.protected_fifos = 1 fs.protected_hardlinks = 1 -fs.protected_regular = 1 +fs.protected_regular = 2 fs.protected_symlinks = 1 fs.quota.allocated_dquots = 0 fs.quota.cache_hits = 0 @@ -270,23 +78,24 @@ fs.quota.drops = 0 fs.quota.free_dquots = 0 fs.quota.lookups = 0 fs.quota.reads = 0 -fs.quota.syncs = 28 +fs.quota.syncs = 8 fs.quota.writes = 0 fs.suid_dumpable = 2 +fs.verity.require_signatures = 0 kernel.acct = 4 2 30 kernel.acpi_video_flags = 0 -kernel.arch = x86_64 +kernel.apparmor_display_secid_mode = 0 kernel.auto_msgmni = 0 -kernel.bootloader_type = 6 -kernel.bootloader_version = 38 +kernel.bootloader_type = 114 +kernel.bootloader_version = 2 kernel.bpf_stats_enabled = 0 kernel.cad_pid = 1 kernel.cap_last_cap = 40 -kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h -kernel.core_pipe_limit = 16 +kernel.core_pattern = |/usr/share/apport/apport %p %s %c %d %P %E +kernel.core_pipe_limit = 0 kernel.core_uses_pid = 1 kernel.ctrl-alt-del = 0 -kernel.dmesg_restrict = 0 +kernel.dmesg_restrict = 1 kernel.domainname = (none) kernel.firmware_config.force_sysfs_fallback = 0 kernel.firmware_config.ignore_sysfs_fallback = 0 @@ -294,22 +103,26 @@ kernel.ftrace_dump_on_oops = 0 kernel.ftrace_enabled = 1 kernel.hardlockup_all_cpu_backtrace = 0 kernel.hardlockup_panic = 0 -kernel.hostname = hackbase -kernel.io_delay_type = 0 +kernel.hostname = u2204oval +kernel.hotplug = +kernel.hung_task_all_cpu_backtrace = 0 +kernel.hung_task_check_count = 4194304 +kernel.hung_task_check_interval_secs = 0 +kernel.hung_task_panic = 0 +kernel.hung_task_timeout_secs = 120 +kernel.hung_task_warnings = 10 +kernel.io_delay_type = 1 kernel.kexec_load_disabled = 0 -kernel.kexec_load_limit_panic = -1 -kernel.kexec_load_limit_reboot = -1 kernel.keys.gc_delay = 300 kernel.keys.maxbytes = 20000 kernel.keys.maxkeys = 200 kernel.keys.persistent_keyring_expiry = 259200 kernel.keys.root_maxbytes = 25000000 kernel.keys.root_maxkeys = 1000000 -kernel.kptr_restrict = 0 -kernel.latencytop = 0 +kernel.kptr_restrict = 1 kernel.max_lock_depth = 1024 kernel.max_rcu_stall_to_panic = 0 -kernel.modprobe = /usr/sbin/modprobe +kernel.modprobe = /sbin/modprobe kernel.modules_disabled = 0 kernel.msg_next_id = -1 kernel.msgmax = 8192 @@ -317,12 +130,10 @@ kernel.msgmnb = 16384 kernel.msgmni = 32000 kernel.ngroups_max = 65536 kernel.nmi_watchdog = 0 -kernel.ns_last_pid = 48542 +kernel.ns_last_pid = 2810585 kernel.numa_balancing = 0 -kernel.numa_balancing_promote_rate_limit_MBps = 65536 kernel.oops_all_cpu_backtrace = 0 -kernel.oops_limit = 10000 -kernel.osrelease = 6.4.8-200.fc38.x86_64 +kernel.osrelease = 5.15.0-25-generic kernel.ostype = Linux kernel.overflowgid = 65534 kernel.overflowuid = 65534 @@ -338,24 +149,24 @@ kernel.perf_event_max_contexts_per_stack = 8 kernel.perf_event_max_sample_rate = 100000 kernel.perf_event_max_stack = 127 kernel.perf_event_mlock_kb = 516 -kernel.perf_event_paranoid = 2 +kernel.perf_event_paranoid = 4 kernel.pid_max = 4194304 kernel.poweroff_cmd = /sbin/poweroff kernel.print-fatal-signals = 0 -kernel.printk = 3 4 1 7 +kernel.printk = 4 4 1 7 kernel.printk_delay = 0 kernel.printk_devkmsg = on kernel.printk_ratelimit = 5 kernel.printk_ratelimit_burst = 10 kernel.pty.max = 4096 -kernel.pty.nr = 3 +kernel.pty.nr = 1 kernel.pty.reserve = 1024 -kernel.random.boot_id = a3fc96e7-cd1a-4216-ac1f-99485abfbaac -kernel.random.entropy_avail = 256 -kernel.random.poolsize = 256 +kernel.random.boot_id = 22aedd89-1172-4dbf-8984-99343adac9be +kernel.random.entropy_avail = 3451 +kernel.random.poolsize = 4096 kernel.random.urandom_min_reseed_secs = 60 -kernel.random.uuid = 9f8b5443-1ebf-4bbe-b291-3765969e3049 -kernel.random.write_wakeup_threshold = 256 +kernel.random.uuid = 5dbb0c08-8fd4-4537-bc4b-339cd0830e85 +kernel.random.write_wakeup_threshold = 896 kernel.randomize_va_space = 2 kernel.real-root-dev = 0 kernel.sched_autogroup_enabled = 1 @@ -368,42 +179,52 @@ kernel.sched_rr_timeslice_ms = 100 kernel.sched_rt_period_us = 1000000 kernel.sched_rt_runtime_us = 950000 kernel.sched_schedstats = 0 +kernel.sched_util_clamp_max = 1024 +kernel.sched_util_clamp_min = 1024 +kernel.sched_util_clamp_min_rt_default = 1024 kernel.seccomp.actions_avail = kill_process kill_thread trap errno user_notif trace log allow kernel.seccomp.actions_logged = kill_process kill_thread trap errno user_notif trace log -kernel.sem = 32000 1024000000 500 32000 +kernel.sem = 250 32000 32 275 kernel.sem_next_id = -1 +kernel.sg-big-buff = 32768 kernel.shm_next_id = -1 kernel.shm_rmid_forced = 0 -kernel.shmall = 18446744073692774399 -kernel.shmmax = 18446744073692774399 +kernel.shmall = 4194304 +kernel.shmmax = 17179869184 kernel.shmmni = 4096 kernel.soft_watchdog = 1 kernel.softlockup_all_cpu_backtrace = 0 kernel.softlockup_panic = 0 -kernel.split_lock_mitigate = 1 kernel.stack_tracer_enabled = 0 kernel.sysctl_writes_strict = 1 -kernel.sysrq = 16 +kernel.sysrq = 176 kernel.tainted = 0 kernel.task_delayacct = 0 -kernel.threads-max = 62043 +kernel.threads-max = 62462 kernel.timer_migration = 1 kernel.traceoff_on_warning = 0 kernel.tracepoint_printk = 0 kernel.unknown_nmi_panic = 0 -kernel.unprivileged_bpf_disabled = 1 +kernel.unprivileged_bpf_disabled = 2 +kernel.unprivileged_userns_apparmor_policy = 1 +kernel.unprivileged_userns_clone = 1 kernel.usermodehelper.bset = 4294967295 511 kernel.usermodehelper.inheritable = 4294967295 511 -kernel.version = #1 SMP PREEMPT_DYNAMIC Thu Aug 3 21:44:06 UTC 2023 -kernel.warn_limit = 0 +kernel.version = #25-Ubuntu SMP Wed Mar 30 15:54:22 UTC 2022 kernel.watchdog = 1 -kernel.watchdog_cpumask = 0-3 +kernel.watchdog_cpumask = 0-127 kernel.watchdog_thresh = 10 -kernel.yama.ptrace_scope = 0 +kernel.yama.ptrace_scope = 1 +net.bridge.bridge-nf-call-arptables = 1 +net.bridge.bridge-nf-call-ip6tables = 1 +net.bridge.bridge-nf-call-iptables = 1 +net.bridge.bridge-nf-filter-pppoe-tagged = 0 +net.bridge.bridge-nf-filter-vlan-tagged = 0 +net.bridge.bridge-nf-pass-vlan-input-dev = 0 net.core.bpf_jit_enable = 1 net.core.bpf_jit_harden = 0 net.core.bpf_jit_kallsyms = 1 -net.core.bpf_jit_limit = 528482304 +net.core.bpf_jit_limit = 264241152 net.core.busy_poll = 0 net.core.busy_read = 0 net.core.default_qdisc = fq_codel @@ -412,7 +233,7 @@ net.core.dev_weight_rx_bias = 1 net.core.dev_weight_tx_bias = 1 net.core.devconf_inherit_init_net = 0 net.core.fb_tunnels_only_for_init_net = 0 -net.core.flow_limit_cpu_bitmap = 0 +net.core.flow_limit_cpu_bitmap = 00000000,00000000,00000000,00000000 net.core.flow_limit_table_len = 4096 net.core.gro_normal_batch = 8 net.core.high_order_alloc_disable = 0 @@ -420,20 +241,17 @@ net.core.max_skb_frags = 17 net.core.message_burst = 10 net.core.message_cost = 5 net.core.netdev_budget = 300 -net.core.netdev_budget_usecs = 2000 +net.core.netdev_budget_usecs = 8000 net.core.netdev_max_backlog = 1000 -net.core.netdev_rss_key = 07:7f:94:66:b3:d5:a3:4d:3a:9a:25:9a:b7:19:93:8d:25:ea:b3:83:32:1f:13:87:5d:f9:f9:14:60:ec:0b:1c:b8:d3:b0:a9:e7:70:97:a1:ce:c8:ef:82:9c:f3:a2:18:fc:4f:4c:24 +net.core.netdev_rss_key = e1:ca:53:a8:12:b0:cc:46:ba:45:59:ad:99:fd:56:e3:0d:e3:d5:91:46:60:f8:3c:e0:7b:32:6a:00:ea:44:73:07:1e:2a:3f:9c:1d:32:3b:3e:12:ed:0b:5c:35:82:30:71:0c:69:73 net.core.netdev_tstamp_prequeue = 1 net.core.netdev_unregister_timeout_secs = 10 -net.core.optmem_max = 81920 +net.core.optmem_max = 20480 net.core.rmem_default = 212992 net.core.rmem_max = 212992 -net.core.rps_default_mask = 0 net.core.rps_sock_flow_entries = 0 -net.core.skb_defer_max = 64 -net.core.somaxconn = 4096 +net.core.somaxconn = 1024 net.core.tstamp_allow_data = 1 -net.core.txrehash = 1 net.core.warnings = 0 net.core.wmem_default = 212992 net.core.wmem_max = 212992 @@ -450,7 +268,6 @@ net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.arp_accept = 0 net.ipv4.conf.all.arp_announce = 0 -net.ipv4.conf.all.arp_evict_nocarrier = 1 net.ipv4.conf.all.arp_filter = 0 net.ipv4.conf.all.arp_ignore = 0 net.ipv4.conf.all.arp_notify = 0 @@ -472,7 +289,7 @@ net.ipv4.conf.all.promote_secondaries = 0 net.ipv4.conf.all.proxy_arp = 0 net.ipv4.conf.all.proxy_arp_pvlan = 0 net.ipv4.conf.all.route_localnet = 0 -net.ipv4.conf.all.rp_filter = 0 +net.ipv4.conf.all.rp_filter = 2 net.ipv4.conf.all.secure_redirects = 1 net.ipv4.conf.all.send_redirects = 1 net.ipv4.conf.all.shared_media = 1 @@ -483,7 +300,6 @@ net.ipv4.conf.default.accept_redirects = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.arp_accept = 0 net.ipv4.conf.default.arp_announce = 0 -net.ipv4.conf.default.arp_evict_nocarrier = 1 net.ipv4.conf.default.arp_filter = 0 net.ipv4.conf.default.arp_ignore = 0 net.ipv4.conf.default.arp_notify = 0 @@ -511,45 +327,75 @@ net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.default.shared_media = 1 net.ipv4.conf.default.src_valid_mark = 0 net.ipv4.conf.default.tag = 0 -net.ipv4.conf.enp0s31f6.accept_local = 0 -net.ipv4.conf.enp0s31f6.accept_redirects = 1 -net.ipv4.conf.enp0s31f6.accept_source_route = 0 -net.ipv4.conf.enp0s31f6.arp_accept = 0 -net.ipv4.conf.enp0s31f6.arp_announce = 0 -net.ipv4.conf.enp0s31f6.arp_evict_nocarrier = 1 -net.ipv4.conf.enp0s31f6.arp_filter = 0 -net.ipv4.conf.enp0s31f6.arp_ignore = 0 -net.ipv4.conf.enp0s31f6.arp_notify = 0 -net.ipv4.conf.enp0s31f6.bc_forwarding = 0 -net.ipv4.conf.enp0s31f6.bootp_relay = 0 -net.ipv4.conf.enp0s31f6.disable_policy = 0 -net.ipv4.conf.enp0s31f6.disable_xfrm = 0 -net.ipv4.conf.enp0s31f6.drop_gratuitous_arp = 0 -net.ipv4.conf.enp0s31f6.drop_unicast_in_l2_multicast = 0 -net.ipv4.conf.enp0s31f6.force_igmp_version = 0 -net.ipv4.conf.enp0s31f6.forwarding = 1 -net.ipv4.conf.enp0s31f6.igmpv2_unsolicited_report_interval = 10000 -net.ipv4.conf.enp0s31f6.igmpv3_unsolicited_report_interval = 1000 -net.ipv4.conf.enp0s31f6.ignore_routes_with_linkdown = 0 -net.ipv4.conf.enp0s31f6.log_martians = 0 -net.ipv4.conf.enp0s31f6.mc_forwarding = 0 -net.ipv4.conf.enp0s31f6.medium_id = 0 -net.ipv4.conf.enp0s31f6.promote_secondaries = 1 -net.ipv4.conf.enp0s31f6.proxy_arp = 0 -net.ipv4.conf.enp0s31f6.proxy_arp_pvlan = 0 -net.ipv4.conf.enp0s31f6.route_localnet = 0 -net.ipv4.conf.enp0s31f6.rp_filter = 2 -net.ipv4.conf.enp0s31f6.secure_redirects = 1 -net.ipv4.conf.enp0s31f6.send_redirects = 1 -net.ipv4.conf.enp0s31f6.shared_media = 1 -net.ipv4.conf.enp0s31f6.src_valid_mark = 0 -net.ipv4.conf.enp0s31f6.tag = 0 +net.ipv4.conf.docker0.accept_local = 0 +net.ipv4.conf.docker0.accept_redirects = 1 +net.ipv4.conf.docker0.accept_source_route = 0 +net.ipv4.conf.docker0.arp_accept = 0 +net.ipv4.conf.docker0.arp_announce = 0 +net.ipv4.conf.docker0.arp_filter = 0 +net.ipv4.conf.docker0.arp_ignore = 0 +net.ipv4.conf.docker0.arp_notify = 0 +net.ipv4.conf.docker0.bc_forwarding = 0 +net.ipv4.conf.docker0.bootp_relay = 0 +net.ipv4.conf.docker0.disable_policy = 0 +net.ipv4.conf.docker0.disable_xfrm = 0 +net.ipv4.conf.docker0.drop_gratuitous_arp = 0 +net.ipv4.conf.docker0.drop_unicast_in_l2_multicast = 0 +net.ipv4.conf.docker0.force_igmp_version = 0 +net.ipv4.conf.docker0.forwarding = 1 +net.ipv4.conf.docker0.igmpv2_unsolicited_report_interval = 10000 +net.ipv4.conf.docker0.igmpv3_unsolicited_report_interval = 1000 +net.ipv4.conf.docker0.ignore_routes_with_linkdown = 0 +net.ipv4.conf.docker0.log_martians = 0 +net.ipv4.conf.docker0.mc_forwarding = 0 +net.ipv4.conf.docker0.medium_id = 0 +net.ipv4.conf.docker0.promote_secondaries = 1 +net.ipv4.conf.docker0.proxy_arp = 0 +net.ipv4.conf.docker0.proxy_arp_pvlan = 0 +net.ipv4.conf.docker0.route_localnet = 0 +net.ipv4.conf.docker0.rp_filter = 2 +net.ipv4.conf.docker0.secure_redirects = 1 +net.ipv4.conf.docker0.send_redirects = 1 +net.ipv4.conf.docker0.shared_media = 1 +net.ipv4.conf.docker0.src_valid_mark = 0 +net.ipv4.conf.docker0.tag = 0 +net.ipv4.conf.ens160.accept_local = 0 +net.ipv4.conf.ens160.accept_redirects = 1 +net.ipv4.conf.ens160.accept_source_route = 0 +net.ipv4.conf.ens160.arp_accept = 0 +net.ipv4.conf.ens160.arp_announce = 0 +net.ipv4.conf.ens160.arp_filter = 0 +net.ipv4.conf.ens160.arp_ignore = 0 +net.ipv4.conf.ens160.arp_notify = 0 +net.ipv4.conf.ens160.bc_forwarding = 0 +net.ipv4.conf.ens160.bootp_relay = 0 +net.ipv4.conf.ens160.disable_policy = 0 +net.ipv4.conf.ens160.disable_xfrm = 0 +net.ipv4.conf.ens160.drop_gratuitous_arp = 0 +net.ipv4.conf.ens160.drop_unicast_in_l2_multicast = 0 +net.ipv4.conf.ens160.force_igmp_version = 0 +net.ipv4.conf.ens160.forwarding = 1 +net.ipv4.conf.ens160.igmpv2_unsolicited_report_interval = 10000 +net.ipv4.conf.ens160.igmpv3_unsolicited_report_interval = 1000 +net.ipv4.conf.ens160.ignore_routes_with_linkdown = 0 +net.ipv4.conf.ens160.log_martians = 0 +net.ipv4.conf.ens160.mc_forwarding = 0 +net.ipv4.conf.ens160.medium_id = 0 +net.ipv4.conf.ens160.promote_secondaries = 1 +net.ipv4.conf.ens160.proxy_arp = 0 +net.ipv4.conf.ens160.proxy_arp_pvlan = 0 +net.ipv4.conf.ens160.route_localnet = 0 +net.ipv4.conf.ens160.rp_filter = 2 +net.ipv4.conf.ens160.secure_redirects = 1 +net.ipv4.conf.ens160.send_redirects = 1 +net.ipv4.conf.ens160.shared_media = 1 +net.ipv4.conf.ens160.src_valid_mark = 0 +net.ipv4.conf.ens160.tag = 0 net.ipv4.conf.lo.accept_local = 0 net.ipv4.conf.lo.accept_redirects = 1 net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.lo.arp_accept = 0 net.ipv4.conf.lo.arp_announce = 0 -net.ipv4.conf.lo.arp_evict_nocarrier = 1 net.ipv4.conf.lo.arp_filter = 0 net.ipv4.conf.lo.arp_ignore = 0 net.ipv4.conf.lo.arp_notify = 0 @@ -577,105 +423,6 @@ net.ipv4.conf.lo.send_redirects = 1 net.ipv4.conf.lo.shared_media = 1 net.ipv4.conf.lo.src_valid_mark = 0 net.ipv4.conf.lo.tag = 0 -net.ipv4.conf.tun0.accept_local = 0 -net.ipv4.conf.tun0.accept_redirects = 1 -net.ipv4.conf.tun0.accept_source_route = 0 -net.ipv4.conf.tun0.arp_accept = 0 -net.ipv4.conf.tun0.arp_announce = 0 -net.ipv4.conf.tun0.arp_evict_nocarrier = 1 -net.ipv4.conf.tun0.arp_filter = 0 -net.ipv4.conf.tun0.arp_ignore = 0 -net.ipv4.conf.tun0.arp_notify = 0 -net.ipv4.conf.tun0.bc_forwarding = 0 -net.ipv4.conf.tun0.bootp_relay = 0 -net.ipv4.conf.tun0.disable_policy = 0 -net.ipv4.conf.tun0.disable_xfrm = 0 -net.ipv4.conf.tun0.drop_gratuitous_arp = 0 -net.ipv4.conf.tun0.drop_unicast_in_l2_multicast = 0 -net.ipv4.conf.tun0.force_igmp_version = 0 -net.ipv4.conf.tun0.forwarding = 1 -net.ipv4.conf.tun0.igmpv2_unsolicited_report_interval = 10000 -net.ipv4.conf.tun0.igmpv3_unsolicited_report_interval = 1000 -net.ipv4.conf.tun0.ignore_routes_with_linkdown = 0 -net.ipv4.conf.tun0.log_martians = 0 -net.ipv4.conf.tun0.mc_forwarding = 0 -net.ipv4.conf.tun0.medium_id = 0 -net.ipv4.conf.tun0.promote_secondaries = 1 -net.ipv4.conf.tun0.proxy_arp = 0 -net.ipv4.conf.tun0.proxy_arp_pvlan = 0 -net.ipv4.conf.tun0.route_localnet = 0 -net.ipv4.conf.tun0.rp_filter = 2 -net.ipv4.conf.tun0.secure_redirects = 1 -net.ipv4.conf.tun0.send_redirects = 1 -net.ipv4.conf.tun0.shared_media = 1 -net.ipv4.conf.tun0.src_valid_mark = 0 -net.ipv4.conf.tun0.tag = 0 -net.ipv4.conf.virbr0.accept_local = 0 -net.ipv4.conf.virbr0.accept_redirects = 1 -net.ipv4.conf.virbr0.accept_source_route = 0 -net.ipv4.conf.virbr0.arp_accept = 0 -net.ipv4.conf.virbr0.arp_announce = 0 -net.ipv4.conf.virbr0.arp_evict_nocarrier = 1 -net.ipv4.conf.virbr0.arp_filter = 0 -net.ipv4.conf.virbr0.arp_ignore = 0 -net.ipv4.conf.virbr0.arp_notify = 0 -net.ipv4.conf.virbr0.bc_forwarding = 0 -net.ipv4.conf.virbr0.bootp_relay = 0 -net.ipv4.conf.virbr0.disable_policy = 0 -net.ipv4.conf.virbr0.disable_xfrm = 0 -net.ipv4.conf.virbr0.drop_gratuitous_arp = 0 -net.ipv4.conf.virbr0.drop_unicast_in_l2_multicast = 0 -net.ipv4.conf.virbr0.force_igmp_version = 0 -net.ipv4.conf.virbr0.forwarding = 1 -net.ipv4.conf.virbr0.igmpv2_unsolicited_report_interval = 10000 -net.ipv4.conf.virbr0.igmpv3_unsolicited_report_interval = 1000 -net.ipv4.conf.virbr0.ignore_routes_with_linkdown = 0 -net.ipv4.conf.virbr0.log_martians = 0 -net.ipv4.conf.virbr0.mc_forwarding = 0 -net.ipv4.conf.virbr0.medium_id = 0 -net.ipv4.conf.virbr0.promote_secondaries = 1 -net.ipv4.conf.virbr0.proxy_arp = 0 -net.ipv4.conf.virbr0.proxy_arp_pvlan = 0 -net.ipv4.conf.virbr0.route_localnet = 0 -net.ipv4.conf.virbr0.rp_filter = 2 -net.ipv4.conf.virbr0.secure_redirects = 1 -net.ipv4.conf.virbr0.send_redirects = 1 -net.ipv4.conf.virbr0.shared_media = 1 -net.ipv4.conf.virbr0.src_valid_mark = 0 -net.ipv4.conf.virbr0.tag = 0 -net.ipv4.conf.wlp4s0.accept_local = 0 -net.ipv4.conf.wlp4s0.accept_redirects = 1 -net.ipv4.conf.wlp4s0.accept_source_route = 0 -net.ipv4.conf.wlp4s0.arp_accept = 0 -net.ipv4.conf.wlp4s0.arp_announce = 0 -net.ipv4.conf.wlp4s0.arp_evict_nocarrier = 1 -net.ipv4.conf.wlp4s0.arp_filter = 0 -net.ipv4.conf.wlp4s0.arp_ignore = 0 -net.ipv4.conf.wlp4s0.arp_notify = 0 -net.ipv4.conf.wlp4s0.bc_forwarding = 0 -net.ipv4.conf.wlp4s0.bootp_relay = 0 -net.ipv4.conf.wlp4s0.disable_policy = 0 -net.ipv4.conf.wlp4s0.disable_xfrm = 0 -net.ipv4.conf.wlp4s0.drop_gratuitous_arp = 0 -net.ipv4.conf.wlp4s0.drop_unicast_in_l2_multicast = 0 -net.ipv4.conf.wlp4s0.force_igmp_version = 0 -net.ipv4.conf.wlp4s0.forwarding = 1 -net.ipv4.conf.wlp4s0.igmpv2_unsolicited_report_interval = 10000 -net.ipv4.conf.wlp4s0.igmpv3_unsolicited_report_interval = 1000 -net.ipv4.conf.wlp4s0.ignore_routes_with_linkdown = 0 -net.ipv4.conf.wlp4s0.log_martians = 0 -net.ipv4.conf.wlp4s0.mc_forwarding = 0 -net.ipv4.conf.wlp4s0.medium_id = 0 -net.ipv4.conf.wlp4s0.promote_secondaries = 1 -net.ipv4.conf.wlp4s0.proxy_arp = 0 -net.ipv4.conf.wlp4s0.proxy_arp_pvlan = 0 -net.ipv4.conf.wlp4s0.route_localnet = 0 -net.ipv4.conf.wlp4s0.rp_filter = 2 -net.ipv4.conf.wlp4s0.secure_redirects = 1 -net.ipv4.conf.wlp4s0.send_redirects = 1 -net.ipv4.conf.wlp4s0.shared_media = 1 -net.ipv4.conf.wlp4s0.src_valid_mark = 0 -net.ipv4.conf.wlp4s0.tag = 0 net.ipv4.fib_multipath_hash_fields = 7 net.ipv4.fib_multipath_hash_policy = 0 net.ipv4.fib_multipath_use_neigh = 0 @@ -724,7 +471,6 @@ net.ipv4.neigh.default.gc_stale_time = 60 net.ipv4.neigh.default.gc_thresh1 = 128 net.ipv4.neigh.default.gc_thresh2 = 512 net.ipv4.neigh.default.gc_thresh3 = 1024 -net.ipv4.neigh.default.interval_probe_time_ms = 5000 net.ipv4.neigh.default.locktime = 100 net.ipv4.neigh.default.mcast_resolicit = 0 net.ipv4.neigh.default.mcast_solicit = 3 @@ -734,27 +480,39 @@ net.ipv4.neigh.default.retrans_time_ms = 1000 net.ipv4.neigh.default.ucast_solicit = 3 net.ipv4.neigh.default.unres_qlen = 101 net.ipv4.neigh.default.unres_qlen_bytes = 212992 -net.ipv4.neigh.enp0s31f6.anycast_delay = 100 -net.ipv4.neigh.enp0s31f6.app_solicit = 0 -net.ipv4.neigh.enp0s31f6.base_reachable_time_ms = 30000 -net.ipv4.neigh.enp0s31f6.delay_first_probe_time = 5 -net.ipv4.neigh.enp0s31f6.gc_stale_time = 60 -net.ipv4.neigh.enp0s31f6.interval_probe_time_ms = 5000 -net.ipv4.neigh.enp0s31f6.locktime = 100 -net.ipv4.neigh.enp0s31f6.mcast_resolicit = 0 -net.ipv4.neigh.enp0s31f6.mcast_solicit = 3 -net.ipv4.neigh.enp0s31f6.proxy_delay = 80 -net.ipv4.neigh.enp0s31f6.proxy_qlen = 64 -net.ipv4.neigh.enp0s31f6.retrans_time_ms = 1000 -net.ipv4.neigh.enp0s31f6.ucast_solicit = 3 -net.ipv4.neigh.enp0s31f6.unres_qlen = 101 -net.ipv4.neigh.enp0s31f6.unres_qlen_bytes = 212992 +net.ipv4.neigh.docker0.anycast_delay = 100 +net.ipv4.neigh.docker0.app_solicit = 0 +net.ipv4.neigh.docker0.base_reachable_time_ms = 30000 +net.ipv4.neigh.docker0.delay_first_probe_time = 5 +net.ipv4.neigh.docker0.gc_stale_time = 60 +net.ipv4.neigh.docker0.locktime = 100 +net.ipv4.neigh.docker0.mcast_resolicit = 0 +net.ipv4.neigh.docker0.mcast_solicit = 3 +net.ipv4.neigh.docker0.proxy_delay = 80 +net.ipv4.neigh.docker0.proxy_qlen = 64 +net.ipv4.neigh.docker0.retrans_time_ms = 1000 +net.ipv4.neigh.docker0.ucast_solicit = 3 +net.ipv4.neigh.docker0.unres_qlen = 101 +net.ipv4.neigh.docker0.unres_qlen_bytes = 212992 +net.ipv4.neigh.ens160.anycast_delay = 100 +net.ipv4.neigh.ens160.app_solicit = 0 +net.ipv4.neigh.ens160.base_reachable_time_ms = 30000 +net.ipv4.neigh.ens160.delay_first_probe_time = 5 +net.ipv4.neigh.ens160.gc_stale_time = 60 +net.ipv4.neigh.ens160.locktime = 100 +net.ipv4.neigh.ens160.mcast_resolicit = 0 +net.ipv4.neigh.ens160.mcast_solicit = 3 +net.ipv4.neigh.ens160.proxy_delay = 80 +net.ipv4.neigh.ens160.proxy_qlen = 64 +net.ipv4.neigh.ens160.retrans_time_ms = 1000 +net.ipv4.neigh.ens160.ucast_solicit = 3 +net.ipv4.neigh.ens160.unres_qlen = 101 +net.ipv4.neigh.ens160.unres_qlen_bytes = 212992 net.ipv4.neigh.lo.anycast_delay = 100 net.ipv4.neigh.lo.app_solicit = 0 net.ipv4.neigh.lo.base_reachable_time_ms = 30000 net.ipv4.neigh.lo.delay_first_probe_time = 5 net.ipv4.neigh.lo.gc_stale_time = 60 -net.ipv4.neigh.lo.interval_probe_time_ms = 5000 net.ipv4.neigh.lo.locktime = 100 net.ipv4.neigh.lo.mcast_resolicit = 0 net.ipv4.neigh.lo.mcast_solicit = 3 @@ -764,56 +522,11 @@ net.ipv4.neigh.lo.retrans_time_ms = 1000 net.ipv4.neigh.lo.ucast_solicit = 3 net.ipv4.neigh.lo.unres_qlen = 101 net.ipv4.neigh.lo.unres_qlen_bytes = 212992 -net.ipv4.neigh.tun0.anycast_delay = 100 -net.ipv4.neigh.tun0.app_solicit = 0 -net.ipv4.neigh.tun0.base_reachable_time_ms = 30000 -net.ipv4.neigh.tun0.delay_first_probe_time = 5 -net.ipv4.neigh.tun0.gc_stale_time = 60 -net.ipv4.neigh.tun0.interval_probe_time_ms = 5000 -net.ipv4.neigh.tun0.locktime = 100 -net.ipv4.neigh.tun0.mcast_resolicit = 0 -net.ipv4.neigh.tun0.mcast_solicit = 3 -net.ipv4.neigh.tun0.proxy_delay = 80 -net.ipv4.neigh.tun0.proxy_qlen = 64 -net.ipv4.neigh.tun0.retrans_time_ms = 1000 -net.ipv4.neigh.tun0.ucast_solicit = 3 -net.ipv4.neigh.tun0.unres_qlen = 101 -net.ipv4.neigh.tun0.unres_qlen_bytes = 212992 -net.ipv4.neigh.virbr0.anycast_delay = 100 -net.ipv4.neigh.virbr0.app_solicit = 0 -net.ipv4.neigh.virbr0.base_reachable_time_ms = 30000 -net.ipv4.neigh.virbr0.delay_first_probe_time = 5 -net.ipv4.neigh.virbr0.gc_stale_time = 60 -net.ipv4.neigh.virbr0.interval_probe_time_ms = 5000 -net.ipv4.neigh.virbr0.locktime = 100 -net.ipv4.neigh.virbr0.mcast_resolicit = 0 -net.ipv4.neigh.virbr0.mcast_solicit = 3 -net.ipv4.neigh.virbr0.proxy_delay = 80 -net.ipv4.neigh.virbr0.proxy_qlen = 64 -net.ipv4.neigh.virbr0.retrans_time_ms = 1000 -net.ipv4.neigh.virbr0.ucast_solicit = 3 -net.ipv4.neigh.virbr0.unres_qlen = 101 -net.ipv4.neigh.virbr0.unres_qlen_bytes = 212992 -net.ipv4.neigh.wlp4s0.anycast_delay = 100 -net.ipv4.neigh.wlp4s0.app_solicit = 0 -net.ipv4.neigh.wlp4s0.base_reachable_time_ms = 30000 -net.ipv4.neigh.wlp4s0.delay_first_probe_time = 5 -net.ipv4.neigh.wlp4s0.gc_stale_time = 60 -net.ipv4.neigh.wlp4s0.interval_probe_time_ms = 5000 -net.ipv4.neigh.wlp4s0.locktime = 100 -net.ipv4.neigh.wlp4s0.mcast_resolicit = 0 -net.ipv4.neigh.wlp4s0.mcast_solicit = 3 -net.ipv4.neigh.wlp4s0.proxy_delay = 80 -net.ipv4.neigh.wlp4s0.proxy_qlen = 64 -net.ipv4.neigh.wlp4s0.retrans_time_ms = 1000 -net.ipv4.neigh.wlp4s0.ucast_solicit = 3 -net.ipv4.neigh.wlp4s0.unres_qlen = 101 -net.ipv4.neigh.wlp4s0.unres_qlen_bytes = 212992 net.ipv4.nexthop_compat_mode = 1 net.ipv4.ping_group_range = 0 2147483647 net.ipv4.raw_l3mdev_accept = 1 -net.ipv4.route.error_burst = 5000 -net.ipv4.route.error_cost = 1000 +net.ipv4.route.error_burst = 1250 +net.ipv4.route.error_cost = 250 net.ipv4.route.gc_elasticity = 8 net.ipv4.route.gc_interval = 60 net.ipv4.route.gc_min_interval = 0 @@ -824,19 +537,18 @@ net.ipv4.route.max_size = 2147483647 net.ipv4.route.min_adv_mss = 256 net.ipv4.route.min_pmtu = 552 net.ipv4.route.mtu_expires = 600 -net.ipv4.route.redirect_load = 20 +net.ipv4.route.redirect_load = 5 net.ipv4.route.redirect_number = 9 -net.ipv4.route.redirect_silence = 20480 +net.ipv4.route.redirect_silence = 5120 net.ipv4.tcp_abort_on_overflow = 0 net.ipv4.tcp_adv_win_scale = 1 net.ipv4.tcp_allowed_congestion_control = reno cubic net.ipv4.tcp_app_win = 31 net.ipv4.tcp_autocorking = 1 net.ipv4.tcp_available_congestion_control = reno cubic -net.ipv4.tcp_available_ulp = espintcp mptcp +net.ipv4.tcp_available_ulp = espintcp mptcp tls net.ipv4.tcp_base_mss = 1024 -net.ipv4.tcp_challenge_ack_limit = 2147483647 -net.ipv4.tcp_child_ehash_entries = 0 +net.ipv4.tcp_challenge_ack_limit = 1000 net.ipv4.tcp_comp_sack_delay_ns = 1000000 net.ipv4.tcp_comp_sack_nr = 44 net.ipv4.tcp_comp_sack_slack_ns = 100000 @@ -846,11 +558,10 @@ net.ipv4.tcp_early_demux = 1 net.ipv4.tcp_early_retrans = 3 net.ipv4.tcp_ecn = 2 net.ipv4.tcp_ecn_fallback = 1 -net.ipv4.tcp_ehash_entries = 65536 net.ipv4.tcp_fack = 0 net.ipv4.tcp_fastopen = 1 net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0 -net.ipv4.tcp_fastopen_key = 5b768f20-7ae5f60c-35336305-fe5cb91e +net.ipv4.tcp_fastopen_key = 23d4bc1a-67678cb7-969bbf8f-f04ed254 net.ipv4.tcp_fin_timeout = 60 net.ipv4.tcp_frto = 2 net.ipv4.tcp_fwmark_accept = 0 @@ -865,7 +576,7 @@ net.ipv4.tcp_max_orphans = 32768 net.ipv4.tcp_max_reordering = 300 net.ipv4.tcp_max_syn_backlog = 512 net.ipv4.tcp_max_tw_buckets = 32768 -net.ipv4.tcp_mem = 91878 122504 183756 +net.ipv4.tcp_mem = 92505 123341 185010 net.ipv4.tcp_migrate_req = 0 net.ipv4.tcp_min_rtt_wlen = 300 net.ipv4.tcp_min_snd_mss = 48 @@ -879,11 +590,6 @@ net.ipv4.tcp_notsent_lowat = 4294967295 net.ipv4.tcp_orphan_retries = 0 net.ipv4.tcp_pacing_ca_ratio = 120 net.ipv4.tcp_pacing_ss_ratio = 200 -net.ipv4.tcp_plb_cong_thresh = 128 -net.ipv4.tcp_plb_enabled = 0 -net.ipv4.tcp_plb_idle_rehash_rounds = 3 -net.ipv4.tcp_plb_rehash_rounds = 12 -net.ipv4.tcp_plb_suspend_rto_sec = 60 net.ipv4.tcp_probe_interval = 600 net.ipv4.tcp_probe_threshold = 8 net.ipv4.tcp_recovery = 1 @@ -894,6 +600,7 @@ net.ipv4.tcp_retries1 = 3 net.ipv4.tcp_retries2 = 15 net.ipv4.tcp_rfc1337 = 0 net.ipv4.tcp_rmem = 4096 131072 6291456 +net.ipv4.tcp_rx_skb_cache = 0 net.ipv4.tcp_sack = 1 net.ipv4.tcp_slow_start_after_idle = 1 net.ipv4.tcp_stdurg = 0 @@ -902,17 +609,15 @@ net.ipv4.tcp_synack_retries = 5 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_thin_linear_timeouts = 0 net.ipv4.tcp_timestamps = 1 -net.ipv4.tcp_tso_rtt_log = 9 net.ipv4.tcp_tso_win_divisor = 3 net.ipv4.tcp_tw_reuse = 2 +net.ipv4.tcp_tx_skb_cache = 0 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv4.tcp_workaround_signed_windows = 0 -net.ipv4.udp_child_hash_entries = 0 net.ipv4.udp_early_demux = 1 -net.ipv4.udp_hash_entries = 4096 net.ipv4.udp_l3mdev_accept = 0 -net.ipv4.udp_mem = 183756 245008 367512 +net.ipv4.udp_mem = 185010 246682 370020 net.ipv4.udp_rmem_min = 4096 net.ipv4.udp_wmem_min = 4096 net.ipv4.xfrm4_gc_thresh = 32768 @@ -933,11 +638,10 @@ net.ipv6.conf.all.accept_ra_rt_info_min_plen = 0 net.ipv6.conf.all.accept_ra_rtr_pref = 1 net.ipv6.conf.all.accept_redirects = 1 net.ipv6.conf.all.accept_source_route = 0 -net.ipv6.conf.all.accept_untracked_na = 0 net.ipv6.conf.all.addr_gen_mode = 0 net.ipv6.conf.all.autoconf = 1 net.ipv6.conf.all.dad_transmits = 1 -net.ipv6.conf.all.disable_ipv6 = 1 +net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.all.disable_policy = 0 net.ipv6.conf.all.drop_unicast_in_l2_multicast = 0 net.ipv6.conf.all.drop_unsolicited_na = 0 @@ -957,10 +661,8 @@ net.ipv6.conf.all.mc_forwarding = 0 net.ipv6.conf.all.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.all.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.all.mtu = 1280 -net.ipv6.conf.all.ndisc_evict_nocarrier = 1 net.ipv6.conf.all.ndisc_notify = 0 net.ipv6.conf.all.ndisc_tclass = 0 -net.ipv6.conf.all.optimistic_dad = 0 net.ipv6.conf.all.proxy_ndp = 0 net.ipv6.conf.all.ra_defrtr_metric = 1024 net.ipv6.conf.all.regen_max_retry = 3 @@ -976,8 +678,7 @@ net.ipv6.conf.all.suppress_frag_ndisc = 1 net.ipv6.conf.all.temp_prefered_lft = 86400 net.ipv6.conf.all.temp_valid_lft = 604800 net.ipv6.conf.all.use_oif_addrs_only = 0 -net.ipv6.conf.all.use_optimistic = 0 -net.ipv6.conf.all.use_tempaddr = 0 +net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.accept_dad = 1 net.ipv6.conf.default.accept_ra = 1 net.ipv6.conf.default.accept_ra_defrtr = 1 @@ -990,11 +691,10 @@ net.ipv6.conf.default.accept_ra_rt_info_min_plen = 0 net.ipv6.conf.default.accept_ra_rtr_pref = 1 net.ipv6.conf.default.accept_redirects = 1 net.ipv6.conf.default.accept_source_route = 0 -net.ipv6.conf.default.accept_untracked_na = 0 net.ipv6.conf.default.addr_gen_mode = 0 net.ipv6.conf.default.autoconf = 1 net.ipv6.conf.default.dad_transmits = 1 -net.ipv6.conf.default.disable_ipv6 = 1 +net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.default.disable_policy = 0 net.ipv6.conf.default.drop_unicast_in_l2_multicast = 0 net.ipv6.conf.default.drop_unsolicited_na = 0 @@ -1014,10 +714,8 @@ net.ipv6.conf.default.mc_forwarding = 0 net.ipv6.conf.default.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.default.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.default.mtu = 1280 -net.ipv6.conf.default.ndisc_evict_nocarrier = 1 net.ipv6.conf.default.ndisc_notify = 0 net.ipv6.conf.default.ndisc_tclass = 0 -net.ipv6.conf.default.optimistic_dad = 0 net.ipv6.conf.default.proxy_ndp = 0 net.ipv6.conf.default.ra_defrtr_metric = 1024 net.ipv6.conf.default.regen_max_retry = 3 @@ -1033,67 +731,115 @@ net.ipv6.conf.default.suppress_frag_ndisc = 1 net.ipv6.conf.default.temp_prefered_lft = 86400 net.ipv6.conf.default.temp_valid_lft = 604800 net.ipv6.conf.default.use_oif_addrs_only = 0 -net.ipv6.conf.default.use_optimistic = 0 -net.ipv6.conf.default.use_tempaddr = 0 -net.ipv6.conf.enp0s31f6.accept_dad = 1 -net.ipv6.conf.enp0s31f6.accept_ra = 0 -net.ipv6.conf.enp0s31f6.accept_ra_defrtr = 1 -net.ipv6.conf.enp0s31f6.accept_ra_from_local = 0 -net.ipv6.conf.enp0s31f6.accept_ra_min_hop_limit = 1 -net.ipv6.conf.enp0s31f6.accept_ra_mtu = 1 -net.ipv6.conf.enp0s31f6.accept_ra_pinfo = 1 -net.ipv6.conf.enp0s31f6.accept_ra_rt_info_max_plen = 0 -net.ipv6.conf.enp0s31f6.accept_ra_rt_info_min_plen = 0 -net.ipv6.conf.enp0s31f6.accept_ra_rtr_pref = 1 -net.ipv6.conf.enp0s31f6.accept_redirects = 1 -net.ipv6.conf.enp0s31f6.accept_source_route = 0 -net.ipv6.conf.enp0s31f6.accept_untracked_na = 0 -net.ipv6.conf.enp0s31f6.addr_gen_mode = 1 -net.ipv6.conf.enp0s31f6.autoconf = 1 -net.ipv6.conf.enp0s31f6.dad_transmits = 1 -net.ipv6.conf.enp0s31f6.disable_ipv6 = 0 -net.ipv6.conf.enp0s31f6.disable_policy = 0 -net.ipv6.conf.enp0s31f6.drop_unicast_in_l2_multicast = 0 -net.ipv6.conf.enp0s31f6.drop_unsolicited_na = 0 -net.ipv6.conf.enp0s31f6.enhanced_dad = 1 -net.ipv6.conf.enp0s31f6.force_mld_version = 0 -net.ipv6.conf.enp0s31f6.force_tllao = 0 -net.ipv6.conf.enp0s31f6.forwarding = 0 -net.ipv6.conf.enp0s31f6.hop_limit = 64 -net.ipv6.conf.enp0s31f6.ignore_routes_with_linkdown = 0 -net.ipv6.conf.enp0s31f6.ioam6_enabled = 0 -net.ipv6.conf.enp0s31f6.ioam6_id = 65535 -net.ipv6.conf.enp0s31f6.ioam6_id_wide = 4294967295 -net.ipv6.conf.enp0s31f6.keep_addr_on_down = 0 -net.ipv6.conf.enp0s31f6.max_addresses = 16 -net.ipv6.conf.enp0s31f6.max_desync_factor = 600 -net.ipv6.conf.enp0s31f6.mc_forwarding = 0 -net.ipv6.conf.enp0s31f6.mldv1_unsolicited_report_interval = 10000 -net.ipv6.conf.enp0s31f6.mldv2_unsolicited_report_interval = 1000 -net.ipv6.conf.enp0s31f6.mtu = 1500 -net.ipv6.conf.enp0s31f6.ndisc_evict_nocarrier = 1 -net.ipv6.conf.enp0s31f6.ndisc_notify = 0 -net.ipv6.conf.enp0s31f6.ndisc_tclass = 0 -net.ipv6.conf.enp0s31f6.optimistic_dad = 0 -net.ipv6.conf.enp0s31f6.proxy_ndp = 0 -net.ipv6.conf.enp0s31f6.ra_defrtr_metric = 1024 -net.ipv6.conf.enp0s31f6.regen_max_retry = 3 -net.ipv6.conf.enp0s31f6.router_probe_interval = 60 -net.ipv6.conf.enp0s31f6.router_solicitation_delay = 1 -net.ipv6.conf.enp0s31f6.router_solicitation_interval = 4 -net.ipv6.conf.enp0s31f6.router_solicitation_max_interval = 3600 -net.ipv6.conf.enp0s31f6.router_solicitations = -1 -net.ipv6.conf.enp0s31f6.rpl_seg_enabled = 0 -net.ipv6.conf.enp0s31f6.seg6_enabled = 0 -net.ipv6.conf.enp0s31f6.seg6_require_hmac = 0 -net.ipv6.conf.enp0s31f6.suppress_frag_ndisc = 1 -net.ipv6.conf.enp0s31f6.temp_prefered_lft = 86400 -net.ipv6.conf.enp0s31f6.temp_valid_lft = 604800 -net.ipv6.conf.enp0s31f6.use_oif_addrs_only = 0 -net.ipv6.conf.enp0s31f6.use_optimistic = 0 -net.ipv6.conf.enp0s31f6.use_tempaddr = 0 +net.ipv6.conf.default.use_tempaddr = 2 +net.ipv6.conf.docker0.accept_dad = 1 +net.ipv6.conf.docker0.accept_ra = 0 +net.ipv6.conf.docker0.accept_ra_defrtr = 1 +net.ipv6.conf.docker0.accept_ra_from_local = 0 +net.ipv6.conf.docker0.accept_ra_min_hop_limit = 1 +net.ipv6.conf.docker0.accept_ra_mtu = 1 +net.ipv6.conf.docker0.accept_ra_pinfo = 1 +net.ipv6.conf.docker0.accept_ra_rt_info_max_plen = 0 +net.ipv6.conf.docker0.accept_ra_rt_info_min_plen = 0 +net.ipv6.conf.docker0.accept_ra_rtr_pref = 1 +net.ipv6.conf.docker0.accept_redirects = 1 +net.ipv6.conf.docker0.accept_source_route = 0 +net.ipv6.conf.docker0.addr_gen_mode = 0 +net.ipv6.conf.docker0.autoconf = 1 +net.ipv6.conf.docker0.dad_transmits = 1 +net.ipv6.conf.docker0.disable_ipv6 = 0 +net.ipv6.conf.docker0.disable_policy = 0 +net.ipv6.conf.docker0.drop_unicast_in_l2_multicast = 0 +net.ipv6.conf.docker0.drop_unsolicited_na = 0 +net.ipv6.conf.docker0.enhanced_dad = 1 +net.ipv6.conf.docker0.force_mld_version = 0 +net.ipv6.conf.docker0.force_tllao = 0 +net.ipv6.conf.docker0.forwarding = 0 +net.ipv6.conf.docker0.hop_limit = 64 +net.ipv6.conf.docker0.ignore_routes_with_linkdown = 0 +net.ipv6.conf.docker0.ioam6_enabled = 0 +net.ipv6.conf.docker0.ioam6_id = 65535 +net.ipv6.conf.docker0.ioam6_id_wide = 4294967295 +net.ipv6.conf.docker0.keep_addr_on_down = 0 +net.ipv6.conf.docker0.max_addresses = 16 +net.ipv6.conf.docker0.max_desync_factor = 600 +net.ipv6.conf.docker0.mc_forwarding = 0 +net.ipv6.conf.docker0.mldv1_unsolicited_report_interval = 10000 +net.ipv6.conf.docker0.mldv2_unsolicited_report_interval = 1000 +net.ipv6.conf.docker0.mtu = 1500 +net.ipv6.conf.docker0.ndisc_notify = 0 +net.ipv6.conf.docker0.ndisc_tclass = 0 +net.ipv6.conf.docker0.proxy_ndp = 0 +net.ipv6.conf.docker0.ra_defrtr_metric = 1024 +net.ipv6.conf.docker0.regen_max_retry = 3 +net.ipv6.conf.docker0.router_probe_interval = 60 +net.ipv6.conf.docker0.router_solicitation_delay = 1 +net.ipv6.conf.docker0.router_solicitation_interval = 4 +net.ipv6.conf.docker0.router_solicitation_max_interval = 3600 +net.ipv6.conf.docker0.router_solicitations = -1 +net.ipv6.conf.docker0.rpl_seg_enabled = 0 +net.ipv6.conf.docker0.seg6_enabled = 0 +net.ipv6.conf.docker0.seg6_require_hmac = 0 +net.ipv6.conf.docker0.suppress_frag_ndisc = 1 +net.ipv6.conf.docker0.temp_prefered_lft = 86400 +net.ipv6.conf.docker0.temp_valid_lft = 604800 +net.ipv6.conf.docker0.use_oif_addrs_only = 0 +net.ipv6.conf.docker0.use_tempaddr = 2 +net.ipv6.conf.ens160.accept_dad = 1 +net.ipv6.conf.ens160.accept_ra = 0 +net.ipv6.conf.ens160.accept_ra_defrtr = 1 +net.ipv6.conf.ens160.accept_ra_from_local = 0 +net.ipv6.conf.ens160.accept_ra_min_hop_limit = 1 +net.ipv6.conf.ens160.accept_ra_mtu = 1 +net.ipv6.conf.ens160.accept_ra_pinfo = 1 +net.ipv6.conf.ens160.accept_ra_rt_info_max_plen = 0 +net.ipv6.conf.ens160.accept_ra_rt_info_min_plen = 0 +net.ipv6.conf.ens160.accept_ra_rtr_pref = 1 +net.ipv6.conf.ens160.accept_redirects = 1 +net.ipv6.conf.ens160.accept_source_route = 0 +net.ipv6.conf.ens160.addr_gen_mode = 0 +net.ipv6.conf.ens160.autoconf = 1 +net.ipv6.conf.ens160.dad_transmits = 1 +net.ipv6.conf.ens160.disable_ipv6 = 0 +net.ipv6.conf.ens160.disable_policy = 0 +net.ipv6.conf.ens160.drop_unicast_in_l2_multicast = 0 +net.ipv6.conf.ens160.drop_unsolicited_na = 0 +net.ipv6.conf.ens160.enhanced_dad = 1 +net.ipv6.conf.ens160.force_mld_version = 0 +net.ipv6.conf.ens160.force_tllao = 0 +net.ipv6.conf.ens160.forwarding = 0 +net.ipv6.conf.ens160.hop_limit = 64 +net.ipv6.conf.ens160.ignore_routes_with_linkdown = 0 +net.ipv6.conf.ens160.ioam6_enabled = 0 +net.ipv6.conf.ens160.ioam6_id = 65535 +net.ipv6.conf.ens160.ioam6_id_wide = 4294967295 +net.ipv6.conf.ens160.keep_addr_on_down = 0 +net.ipv6.conf.ens160.max_addresses = 16 +net.ipv6.conf.ens160.max_desync_factor = 600 +net.ipv6.conf.ens160.mc_forwarding = 0 +net.ipv6.conf.ens160.mldv1_unsolicited_report_interval = 10000 +net.ipv6.conf.ens160.mldv2_unsolicited_report_interval = 1000 +net.ipv6.conf.ens160.mtu = 1500 +net.ipv6.conf.ens160.ndisc_notify = 0 +net.ipv6.conf.ens160.ndisc_tclass = 0 +net.ipv6.conf.ens160.proxy_ndp = 0 +net.ipv6.conf.ens160.ra_defrtr_metric = 1024 +net.ipv6.conf.ens160.regen_max_retry = 3 +net.ipv6.conf.ens160.router_probe_interval = 60 +net.ipv6.conf.ens160.router_solicitation_delay = 1 +net.ipv6.conf.ens160.router_solicitation_interval = 4 +net.ipv6.conf.ens160.router_solicitation_max_interval = 3600 +net.ipv6.conf.ens160.router_solicitations = -1 +net.ipv6.conf.ens160.rpl_seg_enabled = 0 +net.ipv6.conf.ens160.seg6_enabled = 0 +net.ipv6.conf.ens160.seg6_require_hmac = 0 +net.ipv6.conf.ens160.suppress_frag_ndisc = 1 +net.ipv6.conf.ens160.temp_prefered_lft = 86400 +net.ipv6.conf.ens160.temp_valid_lft = 604800 +net.ipv6.conf.ens160.use_oif_addrs_only = 0 +net.ipv6.conf.ens160.use_tempaddr = 0 net.ipv6.conf.lo.accept_dad = -1 -net.ipv6.conf.lo.accept_ra = 0 +net.ipv6.conf.lo.accept_ra = 1 net.ipv6.conf.lo.accept_ra_defrtr = 1 net.ipv6.conf.lo.accept_ra_from_local = 0 net.ipv6.conf.lo.accept_ra_min_hop_limit = 1 @@ -1104,8 +850,7 @@ net.ipv6.conf.lo.accept_ra_rt_info_min_plen = 0 net.ipv6.conf.lo.accept_ra_rtr_pref = 1 net.ipv6.conf.lo.accept_redirects = 1 net.ipv6.conf.lo.accept_source_route = 0 -net.ipv6.conf.lo.accept_untracked_na = 0 -net.ipv6.conf.lo.addr_gen_mode = 1 +net.ipv6.conf.lo.addr_gen_mode = 0 net.ipv6.conf.lo.autoconf = 1 net.ipv6.conf.lo.dad_transmits = 1 net.ipv6.conf.lo.disable_ipv6 = 0 @@ -1128,10 +873,8 @@ net.ipv6.conf.lo.mc_forwarding = 0 net.ipv6.conf.lo.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.lo.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.lo.mtu = 65536 -net.ipv6.conf.lo.ndisc_evict_nocarrier = 1 net.ipv6.conf.lo.ndisc_notify = 0 net.ipv6.conf.lo.ndisc_tclass = 0 -net.ipv6.conf.lo.optimistic_dad = 0 net.ipv6.conf.lo.proxy_ndp = 0 net.ipv6.conf.lo.ra_defrtr_metric = 1024 net.ipv6.conf.lo.regen_max_retry = 3 @@ -1147,179 +890,7 @@ net.ipv6.conf.lo.suppress_frag_ndisc = 1 net.ipv6.conf.lo.temp_prefered_lft = 86400 net.ipv6.conf.lo.temp_valid_lft = 604800 net.ipv6.conf.lo.use_oif_addrs_only = 0 -net.ipv6.conf.lo.use_optimistic = 0 -net.ipv6.conf.lo.use_tempaddr = 0 -net.ipv6.conf.tun0.accept_dad = -1 -net.ipv6.conf.tun0.accept_ra = 1 -net.ipv6.conf.tun0.accept_ra_defrtr = 1 -net.ipv6.conf.tun0.accept_ra_from_local = 0 -net.ipv6.conf.tun0.accept_ra_min_hop_limit = 1 -net.ipv6.conf.tun0.accept_ra_mtu = 1 -net.ipv6.conf.tun0.accept_ra_pinfo = 1 -net.ipv6.conf.tun0.accept_ra_rt_info_max_plen = 0 -net.ipv6.conf.tun0.accept_ra_rt_info_min_plen = 0 -net.ipv6.conf.tun0.accept_ra_rtr_pref = 1 -net.ipv6.conf.tun0.accept_redirects = 1 -net.ipv6.conf.tun0.accept_source_route = 0 -net.ipv6.conf.tun0.accept_untracked_na = 0 -net.ipv6.conf.tun0.addr_gen_mode = 0 -net.ipv6.conf.tun0.autoconf = 1 -net.ipv6.conf.tun0.dad_transmits = 1 -net.ipv6.conf.tun0.disable_ipv6 = 1 -net.ipv6.conf.tun0.disable_policy = 0 -net.ipv6.conf.tun0.drop_unicast_in_l2_multicast = 0 -net.ipv6.conf.tun0.drop_unsolicited_na = 0 -net.ipv6.conf.tun0.enhanced_dad = 1 -net.ipv6.conf.tun0.force_mld_version = 0 -net.ipv6.conf.tun0.force_tllao = 0 -net.ipv6.conf.tun0.forwarding = 0 -net.ipv6.conf.tun0.hop_limit = 64 -net.ipv6.conf.tun0.ignore_routes_with_linkdown = 0 -net.ipv6.conf.tun0.ioam6_enabled = 0 -net.ipv6.conf.tun0.ioam6_id = 65535 -net.ipv6.conf.tun0.ioam6_id_wide = 4294967295 -net.ipv6.conf.tun0.keep_addr_on_down = 0 -net.ipv6.conf.tun0.max_addresses = 16 -net.ipv6.conf.tun0.max_desync_factor = 600 -net.ipv6.conf.tun0.mc_forwarding = 0 -net.ipv6.conf.tun0.mldv1_unsolicited_report_interval = 10000 -net.ipv6.conf.tun0.mldv2_unsolicited_report_interval = 1000 -net.ipv6.conf.tun0.mtu = 1500 -net.ipv6.conf.tun0.ndisc_evict_nocarrier = 1 -net.ipv6.conf.tun0.ndisc_notify = 0 -net.ipv6.conf.tun0.ndisc_tclass = 0 -net.ipv6.conf.tun0.optimistic_dad = 0 -net.ipv6.conf.tun0.proxy_ndp = 0 -net.ipv6.conf.tun0.ra_defrtr_metric = 1024 -net.ipv6.conf.tun0.regen_max_retry = 3 -net.ipv6.conf.tun0.router_probe_interval = 60 -net.ipv6.conf.tun0.router_solicitation_delay = 1 -net.ipv6.conf.tun0.router_solicitation_interval = 4 -net.ipv6.conf.tun0.router_solicitation_max_interval = 3600 -net.ipv6.conf.tun0.router_solicitations = -1 -net.ipv6.conf.tun0.rpl_seg_enabled = 0 -net.ipv6.conf.tun0.seg6_enabled = 0 -net.ipv6.conf.tun0.seg6_require_hmac = 0 -net.ipv6.conf.tun0.suppress_frag_ndisc = 1 -net.ipv6.conf.tun0.temp_prefered_lft = 86400 -net.ipv6.conf.tun0.temp_valid_lft = 604800 -net.ipv6.conf.tun0.use_oif_addrs_only = 0 -net.ipv6.conf.tun0.use_optimistic = 0 -net.ipv6.conf.tun0.use_tempaddr = -1 -net.ipv6.conf.virbr0.accept_dad = 1 -net.ipv6.conf.virbr0.accept_ra = 0 -net.ipv6.conf.virbr0.accept_ra_defrtr = 1 -net.ipv6.conf.virbr0.accept_ra_from_local = 0 -net.ipv6.conf.virbr0.accept_ra_min_hop_limit = 1 -net.ipv6.conf.virbr0.accept_ra_mtu = 1 -net.ipv6.conf.virbr0.accept_ra_pinfo = 1 -net.ipv6.conf.virbr0.accept_ra_rt_info_max_plen = 0 -net.ipv6.conf.virbr0.accept_ra_rt_info_min_plen = 0 -net.ipv6.conf.virbr0.accept_ra_rtr_pref = 1 -net.ipv6.conf.virbr0.accept_redirects = 1 -net.ipv6.conf.virbr0.accept_source_route = 0 -net.ipv6.conf.virbr0.accept_untracked_na = 0 -net.ipv6.conf.virbr0.addr_gen_mode = 0 -net.ipv6.conf.virbr0.autoconf = 0 -net.ipv6.conf.virbr0.dad_transmits = 1 -net.ipv6.conf.virbr0.disable_ipv6 = 1 -net.ipv6.conf.virbr0.disable_policy = 0 -net.ipv6.conf.virbr0.drop_unicast_in_l2_multicast = 0 -net.ipv6.conf.virbr0.drop_unsolicited_na = 0 -net.ipv6.conf.virbr0.enhanced_dad = 1 -net.ipv6.conf.virbr0.force_mld_version = 0 -net.ipv6.conf.virbr0.force_tllao = 0 -net.ipv6.conf.virbr0.forwarding = 0 -net.ipv6.conf.virbr0.hop_limit = 64 -net.ipv6.conf.virbr0.ignore_routes_with_linkdown = 0 -net.ipv6.conf.virbr0.ioam6_enabled = 0 -net.ipv6.conf.virbr0.ioam6_id = 65535 -net.ipv6.conf.virbr0.ioam6_id_wide = 4294967295 -net.ipv6.conf.virbr0.keep_addr_on_down = 0 -net.ipv6.conf.virbr0.max_addresses = 16 -net.ipv6.conf.virbr0.max_desync_factor = 600 -net.ipv6.conf.virbr0.mc_forwarding = 0 -net.ipv6.conf.virbr0.mldv1_unsolicited_report_interval = 10000 -net.ipv6.conf.virbr0.mldv2_unsolicited_report_interval = 1000 -net.ipv6.conf.virbr0.mtu = 1500 -net.ipv6.conf.virbr0.ndisc_evict_nocarrier = 1 -net.ipv6.conf.virbr0.ndisc_notify = 0 -net.ipv6.conf.virbr0.ndisc_tclass = 0 -net.ipv6.conf.virbr0.optimistic_dad = 0 -net.ipv6.conf.virbr0.proxy_ndp = 0 -net.ipv6.conf.virbr0.ra_defrtr_metric = 1024 -net.ipv6.conf.virbr0.regen_max_retry = 3 -net.ipv6.conf.virbr0.router_probe_interval = 60 -net.ipv6.conf.virbr0.router_solicitation_delay = 1 -net.ipv6.conf.virbr0.router_solicitation_interval = 4 -net.ipv6.conf.virbr0.router_solicitation_max_interval = 3600 -net.ipv6.conf.virbr0.router_solicitations = -1 -net.ipv6.conf.virbr0.rpl_seg_enabled = 0 -net.ipv6.conf.virbr0.seg6_enabled = 0 -net.ipv6.conf.virbr0.seg6_require_hmac = 0 -net.ipv6.conf.virbr0.suppress_frag_ndisc = 1 -net.ipv6.conf.virbr0.temp_prefered_lft = 86400 -net.ipv6.conf.virbr0.temp_valid_lft = 604800 -net.ipv6.conf.virbr0.use_oif_addrs_only = 0 -net.ipv6.conf.virbr0.use_optimistic = 0 -net.ipv6.conf.virbr0.use_tempaddr = 0 -net.ipv6.conf.wlp4s0.accept_dad = 1 -net.ipv6.conf.wlp4s0.accept_ra = 0 -net.ipv6.conf.wlp4s0.accept_ra_defrtr = 1 -net.ipv6.conf.wlp4s0.accept_ra_from_local = 0 -net.ipv6.conf.wlp4s0.accept_ra_min_hop_limit = 1 -net.ipv6.conf.wlp4s0.accept_ra_mtu = 1 -net.ipv6.conf.wlp4s0.accept_ra_pinfo = 1 -net.ipv6.conf.wlp4s0.accept_ra_rt_info_max_plen = 0 -net.ipv6.conf.wlp4s0.accept_ra_rt_info_min_plen = 0 -net.ipv6.conf.wlp4s0.accept_ra_rtr_pref = 1 -net.ipv6.conf.wlp4s0.accept_redirects = 1 -net.ipv6.conf.wlp4s0.accept_source_route = 0 -net.ipv6.conf.wlp4s0.accept_untracked_na = 0 -net.ipv6.conf.wlp4s0.addr_gen_mode = 1 -net.ipv6.conf.wlp4s0.autoconf = 1 -net.ipv6.conf.wlp4s0.dad_transmits = 1 -net.ipv6.conf.wlp4s0.disable_ipv6 = 1 -net.ipv6.conf.wlp4s0.disable_policy = 0 -net.ipv6.conf.wlp4s0.drop_unicast_in_l2_multicast = 0 -net.ipv6.conf.wlp4s0.drop_unsolicited_na = 0 -net.ipv6.conf.wlp4s0.enhanced_dad = 1 -net.ipv6.conf.wlp4s0.force_mld_version = 0 -net.ipv6.conf.wlp4s0.force_tllao = 0 -net.ipv6.conf.wlp4s0.forwarding = 0 -net.ipv6.conf.wlp4s0.hop_limit = 64 -net.ipv6.conf.wlp4s0.ignore_routes_with_linkdown = 0 -net.ipv6.conf.wlp4s0.ioam6_enabled = 0 -net.ipv6.conf.wlp4s0.ioam6_id = 65535 -net.ipv6.conf.wlp4s0.ioam6_id_wide = 4294967295 -net.ipv6.conf.wlp4s0.keep_addr_on_down = 0 -net.ipv6.conf.wlp4s0.max_addresses = 16 -net.ipv6.conf.wlp4s0.max_desync_factor = 600 -net.ipv6.conf.wlp4s0.mc_forwarding = 0 -net.ipv6.conf.wlp4s0.mldv1_unsolicited_report_interval = 10000 -net.ipv6.conf.wlp4s0.mldv2_unsolicited_report_interval = 1000 -net.ipv6.conf.wlp4s0.mtu = 1500 -net.ipv6.conf.wlp4s0.ndisc_evict_nocarrier = 1 -net.ipv6.conf.wlp4s0.ndisc_notify = 0 -net.ipv6.conf.wlp4s0.ndisc_tclass = 0 -net.ipv6.conf.wlp4s0.optimistic_dad = 0 -net.ipv6.conf.wlp4s0.proxy_ndp = 0 -net.ipv6.conf.wlp4s0.ra_defrtr_metric = 1024 -net.ipv6.conf.wlp4s0.regen_max_retry = 3 -net.ipv6.conf.wlp4s0.router_probe_interval = 60 -net.ipv6.conf.wlp4s0.router_solicitation_delay = 1 -net.ipv6.conf.wlp4s0.router_solicitation_interval = 4 -net.ipv6.conf.wlp4s0.router_solicitation_max_interval = 3600 -net.ipv6.conf.wlp4s0.router_solicitations = -1 -net.ipv6.conf.wlp4s0.rpl_seg_enabled = 0 -net.ipv6.conf.wlp4s0.seg6_enabled = 0 -net.ipv6.conf.wlp4s0.seg6_require_hmac = 0 -net.ipv6.conf.wlp4s0.suppress_frag_ndisc = 1 -net.ipv6.conf.wlp4s0.temp_prefered_lft = 86400 -net.ipv6.conf.wlp4s0.temp_valid_lft = 604800 -net.ipv6.conf.wlp4s0.use_oif_addrs_only = 0 -net.ipv6.conf.wlp4s0.use_optimistic = 0 -net.ipv6.conf.wlp4s0.use_tempaddr = 0 +net.ipv6.conf.lo.use_tempaddr = -1 net.ipv6.fib_multipath_hash_fields = 7 net.ipv6.fib_multipath_hash_policy = 0 net.ipv6.fib_notify_on_flag_change = 0 @@ -1330,7 +901,6 @@ net.ipv6.fwmark_reflect = 0 net.ipv6.icmp.echo_ignore_all = 0 net.ipv6.icmp.echo_ignore_anycast = 0 net.ipv6.icmp.echo_ignore_multicast = 0 -net.ipv6.icmp.error_anycast_as_unicast = 0 net.ipv6.icmp.ratelimit = 1000 net.ipv6.icmp.ratemask = 0-1,3-127 net.ipv6.idgen_delay = 1 @@ -1357,7 +927,6 @@ net.ipv6.neigh.default.gc_stale_time = 60 net.ipv6.neigh.default.gc_thresh1 = 128 net.ipv6.neigh.default.gc_thresh2 = 512 net.ipv6.neigh.default.gc_thresh3 = 1024 -net.ipv6.neigh.default.interval_probe_time_ms = 5000 net.ipv6.neigh.default.locktime = 0 net.ipv6.neigh.default.mcast_resolicit = 0 net.ipv6.neigh.default.mcast_solicit = 3 @@ -1367,27 +936,39 @@ net.ipv6.neigh.default.retrans_time_ms = 1000 net.ipv6.neigh.default.ucast_solicit = 3 net.ipv6.neigh.default.unres_qlen = 101 net.ipv6.neigh.default.unres_qlen_bytes = 212992 -net.ipv6.neigh.enp0s31f6.anycast_delay = 100 -net.ipv6.neigh.enp0s31f6.app_solicit = 0 -net.ipv6.neigh.enp0s31f6.base_reachable_time_ms = 30000 -net.ipv6.neigh.enp0s31f6.delay_first_probe_time = 5 -net.ipv6.neigh.enp0s31f6.gc_stale_time = 60 -net.ipv6.neigh.enp0s31f6.interval_probe_time_ms = 5000 -net.ipv6.neigh.enp0s31f6.locktime = 0 -net.ipv6.neigh.enp0s31f6.mcast_resolicit = 0 -net.ipv6.neigh.enp0s31f6.mcast_solicit = 3 -net.ipv6.neigh.enp0s31f6.proxy_delay = 80 -net.ipv6.neigh.enp0s31f6.proxy_qlen = 64 -net.ipv6.neigh.enp0s31f6.retrans_time_ms = 1000 -net.ipv6.neigh.enp0s31f6.ucast_solicit = 3 -net.ipv6.neigh.enp0s31f6.unres_qlen = 101 -net.ipv6.neigh.enp0s31f6.unres_qlen_bytes = 212992 +net.ipv6.neigh.docker0.anycast_delay = 100 +net.ipv6.neigh.docker0.app_solicit = 0 +net.ipv6.neigh.docker0.base_reachable_time_ms = 30000 +net.ipv6.neigh.docker0.delay_first_probe_time = 5 +net.ipv6.neigh.docker0.gc_stale_time = 60 +net.ipv6.neigh.docker0.locktime = 0 +net.ipv6.neigh.docker0.mcast_resolicit = 0 +net.ipv6.neigh.docker0.mcast_solicit = 3 +net.ipv6.neigh.docker0.proxy_delay = 80 +net.ipv6.neigh.docker0.proxy_qlen = 64 +net.ipv6.neigh.docker0.retrans_time_ms = 1000 +net.ipv6.neigh.docker0.ucast_solicit = 3 +net.ipv6.neigh.docker0.unres_qlen = 101 +net.ipv6.neigh.docker0.unres_qlen_bytes = 212992 +net.ipv6.neigh.ens160.anycast_delay = 100 +net.ipv6.neigh.ens160.app_solicit = 0 +net.ipv6.neigh.ens160.base_reachable_time_ms = 30000 +net.ipv6.neigh.ens160.delay_first_probe_time = 5 +net.ipv6.neigh.ens160.gc_stale_time = 60 +net.ipv6.neigh.ens160.locktime = 0 +net.ipv6.neigh.ens160.mcast_resolicit = 0 +net.ipv6.neigh.ens160.mcast_solicit = 3 +net.ipv6.neigh.ens160.proxy_delay = 80 +net.ipv6.neigh.ens160.proxy_qlen = 64 +net.ipv6.neigh.ens160.retrans_time_ms = 1000 +net.ipv6.neigh.ens160.ucast_solicit = 3 +net.ipv6.neigh.ens160.unres_qlen = 101 +net.ipv6.neigh.ens160.unres_qlen_bytes = 212992 net.ipv6.neigh.lo.anycast_delay = 100 net.ipv6.neigh.lo.app_solicit = 0 net.ipv6.neigh.lo.base_reachable_time_ms = 30000 net.ipv6.neigh.lo.delay_first_probe_time = 5 net.ipv6.neigh.lo.gc_stale_time = 60 -net.ipv6.neigh.lo.interval_probe_time_ms = 5000 net.ipv6.neigh.lo.locktime = 0 net.ipv6.neigh.lo.mcast_resolicit = 0 net.ipv6.neigh.lo.mcast_solicit = 3 @@ -1397,73 +978,28 @@ net.ipv6.neigh.lo.retrans_time_ms = 1000 net.ipv6.neigh.lo.ucast_solicit = 3 net.ipv6.neigh.lo.unres_qlen = 101 net.ipv6.neigh.lo.unres_qlen_bytes = 212992 -net.ipv6.neigh.tun0.anycast_delay = 100 -net.ipv6.neigh.tun0.app_solicit = 0 -net.ipv6.neigh.tun0.base_reachable_time_ms = 30000 -net.ipv6.neigh.tun0.delay_first_probe_time = 5 -net.ipv6.neigh.tun0.gc_stale_time = 60 -net.ipv6.neigh.tun0.interval_probe_time_ms = 5000 -net.ipv6.neigh.tun0.locktime = 0 -net.ipv6.neigh.tun0.mcast_resolicit = 0 -net.ipv6.neigh.tun0.mcast_solicit = 3 -net.ipv6.neigh.tun0.proxy_delay = 80 -net.ipv6.neigh.tun0.proxy_qlen = 64 -net.ipv6.neigh.tun0.retrans_time_ms = 1000 -net.ipv6.neigh.tun0.ucast_solicit = 3 -net.ipv6.neigh.tun0.unres_qlen = 101 -net.ipv6.neigh.tun0.unres_qlen_bytes = 212992 -net.ipv6.neigh.virbr0.anycast_delay = 100 -net.ipv6.neigh.virbr0.app_solicit = 0 -net.ipv6.neigh.virbr0.base_reachable_time_ms = 30000 -net.ipv6.neigh.virbr0.delay_first_probe_time = 5 -net.ipv6.neigh.virbr0.gc_stale_time = 60 -net.ipv6.neigh.virbr0.interval_probe_time_ms = 5000 -net.ipv6.neigh.virbr0.locktime = 0 -net.ipv6.neigh.virbr0.mcast_resolicit = 0 -net.ipv6.neigh.virbr0.mcast_solicit = 3 -net.ipv6.neigh.virbr0.proxy_delay = 80 -net.ipv6.neigh.virbr0.proxy_qlen = 64 -net.ipv6.neigh.virbr0.retrans_time_ms = 1000 -net.ipv6.neigh.virbr0.ucast_solicit = 3 -net.ipv6.neigh.virbr0.unres_qlen = 101 -net.ipv6.neigh.virbr0.unres_qlen_bytes = 212992 -net.ipv6.neigh.wlp4s0.anycast_delay = 100 -net.ipv6.neigh.wlp4s0.app_solicit = 0 -net.ipv6.neigh.wlp4s0.base_reachable_time_ms = 30000 -net.ipv6.neigh.wlp4s0.delay_first_probe_time = 5 -net.ipv6.neigh.wlp4s0.gc_stale_time = 60 -net.ipv6.neigh.wlp4s0.interval_probe_time_ms = 5000 -net.ipv6.neigh.wlp4s0.locktime = 0 -net.ipv6.neigh.wlp4s0.mcast_resolicit = 0 -net.ipv6.neigh.wlp4s0.mcast_solicit = 3 -net.ipv6.neigh.wlp4s0.proxy_delay = 80 -net.ipv6.neigh.wlp4s0.proxy_qlen = 64 -net.ipv6.neigh.wlp4s0.retrans_time_ms = 1000 -net.ipv6.neigh.wlp4s0.ucast_solicit = 3 -net.ipv6.neigh.wlp4s0.unres_qlen = 101 -net.ipv6.neigh.wlp4s0.unres_qlen_bytes = 212992 net.ipv6.route.gc_elasticity = 9 net.ipv6.route.gc_interval = 30 net.ipv6.route.gc_min_interval = 0 net.ipv6.route.gc_min_interval_ms = 500 net.ipv6.route.gc_thresh = 1024 net.ipv6.route.gc_timeout = 60 -net.ipv6.route.max_size = 2147483647 +net.ipv6.route.max_size = 4096 net.ipv6.route.min_adv_mss = 1220 net.ipv6.route.mtu_expires = 600 net.ipv6.route.skip_notify_on_dev_down = 0 net.ipv6.seg6_flowlabel = 0 net.ipv6.xfrm6_gc_thresh = 32768 +net.iw_cm.default_backlog = 256 net.mptcp.add_addr_timeout = 120 net.mptcp.allow_join_initial_addr_port = 1 net.mptcp.checksum_enabled = 0 net.mptcp.enabled = 1 -net.mptcp.pm_type = 0 net.mptcp.stale_loss_cnt = 4 net.netfilter.nf_conntrack_acct = 0 net.netfilter.nf_conntrack_buckets = 262144 net.netfilter.nf_conntrack_checksum = 1 -net.netfilter.nf_conntrack_count = 21 +net.netfilter.nf_conntrack_count = 105 net.netfilter.nf_conntrack_dccp_loose = 1 net.netfilter.nf_conntrack_dccp_timeout_closereq = 64 net.netfilter.nf_conntrack_dccp_timeout_closing = 64 @@ -1472,7 +1008,7 @@ net.netfilter.nf_conntrack_dccp_timeout_partopen = 480 net.netfilter.nf_conntrack_dccp_timeout_request = 240 net.netfilter.nf_conntrack_dccp_timeout_respond = 480 net.netfilter.nf_conntrack_dccp_timeout_timewait = 240 -net.netfilter.nf_conntrack_events = 2 +net.netfilter.nf_conntrack_events = 1 net.netfilter.nf_conntrack_expect_max = 4096 net.netfilter.nf_conntrack_frag6_high_thresh = 4194304 net.netfilter.nf_conntrack_frag6_low_thresh = 3145728 @@ -1480,6 +1016,7 @@ net.netfilter.nf_conntrack_frag6_timeout = 60 net.netfilter.nf_conntrack_generic_timeout = 600 net.netfilter.nf_conntrack_gre_timeout = 30 net.netfilter.nf_conntrack_gre_timeout_stream = 180 +net.netfilter.nf_conntrack_helper = 0 net.netfilter.nf_conntrack_icmp_timeout = 30 net.netfilter.nf_conntrack_icmpv6_timeout = 30 net.netfilter.nf_conntrack_log_invalid = 0 @@ -1487,7 +1024,8 @@ net.netfilter.nf_conntrack_max = 262144 net.netfilter.nf_conntrack_sctp_timeout_closed = 10 net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3 net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3 -net.netfilter.nf_conntrack_sctp_timeout_established = 210 +net.netfilter.nf_conntrack_sctp_timeout_established = 432000 +net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked = 210 net.netfilter.nf_conntrack_sctp_timeout_heartbeat_sent = 30 net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3 net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 0 @@ -1515,6 +1053,8 @@ net.netfilter.nf_hooks_lwtunnel = 0 net.netfilter.nf_log.0 = NONE net.netfilter.nf_log.1 = NONE net.netfilter.nf_log.10 = NONE +net.netfilter.nf_log.11 = NONE +net.netfilter.nf_log.12 = NONE net.netfilter.nf_log.2 = NONE net.netfilter.nf_log.3 = NONE net.netfilter.nf_log.4 = NONE @@ -1526,48 +1066,34 @@ net.netfilter.nf_log.9 = NONE net.netfilter.nf_log_all_netns = 0 net.nf_conntrack_max = 262144 net.unix.max_dgram_qlen = 512 -sunrpc.max_resvport = 1023 -sunrpc.min_resvport = 665 -sunrpc.nfs_debug = 0x0000 -sunrpc.nfsd_debug = 0x0000 -sunrpc.nlm_debug = 0x0000 -sunrpc.rpc_debug = 0x0000 -sunrpc.tcp_fin_timeout = 15 -sunrpc.tcp_max_slot_table_entries = 65536 -sunrpc.tcp_slot_table_entries = 2 -sunrpc.transports = tcp 1048576 -sunrpc.transports = udp 32768 -sunrpc.udp_slot_table_entries = 16 -user.max_cgroup_namespaces = 31021 +user.max_cgroup_namespaces = 31231 user.max_fanotify_groups = 128 -user.max_fanotify_marks = 64337 +user.max_fanotify_marks = 64771 user.max_inotify_instances = 128 -user.max_inotify_watches = 60507 -user.max_ipc_namespaces = 31021 -user.max_mnt_namespaces = 31021 -user.max_net_namespaces = 31021 -user.max_pid_namespaces = 31021 -user.max_time_namespaces = 31021 -user.max_user_namespaces = 31021 -user.max_uts_namespaces = 31021 +user.max_inotify_watches = 60915 +user.max_ipc_namespaces = 31231 +user.max_mnt_namespaces = 31231 +user.max_net_namespaces = 31231 +user.max_pid_namespaces = 31231 +user.max_time_namespaces = 31231 +user.max_user_namespaces = 31231 +user.max_uts_namespaces = 31231 vm.admin_reserve_kbytes = 8192 vm.compact_unevictable_allowed = 1 vm.compaction_proactiveness = 20 vm.dirty_background_bytes = 0 vm.dirty_background_ratio = 10 vm.dirty_bytes = 0 -vm.dirty_expire_centisecs = 6000 +vm.dirty_expire_centisecs = 3000 vm.dirty_ratio = 20 -vm.dirty_writeback_centisecs = 6000 +vm.dirty_writeback_centisecs = 500 vm.dirtytime_expire_seconds = 43200 vm.extfrag_threshold = 500 -vm.hugetlb_optimize_vmemmap = 0 vm.hugetlb_shm_group = 0 -vm.laptop_mode = 2 +vm.laptop_mode = 0 vm.legacy_va_layout = 0 vm.lowmem_reserve_ratio = 256 256 32 0 0 vm.max_map_count = 65530 -vm.memfd_noexec = 0 vm.memory_failure_early_kill = 0 vm.memory_failure_recovery = 1 vm.min_free_kbytes = 67584 @@ -1592,7 +1118,7 @@ vm.panic_on_oom = 0 vm.percpu_pagelist_high_fraction = 0 vm.stat_interval = 1 vm.swappiness = 60 -vm.unprivileged_userfaultfd = 1 +vm.unprivileged_userfaultfd = 0 vm.user_reserve_kbytes = 131072 vm.vfs_cache_pressure = 100 vm.watermark_boost_factor = 15000