inconfig(ADMN)
inconfig --
configure the Internet protocol stack
Synopsis
inconfig [ -dnv ] [ -f file ]
[ -s ]
[ parameter [ value ] ]
Description
inconfig is a configuration utility for the
Internet (TCP/IP) kernel drivers. inconfig is
normally run at system startup time to configure the
default kernel parameters used by the TCP/IP protocol
suite.
inconfig reads a configuration file to obtain the
list of kernel parameters and their values. This file is
normally /etc/inet/inet.dfl, but a different file
can be specified with the -f option.
See
``Parameters''
for a description of the parameters.
For each parameter listed in the configuration file,
inconfig initializes the parameter to the
specified value.
The current value of a single parameter can be retrieved by
specifying only the parameter name as an argument to inconfig.
If a ``parameter value'' pair is
specified, the associated kernel parameter is modified. The configuration
file is also updated so that the parameter will be correctly
initialized the next time the system is restarted. The
-n option causes the configuration file to remain
unchanged. This is useful when turning on debugging
messages that are not desired in normal operation.
Each configuration parameter has a minimum and a maximum allowable value
enforced by the kernel. Attempts to set the parameter to a value outside
of the allowable range will be disallowed.
inconfig goes to great lengths to preserve the
current configuration in the event of an I/O
error. Before the new configuration is generated,
file is renamed to file.bak. If the
configuration cannot be updated, inconfig will
attempt to restore the old one. If the restore fails, the
configuration is left in file.bak. If the new
configuration is successfully saved, the backup file will
be deleted. inconfig blocks SIGHUP,
SIGINT, and SIGTERM while the
configuration is being updated.
The -v option causes inconfig to display
information about each parameter found in the configuration
file as it is being processed.
If the -d option is used, neither the kernel
nor the configuration file will be updated. Instead
inconfig will display every change it would have
made if the -d option had not been used.
The -s option displays the current configuration but does
not attempt to modify it.
Only root may use this command.
Parameters
The parameters are grouped according to function:
The default values of the parameters are configured to work
efficiently in most situations.
WARNING:
Never edit the settings for these parameters in the file
/etc/inet/inet.dfl; always use inconfig to
change them.
Address Resolution Protocol (ARP) parameters
The following parameters control the behavior of the
Address Resolution Protocol (ARP).
arpprintfs-
Controls logging of warnings from the kernel ARP
driver. These are displayed on the console.
Logging is turned on if this parameter is set to 1.
If set to 0 (the default), debugging information is not displayed.
arp_maxretries-
Sets the maximum number of retries for the address resolution
protocol (ARP) before it gives up.
The default value is 5; the minimum and maximum configurable
values are 1 and 128.
arpt_down-
Sets the time to hold onto an incomplete ARP
cache entry if ARP lookup fails.
The default value is 20 seconds; the minimum and maximum configurable
values are 1 and 600 seconds.
arpt_keep-
Sets the time to keep a valid entry in the ARP cache.
The default value is 1200 seconds; the minimum and maximum configurable
values are 1 and 2400 seconds.
arpt_prune-
Sets the interval between scanning the ARP table for
stale entries.
The default value is 300 seconds; the minimum and maximum configurable
values are 1 and 1800 seconds.
Internet Control Message Protocol Version 4 (ICMPv4) parameters
The following parameters control the behavior of
the Internet Control Message Protocol (ICMP).
icmp_answermask-
If set to 1, the system will respond to ICMP
subnet mask request messages.
This parameter must be set to 1 to support certain hosts such as
diskless workstations.
The default value is 0, do not respond, as specified in
RFC 1122.
icmp_quenchsz-
Controls how many addresses to remember every 200ms when performing
ICMP source quenching. If a host's address is remembered, this
ensures that no more than five quench messages can be sent to it
per second.
The default value is 32.
The minimum and maximum configurable values are 1 and 4096.
icmp_reply_broadcasts-
If set to 1, the system will reply to ICMP requests
that are directed to broadcast, multicast, or experimental addresses.
If set to 0 (the default), the system will not reply to such requests.
icmpprintfs-
Controls logging of warnings from the kernel ICMP
driver. These are displayed on the console.
Logging is turned on if this parameter is set to 1.
If set to 0 (the default), debugging information is not displayed.
Internet Group Management Protocol Version 4 (IGMPv4) parameters
The following parameter controls the behavior of
the Internet Group Management Protocol (IGMP).
igmpprintfs-
Controls logging of warnings from the kernel IGMP
driver. These are displayed on the console.
Logging is turned on if this parameter is set to 1.
If set to 0 (the default), debugging information is not displayed.
Internet Protocol Version 4 (IPv4) parameters
The following parameters control the behavior of
the Internet Protocol (IP).
The number of interfaces supported by IP is dynamic
and does not need tuning.
NOTE:
The value of the parameters in_fullsize,
in_recvspace, and in_sendspace
affect the systemwide interface defaults.
Their values may be overridden on a per-interface basis.
This allows you to mix fast and slow network
hardware on the same system with optimal performance
parameters defined for each interface. See
ifconfig(ADMN).
in_fullsize-
Controls the systemwide default TCP/IP behavior for attempting to
negotiate the use of full-sized segments. If set to 1 (the
default), TCP/IP attempts to use a segment size equal to the
interface MTU minus the size of the TCP/IP
headers. If set to 0, TCP/IP rounds the segment size down
to the nearest multiple of 1KB.
in_loglimit-
Controls how many bytes of the error packet to display when
debugging. Note that the appropriate xxxprintfs
parameter (such as tcpprintfs)
must be set to a non-zero value to enable logging.
The default value is 64. The minimum and maximum
configurable values are 1 and 255.
in_recvspace-
Sets the systemwide default size of the TCP/IP receive
window in bytes.
(This can be overridden by using
setsockopt(SSC)
to set SO_RCVBUF.)
The default value is 4096 bytes.
The minimum and maximum configurable values are
2048 and 65535 bytes.
in_sendspace-
Sets the systemwide default size of the TCP/IP send window
in bytes.
This should be at least as large as the loopback MTU.
(This can be overridden by using
setsockopt(SSC)
to set SO_SNDBUF.)
The default value is 8192 bytes.
The minimum and maximum configurable values are 2048 and 65535 bytes.
ip_checkbroadaddr-
Controls whether IP checks whether unicast packets
specify a broadcast address.
If set to 1 (the default as specified in RFC 1122),
IP discards non-broadcast packets sent to a link-level broadcast
address. In the unlikely event that a data-link driver does not
support this, packets may be discarded erroneously.
If netstat -s -p ip shows that many
packets cannot be forwarded, set this parameter to 0
to turn off checking.
ip_dirbroadcast-
If set to 1 (the default),
allows receipt of broadcast packets only if they match one of the
broadcast addresses configured for the interface upon which the
packet was received.
If set to 0, allows receipt of broadcast packets that
match any configured broadcast address.
ip_forward_broadcasts-
If set to 1, received broadcast packets addressed to the
broadcast address of an attached interface are
forwarded for broadcasting on the interface.
If set to 0 (the default), rebroadcasting is not permitted.
ip_perform_pmtu-
IP performs Path Maximum Transmission Unit
(Path MTU or PMTU)
discovery as specified in RFC 1191
if set to 1 (the default). This causes IP to
send packets with the ``do not fragment'' bit set so that
routers will generate ``Fragmentation Required'' messages if they
cannot forward the whole packet. Retransmission with a smaller packet
size allows the minimum MTU in the path to the destination
to be established.
If you experience interoperability problems because intermediate routers do
not support this feature, a value of 0 disables PMTU.
If you disable PMTU, you should also set
tcp_offer_big_mss (described in
``Transmission Control Protocol (TCP/IP) parameters'')
to 0.
ip_pmtu_decrease_age-
Controls how many seconds IP will wait (while performing
PMTU) after decreasing an MTU estimate before
it starts raising it.
The default value is 600 seconds.
The maximum configurable value is 32667.
If set to
0xffffffff
, the estimate is never raised;
this is useful if there is only one path out of your local
network and its MTU is known to be constant.
ip_pmtu_increase_age-
Sets the number of seconds between increasing the MTU
estimate for a destination once it starts to increase.
The default value is 120 seconds. The minimum and maximum
configurable values are 0 and 600 seconds.
ip_settos-
If set to 1 (the default), IP
sets type-of service TOS information
(as specified in RFC 1122) in packets that it
sends down to the data-link layer.
Set this to 0 if your network card link-level driver cannot handle this.
ip_subnetsarelocal-
The default value of 1 specifies that other subnets of the network
are to be considered as local -- that is, directly connected.
TCP/IP assumes them to be connected via high-MSS paths
and adjusts its idea of the MSS to be negotiated.
Otherwise, TCP/IP uses the default MSS specified by
tcp_mssdflt (described in
``Transmission Control Protocol (TCP/IP) parameters'')
-- this is typically 512 bytes in
accordance with RFC 793 and RFC 1122.
By default, the parameter tcp_offer_big_mss
is set to 1 so that Path MTU discovery can be used
to provide the maximum benefit.
If the value of tcp_offer_big_mss is set to 0,
setting the value of ip_subnetsarelocal to 1
allows for good local performance even though PMTU
discovery is not used.
The message ``ICMP Host Unreachable'' is
generated for local subnet routing failures.
When this value is set to 0, the packet size is set to 576 bytes, as
specified in RFC 1122.
The default value of 1 enables this feature; if set to 0, it
is disabled.
ip_ttl-
Sets the time to live (TTL) of an IP
packet as a number of hops. This value is used by all kernel
drivers that need it (including TCP/IP).
The default value is 64 as recommended by RFC 1340.
The minimum and maximum configurable values are 1 and 255.
ipforwarding-
ipsendredirects-
If you want to use your machine as a unicast or multicast router,
set both these parameters to 1.
ipforwarding controls whether the system will forward
packets sent to it which are destined for another system (that
is, act as a router). The default value is 0 (off) as
defined by RFC 1122. A system acting as a host will
still forward source-routed datagrams unless
ipnonlocalsrcroute is set to 0.
ipsendredirects controls whether IP will
send an ICMP redirect error message to a host
when forwarding a packet out of the same interface
on which it was received. The message informs the sending host which
is the correct router to use in the future.
This allows the sending host to adjust its routing table appropriately.
This should be set to 1 if ipforwarding is set to 1.
ipnonlocalsrcroute-
Controls whether source-routed datagrams will be forwarded if
they are not destined for the local system.
On hosts, the default value is 0 (off).
If your machine is acting as a router (ipforwarding is set to 1),
set the value of ipnonlocalsrcroute to 1
unless you are concerned that this may open a security hole.
ipport_reserved_high-
ipport_reserved_low-
ipport_userreserved_high-
ipport_userreserved_low-
These four parameters control the allocation and verification of
reserved and ephemeral port numbers.
ipport_reserved_low (default value 512) and
ipport_reserved_high (default value 1023) set the bottom
and top values of the port range which the kernel considers privileged.
A process requires super user privileges to assign itself a
reserved port whose number is less than or equal to
ipport_reserved_high.
WARNING:
Ports whose numbers are less than or equal to
ipport_reserved_high are also assumed to be privileged
when they are used by processes on remote systems.
Setting ipport_reserved_high to a value higher than
the default will expose your system to attack from systems on which
ports with numbers greater than 1023 and less than
ipport_reserved_high are not privileged.
For example, remote
rlogin(TC)
clients must demonstrate to the server
that they have bound themselves to a reserved port
as part of the authentication process.
If the local value of ipport_reserved_high is set to
a value greater than the default,
a remote process without super user privileges,
masquerading as an rlogin
client, could gain access to a local user account which
has a .rhosts entry that allows a remote user to
log in without specifying a password.
Similar attacks are also possible using bogus versions of
rcp(TC)
and
rsh(TC).
ipport_userreserved_low (default value 32768) and
ipport_userreserved_high (default value 65535) set the
bottom and top values of the port range from which ephemeral
ports will be allocated.
In previous releases, these values were fixed at
1024 and 5000 respectively.
ipprintfs-
Controls logging of warnings from the kernel IP
driver. These are displayed on the console.
Logging is turned on if this parameter is set to 1.
If set to 0 (the default), debugging information is not displayed.
Transmission Control Protocol (TCP/IP) parameters
The following parameters control the behavior of the
Transmission Control Protocol (TCP/IP).
tcp_2msl-
Sets the time in seconds that a TCP/IP connection will remain in
the TIME_WAIT state waiting for a FIN from the remote
side before being moved to the CLOSED state.
The default time period is 240 seconds as defined by RFC 793.
The minimum and maximum configurable values are 30 and 240 seconds.
tcp_delay_acks-
Selects TCP/IP delayed acknowledgements (ACKs)
if set to 1 (default),
and selects immediate ACKs if set to 0.
If delayed ACKs are set, TCP/IP does not send an
ACK immediately on receiving data.
TCP/IP normally delays sending an
ACK to improve the chance that it can bundle it
with transmitted data.
tcp_do_rfc1323-
Control system-wide implementation of TCP/IP performance
extensions including timestamps and large window scaling
(as defined in RFC 1323). These features provide more
efficient and reliable usage of high-bandwidth, high-latency links.
If set to 1 (the default), negotiation is turned on and will permit
a TCP/IP receive window size as large as 1,073,725,440 bytes
(just under 1GB).
If set to 0, negotiation is disabled
and the largest possible window size is 65,535 bytes (64KB-1).
Window size negotiation may be disabled on a per-interface basis
by specifying the -rfc1323 option to
ifconfig(ADMN).
This is necessary for PPP and SLIP interfaces that
allow header compression.
tcp_initial_timeout-
Sets the TCP/IP retransmit time for an initial
SYN segment when establishing a connection.
(See also the description of tcp_q0limit.)
The default value is 180 seconds as defined by RFC 1122.
The minimum and maximum configurable values are 1 and 7200 seconds.
tcp_keepalive_port-
Selects a local TCP/IP server port for which incoming TCP/IP
connections will automatically set the
SO_KEEPALIVE option (see
setsockopt(SSC))
to enable TCP/IP keepalives.
If keepalives are not enabled for a TCP/IP connection,
the socket will not be closed should the client hang or reboot.
This can lead to the number of bogus ``established'' connections
building up over time on the server.
These bogus connections consume system resources,
and may eventually prevent new connections from being established
until the system is rebooted.
If keepalives are enabled, the server will
detect broken connections and close the associated sockets.
See also the descriptions of tcp_keepidle,
tcp_keepintvl and tcp_nkeep.
The minimum and maximum values are 0 and 65535 (0xffff).
The default value of 0 means that TCP/IP keepalives are not
automatically enabled for any local server port.
A value of 65535 automatically enables keepalives
for TCP/IP connections to all local server ports.
A value from 1 to 65534 selects a single server port
on which keepalives are automatically enabled.
NOTE:
The settings of this parameter are not cumulative; it
can only be used to set automatic TCP/IP keepalives
on none, one, or all of the server ports.
Automatic keepalives will be disabled on a server port if
subsequently enabled for a different port.
A server process can call setsockopt to set SO_KEEPALIVE.
tcp_keepidle-
Sets the idle time before TCP/IP keepalives are sent
(if enabled). The default value is 7200 seconds.
The minimum and maximum configurable values are 300 and 86400
seconds.
tcp_keepintvl-
Sets the TCP/IP keepalive interval between keepalive
packets once they start being sent.
The default value is 75 seconds.
The minimum and maximum configurable values are 1 and 43200
seconds.
tcp_mss_sw_threshold-
Defines the small window threshold for interface MTUs.
If the MTU of an interface is small enough to force
TCP/IP to use an MSS smaller than this threshold,
then TCP/IP will use the receive window size specified by
tcp_small_recvspace. This is an optimization to avoid
buffering too much data on low-speed links such as SLIP
and PPP.
The default value is 1024 bytes. The minimum and maximum
configurable values are 512 and 4096 bytes.
tcp_mssdflt-
Sets the default TCP/IP segment size to use on interfaces
for which MSS and Path MTU information is
not available.
The default and minimum value is 512 bytes. The maximum
configurable value is 32768. You should keep the value of this
parameter small if possible.
tcp_nkeep-
Sets the number of TCP/IP keepalives that will be sent
before giving up.
The default value is 8. The minimum and maximum
configurable values are 1 and 256.
tcp_offer_big_mss-
In order to get the maximum benefit out of Path MTU
(PMTU) discovery, TCP/IP normally offers an
MSS that is derived from the local interface
MTU (after subtracting the packet header sizes).
This allows the remote system to send the biggest segments that
the network can handle. Set this parameter to 0 for systems that
cannot handle this, or that do not implement PMTU
discovery. This causes TCP/IP to offer a smaller
MTU for non-local connections (see
ip_subnetsarelocal in
``Internet Protocol Version 4 (IPv4) parameters'').
The default value of 1 (offer it) allows maximum benefit to be
gained from PMTU discovery; a value of 0 disables this.
tcp_q0limit-
Sets the maximum length of the pending (3-way handshake incomplete)
connection queue for a TCP endpoint. This protects a server
against SYN flood attacks.
When the pending connection queue is full
and a new connection request arrives,
the kernel will randomly drop an outstanding partial connection
from the pending queue and add the new connection to the queue.
Setting tcp_q0limit modifies the system behavior as
follows:
-
The backlog parameter to
listen(SSC)
specifies the maximum number of established
(3-way handshake complete) connections that
the kernel will queue for a given socket while
accept(SSC)
is processing them.
In previous releases, backlog specified
the maximum length of both the pending and
established queues for a socket.
-
If a pending connection is dropped, the connection is terminated
(by sending RST) and the client will receive an appropriate
error (usually ECONNRESET).
-
At least 800 bytes of memory are allocated
to each partial connection. This implies that
each listening port could potentially use
tcp_q0limit800 bytes.
The default value of 0 provides the same behavior as in previous releases.
The minimum and maximum configurable values are 1 and 65535.
If you set tcp_q0limit to a non-zero value,
it should be greater than 1.
The value must be high enough to cope with peak demand
by incoming connection requests. You should also set the
value even higher if most of the physical links are low speed
and/or high latency.
Use
netstat -s -p tcp
to display statistics of partial connections that have been dropped.
tcp_qlimit_scale-
If set to 1 (the default), increase the
listen(SSC)
backlog limit for incoming connections by 50%.
If set to 0, the backlog limit is not scaled
as required for UNIX 95 conformance.
tcp_secret-
tcp_seqbits-
To protect against IP address spoofing attacks, a random
element is introduced into how TCP/IP chooses the initial send
sequence number and its increment.
tcp_secret seeds the random number sequence. Its value
can be set to any integer from 0 through 2147483647.
tcp_seqbits selects the number of bits
of tcp_secret that are used to seed
the sequence number increment value.
The default value of tcp_seqbits is 21; its minimum and maximum
values are 16 and 26. The default value represents a compromise between
security and the uniqueness of the sequence number.
If the value of tcp_seqbits is small, this increases the
possibility that an attacker can guess the random number.
A large value for tcp_seqbits decreases the time
before a given sequence number occurs again.
tcp_small_recvspace-
If the MTU is less than the small window threshold,
tcp_mss_sw_threshold, sets the receive window size
to use on interfaces that require small windows.
The default value is 4096 bytes. The minimum and maximum
configurable values are 1024 and 16384 bytes.
tcp_urgbehavior-
Controls how TCP/IP interprets urgent data.
If set to 0, it interprets it in RFC 1122 mode;
if set to 1 (the default), it interprets it in BSD mode.
tcpalldebug-
If set to 1, captures trace information for all connections.
The default value is 0 which causes TCP/IP to trace
only those connections that set the SO_DEBUG option.
This information can be retrieved using the
trpt(ADMN)
command, or displayed on the console if tcpconsdebug is set.
tcpconsdebug-
Directs TCP/IP connection trace output to the console if
set to 1 (see also tcpalldebug).
The default value is 0.
tcpprintfs-
Controls logging of warnings from the kernel TCP/IP
driver. These are displayed on the console.
Logging is turned on if this parameter is set to 1.
If set to 0 (the default), debugging information is not displayed.
User Datagram Protocol (UDP) parameters
The following parameter controls the behavior of the
User Datagram Protocol (UDP).
udpprintfs-
Controls logging of warnings from the kernel UDP
driver. These are displayed on the console.
Logging is turned on if this parameter is set to 1.
If set to 0 (the default), debugging information is not displayed.
Socket parameters
The following parameters controls the behavior of the
socket subsystem:
ss_connafunixndelay-
Determines how a non-blocking
connect(SSC)
on a unix domain (AF_UNIX)
socket will behave.
If set to 0 (default),
connect returns -1 and sets EINPROGRESS in errno.
However, the connection request is not aborted, and the
connection is established asynchronously.
Subsequent connect calls
to the socket will fail if a connection has not yet been set up,
and will return EALREADY in errno.
If set to 1, connect returns 0 and
does not set a value in errno.
The connection will complete synchronously
and without appreciable delay.
This ensures compatibility for applications
which have been developed on operating systems
where EINPROGRESS is not set.
ss_selectrdband-
Determines how
select(S)
will behave when a socket,
for which an exception descriptor set has been defined,
is shut down or closed for read operations.
If set to 0 (default), exception bits are not set.
If set to 1, exception bits are set.
ss_uw7_compat-
The value of this parameter controls how newly created sockets
handle asynchronous errors and events (see
sock(ADMP)):
0-
Sockets created by all binaries exhibit new behavior.
1 (default)-
Sockets created by binaries that have
been compiled on a UnixWare® 7 release 7.1.1 or later system
exhibit new behavior.
Sockets created by older binaries behave as in previous releases.
2-
Sockets created by all binaries behave as in previous releases.
Files
/etc/inet/inet.dfl-
configuration file
References
arp(ADMP),
icmp(ADMP),
igmp(ADMP),
incf(ADMP),
inet(ADMP),
ip(ADMP),
netbios(ADMP),
netstat(ADMN),
ppp(HW),
sock(ADMP),
tcp(ADMP),
udp(ADMP)
RFC 793,
RFC 1122,
RFC 1191,
RFC 1323,
RFC 1340
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 - 01 June 2005