1 files changed, 34 insertions, 2 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index fbe427a6580c..006b39dec87d 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -164,6 +164,14 @@ tcp_congestion_control - STRING
        additional choices may be available based on kernel configuration.
        Default is set as part of kernel configuration.
+tcp_cookie_size - INTEGER
+        Default size of TCP Cookie Transactions (TCPCT) option, that may be
+        overridden on a per socket basis by the TCPCT socket option.
+        Values greater than the maximum (16) are interpreted as the maximum.
+        Values greater than zero and less than the minimum (8) are interpreted
+        as the minimum.  Odd values are interpreted as the next even value.
+        Default: 0 (off).
 tcp_dsack - BOOLEAN
        Allows TCP to send "duplicate" SACKs.
@@ -723,6 +731,12 @@ accept_source_route - BOOLEAN
        default TRUE (router)
                FALSE (host)
+accept_local - BOOLEAN
+        Accept packets with local source addresses. In combination with
+        suitable routing, this can be used to direct packets between two
+        local interfaces over the wire and have them accepted properly.
+        default FALSE
 rp_filter - INTEGER
        0 - No source validation.
        1 - Strict mode as defined in RFC3704 Strict Reverse Path
@@ -738,8 +752,8 @@ rp_filter - INTEGER
        to prevent IP spoofing from DDos attacks. If using asymmetric routing
        or other complicated routing, then loose mode is recommended.
-        conf/all/rp_filter must also be set to non-zero to do source validation
+        The max value from conf/{all,interface}/rp_filter is used
-        on the interface
+        when doing source validation on the {interface}.
        Default value is 0. Note that some distributions enable it
        in startup scripts.
@@ -1086,6 +1100,24 @@ accept_dad - INTEGER
        2: Enable DAD, and disable IPv6 operation if MAC-based duplicate
           link-local address has been found.
+force_tllao - BOOLEAN
+        Enable sending the target link-layer address option even when
+        responding to a unicast neighbor solicitation.
+        Default: FALSE
+        Quoting from RFC 2461, section 4.4, Target link-layer address:
+        "The option MUST be included for multicast solicitations in order to
+        avoid infinite Neighbor Solicitation "recursion" when the peer node
+        does not have a cache entry to return a Neighbor Advertisements
+        message.  When responding to unicast solicitations, the option can be
+        omitted since the sender of the solicitation has the correct link-
+        layer address; otherwise it would not have be able to send the unicast
+        solicitation in the first place. However, including the link-layer
+        address in this case adds little overhead and eliminates a potential
+        race condition where the sender deletes the cached link-layer address
+        prior to receiving a response to a previous solicitation."
 icmp/*:
 ratelimit - INTEGER
        Limit the maximal rates for sending ICMPv6 packets.

diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index fbe427a6580c..006b39dec87d 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt
@@ -164,6 +164,14 @@ tcp_congestion_control - STRING
164	additional choices may be available based on kernel configuration.	164	additional choices may be available based on kernel configuration.
165	Default is set as part of kernel configuration.	165	Default is set as part of kernel configuration.
166		166
		167	tcp_cookie_size - INTEGER
		168	Default size of TCP Cookie Transactions (TCPCT) option, that may be
		169	overridden on a per socket basis by the TCPCT socket option.
		170	Values greater than the maximum (16) are interpreted as the maximum.
		171	Values greater than zero and less than the minimum (8) are interpreted
		172	as the minimum. Odd values are interpreted as the next even value.
		173	Default: 0 (off).
		174
167	tcp_dsack - BOOLEAN	175	tcp_dsack - BOOLEAN
168	Allows TCP to send "duplicate" SACKs.	176	Allows TCP to send "duplicate" SACKs.
169		177
@@ -723,6 +731,12 @@ accept_source_route - BOOLEAN
723	default TRUE (router)	731	default TRUE (router)
724	FALSE (host)	732	FALSE (host)
725		733
		734	accept_local - BOOLEAN
		735	Accept packets with local source addresses. In combination with
		736	suitable routing, this can be used to direct packets between two
		737	local interfaces over the wire and have them accepted properly.
		738	default FALSE
		739
726	rp_filter - INTEGER	740	rp_filter - INTEGER
727	0 - No source validation.	741	0 - No source validation.
728	1 - Strict mode as defined in RFC3704 Strict Reverse Path	742	1 - Strict mode as defined in RFC3704 Strict Reverse Path
@@ -738,8 +752,8 @@ rp_filter - INTEGER
738	to prevent IP spoofing from DDos attacks. If using asymmetric routing	752	to prevent IP spoofing from DDos attacks. If using asymmetric routing
739	or other complicated routing, then loose mode is recommended.	753	or other complicated routing, then loose mode is recommended.
740		754
741	conf/all/rp_filter must also be set to non-zero to do source validation	755	The max value from conf/{all,interface}/rp_filter is used
742	on the interface	756	when doing source validation on the {interface}.
743		757
744	Default value is 0. Note that some distributions enable it	758	Default value is 0. Note that some distributions enable it
745	in startup scripts.	759	in startup scripts.
@@ -1086,6 +1100,24 @@ accept_dad - INTEGER
1086	2: Enable DAD, and disable IPv6 operation if MAC-based duplicate	1100	2: Enable DAD, and disable IPv6 operation if MAC-based duplicate
1087	link-local address has been found.	1101	link-local address has been found.
1088		1102
		1103	force_tllao - BOOLEAN
		1104	Enable sending the target link-layer address option even when
		1105	responding to a unicast neighbor solicitation.
		1106	Default: FALSE
		1107
		1108	Quoting from RFC 2461, section 4.4, Target link-layer address:
		1109
		1110	"The option MUST be included for multicast solicitations in order to
		1111	avoid infinite Neighbor Solicitation "recursion" when the peer node
		1112	does not have a cache entry to return a Neighbor Advertisements
		1113	message. When responding to unicast solicitations, the option can be
		1114	omitted since the sender of the solicitation has the correct link-
		1115	layer address; otherwise it would not have be able to send the unicast
		1116	solicitation in the first place. However, including the link-layer
		1117	address in this case adds little overhead and eliminates a potential
		1118	race condition where the sender deletes the cached link-layer address
		1119	prior to receiving a response to a previous solicitation."
		1120
1089	icmp/*:	1121	icmp/*:
1090	ratelimit - INTEGER	1122	ratelimit - INTEGER
1091	Limit the maximal rates for sending ICMPv6 packets.	1123	Limit the maximal rates for sending ICMPv6 packets.