diff options
Diffstat (limited to 'Documentation/networking')
-rw-r--r-- | Documentation/networking/ip-sysctl.txt | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index 90ed78110fd4..307cd4ec8edd 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt | |||
@@ -375,6 +375,41 @@ tcp_slow_start_after_idle - BOOLEAN | |||
375 | be timed out after an idle period. | 375 | be timed out after an idle period. |
376 | Default: 1 | 376 | Default: 1 |
377 | 377 | ||
378 | CIPSOv4 Variables: | ||
379 | |||
380 | cipso_cache_enable - BOOLEAN | ||
381 | If set, enable additions to and lookups from the CIPSO label mapping | ||
382 | cache. If unset, additions are ignored and lookups always result in a | ||
383 | miss. However, regardless of the setting the cache is still | ||
384 | invalidated when required when means you can safely toggle this on and | ||
385 | off and the cache will always be "safe". | ||
386 | Default: 1 | ||
387 | |||
388 | cipso_cache_bucket_size - INTEGER | ||
389 | The CIPSO label cache consists of a fixed size hash table with each | ||
390 | hash bucket containing a number of cache entries. This variable limits | ||
391 | the number of entries in each hash bucket; the larger the value the | ||
392 | more CIPSO label mappings that can be cached. When the number of | ||
393 | entries in a given hash bucket reaches this limit adding new entries | ||
394 | causes the oldest entry in the bucket to be removed to make room. | ||
395 | Default: 10 | ||
396 | |||
397 | cipso_rbm_optfmt - BOOLEAN | ||
398 | Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of | ||
399 | the CIPSO draft specification (see Documentation/netlabel for details). | ||
400 | This means that when set the CIPSO tag will be padded with empty | ||
401 | categories in order to make the packet data 32-bit aligned. | ||
402 | Default: 0 | ||
403 | |||
404 | cipso_rbm_structvalid - BOOLEAN | ||
405 | If set, do a very strict check of the CIPSO option when | ||
406 | ip_options_compile() is called. If unset, relax the checks done during | ||
407 | ip_options_compile(). Either way is "safe" as errors are caught else | ||
408 | where in the CIPSO processing code but setting this to 0 (False) should | ||
409 | result in less work (i.e. it should be faster) but could cause problems | ||
410 | with other implementations that require strict checking. | ||
411 | Default: 0 | ||
412 | |||
378 | IP Variables: | 413 | IP Variables: |
379 | 414 | ||
380 | ip_local_port_range - 2 INTEGERS | 415 | ip_local_port_range - 2 INTEGERS |