sphinx.addnodesdocument)}( rawsourcechildren]( translations LanguagesNode)}(hhh](h pending_xref)}(hhh]docutils.nodesTextChinese (Simplified)}parenthsba attributes}(ids]classes]names]dupnames]backrefs] refdomainstdreftypedoc reftarget2/translations/zh_CN/networking/nf_conntrack-sysctlmodnameN classnameN refexplicitutagnamehhh ubh)}(hhh]hChinese (Traditional)}hh2sbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget2/translations/zh_TW/networking/nf_conntrack-sysctlmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hItalian}hhFsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget2/translations/it_IT/networking/nf_conntrack-sysctlmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hJapanese}hhZsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget2/translations/ja_JP/networking/nf_conntrack-sysctlmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hKorean}hhnsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget2/translations/ko_KR/networking/nf_conntrack-sysctlmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hPortuguese (Brazilian)}hhsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget2/translations/pt_BR/networking/nf_conntrack-sysctlmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hSpanish}hhsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget2/translations/sp_SP/networking/nf_conntrack-sysctlmodnameN classnameN refexplicituh1hhh ubeh}(h]h ]h"]h$]h&]current_languageEnglishuh1h hh _documenthsourceNlineNubhcomment)}(h SPDX-License-Identifier: GPL-2.0h]h SPDX-License-Identifier: GPL-2.0}hhsbah}(h]h ]h"]h$]h&] xml:spacepreserveuh1hhhhhhL/var/lib/git/docbuild/linux/Documentation/networking/nf_conntrack-sysctl.rsthKubhsection)}(hhh](htitle)}(h#Netfilter Conntrack Sysfs variablesh]h#Netfilter Conntrack Sysfs variables}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhhhKubh)}(hhh](h)}(h1/proc/sys/net/netfilter/nf_conntrack_* Variables:h]h1/proc/sys/net/netfilter/nf_conntrack_* Variables:}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhhhKubhdefinition_list)}(hhh](hdefinition_list_item)}(hnf_conntrack_acct - BOOLEAN - 0 - disabled (default) - not 0 - enabled Enable connection tracking flow accounting. 64-bit byte and packet counters per flow are added. h](hterm)}(hnf_conntrack_acct - BOOLEANh]hnf_conntrack_acct - BOOLEAN}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhubh definition)}(hhh](h bullet_list)}(hhh](h list_item)}(h0 - disabled (default)h]h paragraph)}(hjh]h0 - disabled (default)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK hjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hnot 0 - enabled h]j)}(hnot 0 - enabledh]hnot 0 - enabled}(hj2hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK hj.ubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]bullet-uh1jhhhK hj ubj)}(h_Enable connection tracking flow accounting. 64-bit byte and packet counters per flow are added.h]h_Enable connection tracking flow accounting. 64-bit byte and packet counters per flow are added.}(hjNhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj ubeh}(h]h ]h"]h$]h&]uh1j hhubeh}(h]h ]h"]h$]h&]uh1hhhhKhhubh)}(hX\nf_conntrack_buckets - INTEGER Size of hash table. If not specified as parameter during module loading, the default size is calculated by dividing total memory by 16384 to determine the number of buckets. The hash table will never have fewer than 1024 and never more than 262144 buckets. This sysctl is only writeable in the initial net namespace. h](h)}(hnf_conntrack_buckets - INTEGERh]hnf_conntrack_buckets - INTEGER}(hjlhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjhubj )}(hhh]j)}(hX<Size of hash table. If not specified as parameter during module loading, the default size is calculated by dividing total memory by 16384 to determine the number of buckets. The hash table will never have fewer than 1024 and never more than 262144 buckets. This sysctl is only writeable in the initial net namespace.h]hX<Size of hash table. If not specified as parameter during module loading, the default size is calculated by dividing total memory by 16384 to determine the number of buckets. The hash table will never have fewer than 1024 and never more than 262144 buckets. This sysctl is only writeable in the initial net namespace.}(hj}hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjzubah}(h]h ]h"]h$]h&]uh1j hjhubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hnf_conntrack_checksum - BOOLEAN - 0 - disabled - not 0 - enabled (default) Verify checksum of incoming packets. Packets with bad checksums are in INVALID state. If this is enabled, such packets will not be considered for connection tracking. h](h)}(hnf_conntrack_checksum - BOOLEANh]hnf_conntrack_checksum - BOOLEAN}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubj )}(hhh](j)}(hhh](j)}(h 0 - disabledh]j)}(hjh]h 0 - disabled}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hnot 0 - enabled (default) h]j)}(hnot 0 - enabled (default)h]hnot 0 - enabled (default)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]jLjMuh1jhhhKhjubj)}(hVerify checksum of incoming packets. Packets with bad checksums are in INVALID state. If this is enabled, such packets will not be considered for connection tracking.h]hVerify checksum of incoming packets. Packets with bad checksums are in INVALID state. If this is enabled, such packets will not be considered for connection tracking.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubeh}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hUnf_conntrack_count - INTEGER (read-only) Number of currently allocated flow entries. h](h)}(h(nf_conntrack_count - INTEGER (read-only)h]h(nf_conntrack_count - INTEGER (read-only)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK!hjubj )}(hhh]j)}(h+Number of currently allocated flow entries.h]h+Number of currently allocated flow entries.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK!hjubah}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhK!hhhhubh)}(hX,nf_conntrack_events - BOOLEAN - 0 - disabled - 1 - enabled - 2 - auto (default) If this option is enabled, the connection tracking code will provide userspace with connection tracking events via ctnetlink. The default allocates the extension if a userspace program is listening to ctnetlink events. h](h)}(hnf_conntrack_events - BOOLEANh]hnf_conntrack_events - BOOLEAN}(hj1hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK+hj-ubj )}(hhh](j)}(hhh](j)}(h 0 - disabledh]j)}(hjGh]h 0 - disabled}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK$hjEubah}(h]h ]h"]h$]h&]uh1jhjBubj)}(h 1 - enabledh]j)}(hj^h]h 1 - enabled}(hj`hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK%hj\ubah}(h]h ]h"]h$]h&]uh1jhjBubj)}(h2 - auto (default) h]j)}(h2 - auto (default)h]h2 - auto (default)}(hjwhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK&hjsubah}(h]h ]h"]h$]h&]uh1jhjBubeh}(h]h ]h"]h$]h&]jLjMuh1jhhhK$hj?ubj)}(hIf this option is enabled, the connection tracking code will provide userspace with connection tracking events via ctnetlink. The default allocates the extension if a userspace program is listening to ctnetlink events.h]hIf this option is enabled, the connection tracking code will provide userspace with connection tracking events via ctnetlink. The default allocates the extension if a userspace program is listening to ctnetlink events.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK(hj?ubeh}(h]h ]h"]h$]h&]uh1j hj-ubeh}(h]h ]h"]h$]h&]uh1hhhhK+hhhhubh)}(hnf_conntrack_expect_max - INTEGER Maximum size of expectation table. Default value is nf_conntrack_buckets / 256. Minimum is 1. h](h)}(h!nf_conntrack_expect_max - INTEGERh]h!nf_conntrack_expect_max - INTEGER}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK/hjubj )}(hhh]j)}(h^Maximum size of expectation table. Default value is nf_conntrack_buckets / 256. Minimum is 1.h]h^Maximum size of expectation table. Default value is nf_conntrack_buckets / 256. Minimum is 1.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK.hjubah}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhK/hhhhubh)}(hXnf_conntrack_frag6_high_thresh - INTEGER default 262144 Maximum memory used to reassemble IPv6 fragments. When nf_conntrack_frag6_high_thresh bytes of memory is allocated for this purpose, the fragment handler will toss packets until nf_conntrack_frag6_low_thresh is reached. h](h)}(h(nf_conntrack_frag6_high_thresh - INTEGERh]h(nf_conntrack_frag6_high_thresh - INTEGER}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK7hjubj )}(hhh](j)}(hdefault 262144h]hdefault 262144}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK2hjubj)}(hMaximum memory used to reassemble IPv6 fragments. When nf_conntrack_frag6_high_thresh bytes of memory is allocated for this purpose, the fragment handler will toss packets until nf_conntrack_frag6_low_thresh is reached.h]hMaximum memory used to reassemble IPv6 fragments. When nf_conntrack_frag6_high_thresh bytes of memory is allocated for this purpose, the fragment handler will toss packets until nf_conntrack_frag6_low_thresh is reached.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK4hjubeh}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhK7hhhhubh)}(hZnf_conntrack_frag6_low_thresh - INTEGER default 196608 See nf_conntrack_frag6_low_thresh h](h)}(h'nf_conntrack_frag6_low_thresh - INTEGERh]h'nf_conntrack_frag6_low_thresh - INTEGER}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKnf_conntrack_tcp_timeout_close - INTEGER (seconds) default 10 h](h)}(h2nf_conntrack_tcp_timeout_close - INTEGER (seconds)h]h2nf_conntrack_tcp_timeout_close - INTEGER (seconds)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubj )}(hhh]j)}(h default 10h]h default 10}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hCnf_conntrack_tcp_timeout_close_wait - INTEGER (seconds) default 60 h](h)}(h7nf_conntrack_tcp_timeout_close_wait - INTEGER (seconds)h]h7nf_conntrack_tcp_timeout_close_wait - INTEGER (seconds)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubj )}(hhh]j)}(h default 60h]h default 60}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hQnf_conntrack_tcp_timeout_established - INTEGER (seconds) default 432000 (5 days) h](h)}(h8nf_conntrack_tcp_timeout_established - INTEGER (seconds)h]h8nf_conntrack_tcp_timeout_established - INTEGER (seconds)}(hj%hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj!ubj )}(hhh]j)}(hdefault 432000 (5 days)h]hdefault 432000 (5 days)}(hj6hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj3ubah}(h]h ]h"]h$]h&]uh1j hj!ubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hBnf_conntrack_tcp_timeout_fin_wait - INTEGER (seconds) default 120 h](h)}(h5nf_conntrack_tcp_timeout_fin_wait - INTEGER (seconds)h]h5nf_conntrack_tcp_timeout_fin_wait - INTEGER (seconds)}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjPubj )}(hhh]j)}(h default 120h]h default 120}(hjehhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjbubah}(h]h ]h"]h$]h&]uh1j hjPubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hAnf_conntrack_tcp_timeout_last_ack - INTEGER (seconds) default 30 h](h)}(h5nf_conntrack_tcp_timeout_last_ack - INTEGER (seconds)h]h5nf_conntrack_tcp_timeout_last_ack - INTEGER (seconds)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubj )}(hhh]j)}(h default 30h]h default 30}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hEnf_conntrack_tcp_timeout_max_retrans - INTEGER (seconds) default 300 h](h)}(h8nf_conntrack_tcp_timeout_max_retrans - INTEGER (seconds)h]h8nf_conntrack_tcp_timeout_max_retrans - INTEGER (seconds)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubj )}(hhh]j)}(h default 300h]h default 300}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hAnf_conntrack_tcp_timeout_syn_recv - INTEGER (seconds) default 60 h](h)}(h5nf_conntrack_tcp_timeout_syn_recv - INTEGER (seconds)h]h5nf_conntrack_tcp_timeout_syn_recv - INTEGER (seconds)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubj )}(hhh]j)}(h default 60h]h default 60}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hBnf_conntrack_tcp_timeout_syn_sent - INTEGER (seconds) default 120 h](h)}(h5nf_conntrack_tcp_timeout_syn_sent - INTEGER (seconds)h]h5nf_conntrack_tcp_timeout_syn_sent - INTEGER (seconds)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubj )}(hhh]j)}(h default 120h]h default 120}(hj!hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1j hj ubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hCnf_conntrack_tcp_timeout_time_wait - INTEGER (seconds) default 120 h](h)}(h6nf_conntrack_tcp_timeout_time_wait - INTEGER (seconds)h]h6nf_conntrack_tcp_timeout_time_wait - INTEGER (seconds)}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj;ubj )}(hhh]j)}(h default 120h]h default 120}(hjPhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjMubah}(h]h ]h"]h$]h&]uh1j hj;ubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hHnf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds) default 300 h](h)}(h;nf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds)h]h;nf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds)}(hjnhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjjubj )}(hhh]j)}(h default 300h]h default 300}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj|ubah}(h]h ]h"]h$]h&]uh1j hjjubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(h{nf_conntrack_timestamp - BOOLEAN - 0 - disabled (default) - not 0 - enabled Enable connection tracking flow timestamping. h](h)}(h nf_conntrack_timestamp - BOOLEANh]h nf_conntrack_timestamp - BOOLEAN}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubj )}(hhh](j)}(hhh](j)}(h0 - disabled (default)h]j)}(hjh]h0 - disabled (default)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hnot 0 - enabled h]j)}(hnot 0 - enabledh]hnot 0 - enabled}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]jLjMuh1jhhhKhjubj)}(h-Enable connection tracking flow timestamping.h]h-Enable connection tracking flow timestamping.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubeh}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(h@nf_conntrack_sctp_timeout_closed - INTEGER (seconds) default 10 h](h)}(h4nf_conntrack_sctp_timeout_closed - INTEGER (seconds)h]h4nf_conntrack_sctp_timeout_closed - INTEGER (seconds)}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubj )}(hhh]j)}(h default 10h]h default 10}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj ubah}(h]h ]h"]h$]h&]uh1j hj ubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hDnf_conntrack_sctp_timeout_cookie_wait - INTEGER (seconds) default 3 h](h)}(h9nf_conntrack_sctp_timeout_cookie_wait - INTEGER (seconds)h]h9nf_conntrack_sctp_timeout_cookie_wait - INTEGER (seconds)}(hj3 hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj/ ubj )}(hhh]j)}(h default 3h]h default 3}(hjD hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjA ubah}(h]h ]h"]h$]h&]uh1j hj/ ubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hFnf_conntrack_sctp_timeout_cookie_echoed - INTEGER (seconds) default 3 h](h)}(h;nf_conntrack_sctp_timeout_cookie_echoed - INTEGER (seconds)h]h;nf_conntrack_sctp_timeout_cookie_echoed - INTEGER (seconds)}(hjb hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj^ ubj )}(hhh]j)}(h default 3h]h default 3}(hjs hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjp ubah}(h]h ]h"]h$]h&]uh1j hj^ ubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hnf_conntrack_sctp_timeout_established - INTEGER (seconds) default 210 Default is set to (hb_interval * path_max_retrans + rto_max) h](h)}(h9nf_conntrack_sctp_timeout_established - INTEGER (seconds)h]h9nf_conntrack_sctp_timeout_established - INTEGER (seconds)}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubj )}(hhh](j)}(h default 210h]h default 210}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj ubj)}(h