Commit 13df433f authored by Mauro Carvalho Chehab's avatar Mauro Carvalho Chehab Committed by David S. Miller
Browse files

docs: networking: convert nf_conntrack-sysctl.txt to ReST 



- add SPDX header;
- add a document title;
- mark lists as such;
- add to networking/index.rst.

Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent c4d5dff6

Documentation/networking/index.rst

+1 −0
Original line number Diff line number Diff line
@@ -85,6 +85,7 @@ Contents: 
   netdevices

   netfilter-sysctl

   netif-msg

   nf_conntrack-sysctl



.. only::  subproject and html

Documentation/networking/nf_conntrack-sysctl.txtDocumentation/networking/nf_conntrack-sysctl.rst

+29 −22
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0



===================================

Netfilter Conntrack Sysfs variables

===================================



/proc/sys/net/netfilter/nf_conntrack_* Variables:

=================================================



nf_conntrack_acct - BOOLEAN

	0 - disabled (default)

	not 0 - enabled

	- 0 - disabled (default)

	- not 0 - enabled



	Enable connection tracking flow accounting. 64-bit byte and packet

	counters per flow are added.
@@ -16,8 +23,8 @@ nf_conntrack_buckets - INTEGER 
	This sysctl is only writeable in the initial net namespace.



nf_conntrack_checksum - BOOLEAN

	0 - disabled

	not 0 - enabled (default)

	- 0 - disabled

	- not 0 - enabled (default)



	Verify checksum of incoming packets. Packets with bad checksums are

	in INVALID state. If this is enabled, such packets will not be
@@ -27,8 +34,8 @@ nf_conntrack_count - INTEGER (read-only) 
	Number of currently allocated flow entries.



nf_conntrack_events - BOOLEAN

	0 - disabled

	not 0 - enabled (default)

	- 0 - disabled

	- not 0 - enabled (default)



	If this option is enabled, the connection tracking code will

	provide userspace with connection tracking events via ctnetlink.
@@ -62,8 +69,8 @@ nf_conntrack_generic_timeout - INTEGER (seconds) 
	protocols.



nf_conntrack_helper - BOOLEAN

	0 - disabled (default)

	not 0 - enabled

	- 0 - disabled (default)

	- not 0 - enabled



	Enable automatic conntrack helper assignment.

	If disabled it is required to set up iptables rules to assign
@@ -81,14 +88,14 @@ nf_conntrack_icmpv6_timeout - INTEGER (seconds) 
	Default for ICMP6 timeout.



nf_conntrack_log_invalid - INTEGER

	0   - disable (default)

	1   - log ICMP packets

	6   - log TCP packets

	17  - log UDP packets

	33  - log DCCP packets

	41  - log ICMPv6 packets

	136 - log UDPLITE packets

	255 - log packets of any protocol

	- 0   - disable (default)

	- 1   - log ICMP packets

	- 6   - log TCP packets

	- 17  - log UDP packets

	- 33  - log DCCP packets

	- 41  - log ICMPv6 packets

	- 136 - log UDPLITE packets

	- 255 - log packets of any protocol



	Log invalid packets of a type specified by value.
@@ -97,15 +104,15 @@ nf_conntrack_max - INTEGER 
	nf_conntrack_buckets value * 4.



nf_conntrack_tcp_be_liberal - BOOLEAN

	0 - disabled (default)

	not 0 - enabled

	- 0 - disabled (default)

	- not 0 - enabled



	Be conservative in what you do, be liberal in what you accept from others.

	If it's non-zero, we mark only out of window RST segments as INVALID.



nf_conntrack_tcp_loose - BOOLEAN

	0 - disabled

	not 0 - enabled (default)

	- 0 - disabled

	- not 0 - enabled (default)



	If it is set to zero, we disable picking up already established

	connections.
@@ -148,8 +155,8 @@ nf_conntrack_tcp_timeout_unacknowledged - INTEGER (seconds) 
	default 300



nf_conntrack_timestamp - BOOLEAN

	0 - disabled (default)

	not 0 - enabled

	- 0 - disabled (default)

	- not 0 - enabled



	Enable connection tracking flow timestamping.