Linux network administrators have to understand the system directory/proc/sys/net/(network configuration) __linux

    in the Linux distribution, there is a/proc/directory, some also called it the proc file system. In this directory, there are special files that can be used not only to reflect the current state of the kernel and to view hardware information, but also to allow users to modify the contents of the kernel to adjust the current working state of the kernels, such as files under the/proc/sys/subdirectory.     Unlike other directories in the/proc/directory, files in the/proc/sys/directory not only provide information about the system, but also allow users to immediately stop or turn on certain features and functions of the kernel. The/proc/sys/net/subdirectory in the/proc/sys/directory is more relevant to the network, we can set some of the files in this directory to open the special features related to network applications, but also by setting up some of the files in this directory to protect our network security. Therefore, as a network administrator under Linux, it is necessary to have a detailed understanding of the/proc/sys/net/directory of the various functions and settings, so that it can better work for us. A,/proc/sys/net/directory description. The  /proc/sys/net/directory mainly includes many network-related topics, such as: appletalk/,ethernet/,ipv4/,ipx/, and ipv6/. By changing the files in these directories, network administrators can adjust the relevant network parameters while the system is running. Although there are many ways to configure the network in Linux, familiarity with the contents of this directory is a great help to network applications. In the/proc/sys/net/directory has two directories, and the current IPV4 network operation is closely related to the adjustment of the two directories under the parameters of some files, can bring our network applications to the unexpected effect, these two directories is the/proc/sys/net/core/directory and/ 　　proc/sys/net/ipv4/directory, the following author will be the two directory of important documents to make a detailed description. 　　　1,/proc/sys/net/core/directory.   This directory includes a number of settings to control how the Linux kernel interacts with the network layer, that is, how the kernel reacts when the network moves. Some of the following important files are:   (1) Message_burst: Set how many request warnings are written every 10 seconds; This setting can be used to prevent Dos attacks, the default setting is   (2) Message_cost: Set the measure of each warning, The default is 5, set when used to prevent Dos attacksis 0   (3) Netdev_max_backlog: Sets the maximum allowable packet sequence when the individual interface receives the packet faster than the kernel processing speed, and the default is $   (4) Optmem_max: Sets the maximum grant cache size for each socket;   (5) Rmem_default: Sets the default cache size (bytes) for receiving sockets,   (6) Rmem_max: Sets the maximum cache size (in bytes) for receiving sockets;   (7) Wmem_default: 　 Sets the socket default cache size (bytes) to be sent;   (8) Wmem_max: Sets the maximum cache size (in bytes) for the socket to be sent. 　　2,/proc/sys/net/ipv4/directory.    the content in this directory is used to add network settings, many of which can be used to block attacks on the system, or to set the system's routing capabilities. Among them are the following important documents: (1) icmp_destunreach_rate, Icmp_echoreply_rate, Icmp_paramprob_rate, Icmp_timeexeed_ Rate: Set the maximum rate of ICMP packets sent and responded, preferably not 0; (2) Icmp_echo_ignore_all and icmp_echo_ignore_broadcasts: Set the kernel to not answer the ICMP echo packet, or the specified broadcast, A value of 0 is allowed to respond, a value of 1 is prohibited, (3) Ip_default_ttl: Set the IP Packet Default lifetime (TTL), increase its value can reduce the system overhead, (4) Ip_forward: Set the interface can be transferred, the default is 0, set to 1, allow the network packet forwarding ; (5) Ip_local_port_range: Specifies the TCP or UDP port range when a port is needed locally. The first number is the low-end port, the second number is the high end; (6) Tcp_syn_retries: Provides the number of times that a SYN packet is limited to resend the response when the connection is established; (7) Tcp_retries1: Sets the number of times the response has been sent back, the default is 3; (8), Tcp_retries2 : Sets the number of TCP packets that are allowed to be sent, by default 15.

Second, the/proc/sys/net/directory of the method of setting up files.     after understanding the meaning and role of some important files in the/proc/sys/net/core/directory and the/proc/sys/net/ipv4/directory, let's say how to set up these important files in these two directories to work for us. Readers should understand that in Linux systems, to change the working status and functionality of a service or device, primarily by using the command method and directly modifying its configuration file, we can modify the values in the contents of these files in two ways for the files in both directories. Make them work according to our intent. Before setting up, it should be noted that the when you are sure you want to modify the current value of a file, be sure to ensure that the input command format and value of the content are correct, because any error settings will cause the kernel instability, if you accidentally caused this problem, you have to reboot the system. In the following instructions, the author will pay attention to the place in particular. First let's look at how to modify the files in both directories using the command method. We can modify the files in both directories by using the Echo and Sysctl commands, and I'll list the methods used for these two commands separately. The     1, sysctl commands are customized to set up files in both directories and are installed by default in the/sbin/directory, which we can use to display and set the contents of the files in the/proc/sys/net/directory. For example, the/SBIN/SYSCTL-A command is used to display all the file configuration content in this directory, and the/SBIN/SYSCTL-W command is used to modify variable values in the specified file in this directory, such as:/sbin/sysctl-w net.ipv4.ip_forward= "1" Used to set allow IP packet forwarding. Other parameters, the reader can enter the/sbin/sysctl–h command to come, here is no longer specifically listed. Be aware that the use of this command requires administrator privileges, and if the user is not logged on as an administrator, use the SU command before using this command to get administrative rights before operating. The contents of the files in the     2,/proc/sys/net/directory can also be modified by using the Echo command. For example: Echo 1 >/proc/sys/net/ipv4/ip_forward is used to set allow IP packet forwarding; echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_ All is used to set the ICMP echo package not to be responded to. In the use of Echo command, you should also pay special attention to the input format of this command, that is, between the echo command and the value, and between the value and the symbol (>), between the symbol and the file path to be modified. Also, some files in these two directories have a value that is not on the previous one, so if you want to pass multiple values at once, then each value should be separated by a space. Also note that this method is used to modify the contents of the file in the/proc/sys/net/directory after the system restarts, the content will be set to the default value, so if you want to set the value permanently valid, you can directly add this command to the/ect/rc.d/rc.local file, where the path to this file refers to the Red Hat Linux distribution, and other distributions are based on the specific circumstances of the reader. If there are too many command items, you can also write the commands into a script, add executable permissions, and put them in this file so that when the system starts, it will be automatically executed as set in/etc/rc.d/rc.local. If you do not want to modify the/etc/rc.d/rc.local file, then the author recommends that you use the/SBIN/SYSCTL command.     using a command to set up files in the/proc/sys/net/directory is easy, but some readers prefer to modify their profile directly, because it is more intuitive, but it is more suitable for users who understand the system more deeply.     Unlike other services or devices, the Linux system only provides a configuration file for the/proc/sys/net/directory, which is/ect/sysctl.conf, which users can edit directly/ect/ sysctl.conf configuration file to modify the value of the variable added to the contents of the file in the corresponding/proc/sys/net/directory, so that when the system starts, it will read the configuration content in the file to set the corresponding item. VI to edit this file is very simple, the content format is also very clear and easy to read, such as the following entries: Net.ipv4.ip_forward=0, the value modified to 1 after the IP packet forwarding. In fact, using the/SBIN/SYSCTL command to modify and directly edit the/etc/sysctl.conf file content has the same effect, therefore, in order to secure, the recommended user priority to use the/SBIN/SYSCTL command.     here, presumably the reader has already had a certain understanding of the/proc/sys/net/core/and/proc/sys/net/ipv4/directories under the/proc/sys/net/directory. However, this is only the authorIn order to highlight the/proc/directory and the role of the IPV4 network specifically selected to illustrate, in fact, in the/proc/directory, there are many files, although not by users like the above two directories can be set, but you can use these files to understand the details of the system and the current state of operation, Readers can find detailed descriptions of this directory from the Web.