/proc/sys/net/ipv4/* variables:

ip_forwarding - "SNMP" BOOLEAN
	2 - disabled (default)
	1 - enabled

	This variable is special, its change resets all configuration
	parameters to their default state (RFC1122 for hosts, RFC1812
	for routers)

ip_default_ttl - INTEGER
	default 64

ip_log_martians - BOOLEAN
	log packets with strange or impossible addresses.
	default TRUE (router)
		FALSE (host)

ip_accept_redirects - BOOLEAN
	Accept ICMP redirect messages.
	default TRUE (host)
		FALSE (router)

ip_secure_redirects - BOOLEAN
	Accept ICMP redirect messages only for gateways,
	listed in default gateway list.
	default TRUE

ip_addrmask_agent - BOOLEAN
	Reply to ICMP ADDRESS MASK requests.
	default TRUE (router)
		FALSE (host)

ip_rfc1620_redirects - BOOLEAN
	Send(router) or accept(host) RFC1620 shared media redirects.
	Overrides ip_secure_redirects.
	default TRUE (should be FALSE for distributed version,
		      but I use it...)

ip_bootp_agent - BOOLEAN
	Accept packets with source address of sort 0.b.c.d
	and destined to this host, broadcast or multicast.
	Such packets are silently ignored otherwise.

	default FALSE

ip_bootp_relay - BOOLEAN
	Accept packets with source address 0.b.c.d destined
	not to this host as local ones. It is supposed, that
	BOOTP relay deamon will catch and forward such packets.

	default FASLE
	Not Implemented Yet.


ip_source_route - BOOLEAN
	Accept packets with SRR option.
	default TRUE (router)
		FALSE (host)


ip_no_pmtu_disc - BOOLEAN
	Disable Path MTU Discovery.
	default FALSE

ip_rfc1812_filter - INTEGER
	2 - do source validation by reversed path, as specified in RFC1812
	    Recommended option for single homed hosts and stub network
	    routers. Could cause troubles for complicated (not loop free)
	    networks running a slow unreliable protocol (sort of RIP),
	    or using static routes.

	1 - (DEFAULT) Weaker form of RP filtering: drop all the packets
	    that look as sourced at a directly connected interface, but
	    were input from another interface.
	    
	0 - No source validation. 

	NOTE: do not disable this option! All BSD derived routing software
	(sort of gated, routed etc. etc.) is confused by such packets,
	even if they are valid.

	NOTE: this option is turned on per default only when ip_forwarding
	is on. For non-forwarding hosts it doesn't make much sense and 
	makes some legal multihoming configurations impossible.

ip_fib_model - INTEGER
	0 - (DEFAULT) Standard model. All routes are in class MAIN.
	1 - default routes go to class DEFAULT. This mode should
	    be very convenient for small ISPs making policy routing.
	2 - RFC1812 compliant model.
	    Interface routes are in class MAIN.
	    Gateway routes are in class DEFAULT.

IP Fragmentation:

ipfrag_high_thresh - INTEGER
	Maximum memory used to reassemble IP fragments. When 
	ipfrag_high_thresh bytes of memory is allocated for this purpose,
	the fragment handler will toss packets until ipfrag_low_thresh
	is reached.
	
ipfrag_low_thresh - INTEGER
	See ipfrag_high_thresh	

ipfrag_time - INTEGER
	Time in seconds to keep an IP fragment in memory.	

TCP variables: 

tcp_syn_retries - INTEGER
	Number of times initial SYNs for an TCP connection attempt will
	be retransmitted. Should not be higher that 255.

tcp_keepalive_time - INTEGER
	How often TCP sends out keepalive messages when keepalive is enabled.
	Default: 2hours.

tcp_keepalive_probes - INTEGER
	How many keepalive probes TCP sends out, until it decides that the
	connection is broken.

tcp_retries1 - INTEGER
tcp_retries2 - INTEGER
tcp_max_delay_acks - INTEGER
tcp_fin_timeout - INTEGER
tcp_max_ka_probes - INTEGER
	Undocumented for now.

tcp_syncookies - BOOLEAN
	Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
	Send out syncookies when the syn backlog queue of a socket 
	overflows. This is to prevent against the common 'syn flood attack'
	Default: FALSE

tcp_stdurg - BOOLEAN
	Use the Host requirements interpretation of the TCP urg pointer field.
	Most hosts use the older BSD interpretation, so if you turn this on
	Linux might not communicate correctly with them.	
	Default: FALSE 
	
tcp_syn_taildrop  - BOOLEAN
tcp_max_syn_backlog - INTEGER
	Undocumented (work in progress)

Alexey Kuznetsov.
kuznet@ms2.inr.ac.ru

Updated by:
Andi Kleen
ak@muc.de
$Id: ip-sysctl.txt,v 1.3 1997/08/22 19:22:00 freitag Exp $
