npf-params(7) - NetBSD Manual Pages

NPF-PARAMS(7)       NetBSD Miscellaneous Information Manual      NPF-PARAMS(7)


NAME
npf-params -- tunable NPF parameters
DESCRIPTION
NPF supports a set of dynamically tunable parameters. All parameter values are integers and should generally be between and INT_MAX, unless specified otherwise. Some parameters values can be nega- tive; such values would typically have a special meaning. Enable/disable switches should be represented as boolean values 0 ("off") or 1 ("on").
PARAMETERS
bpf.jit BPF just-in-time compilation: enables or disables bpfjit(4) sup- port. Some machine architectures are not presently supported by bpfjit(4). Setting this parameter to off stops NPF from trying to enable this functionality, and generating a warning if it is unable to do so. Default: 1. gc.step Number of connection state items to process in one garbage col- lection (G/C) cycle. Must be positive number. Default: 256. state.generic Generic state tracking parameters for non-TCP flows. All time- outs are in seconds and must be zero or positive. timeout.new Timeout for new ("unsynchronized") state. Default: 30. timeout.established Timeout for established ("synchronized") state. Default: 60. timeout.closed Timeout for closed state. Default: 0. state.tcp State tracking parameters for TCP connections. All timeout val- ues are in seconds. max_ack_win Maximum allowed ACK window. Default: 66000. strict_order_rst Enforce strict order RST. Default: 1. timeout.new Timeout for a new connection in "unsynchronized" state. Default: 30. timeout.established Timeout for an established connection ("synchronized" state). Default: 86400. timeout.half_close Timeout for the half-close TCP states. Default: 3600. timeout.close Timeout for the full close TCP states. Default: 10. timeout.time_wait Timeout for the TCP time-wait state. Default: 240. portmap.min_port Lower bound of the port range used when selecting the port for dynamic NAT with port translation enabled. Default: 1024 (also the lowest allowed value). portmap.max_port Upper bound of the port range as described above. Default: 65535 (also the highest allowed value).
EXAMPLES
An example line in the npf.conf(5) configuration file: set state.tcp.strict_order_rst on # "on" can be used instead of 1 set state.tcp.timeout.time_wait 0 # destroy the state immediately
SEE ALSO
libnpf(3), npfkern(3), bpfjit(4), npf.conf(5), pcap-filter(7), npfctl(8)
AUTHORS
NPF was designed and implemented by Mindaugas Rasiukevicius. NetBSD 9.0 August 3, 2019 NetBSD 9.0

Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.