lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250612162954.55843-3-abdelrahmanfekry375@gmail.com>
Date: Thu, 12 Jun 2025 19:29:54 +0300
From: Abdelrahman Fekry <abdelrahmanfekry375@...il.com>
To: davem@...emloft.net,
	edumazet@...gle.com,
	kuba@...nel.org,
	pabeni@...hat.com,
	horms@...nel.org,
	corbet@....net
Cc: netdev@...r.kernel.org,
	linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	skhan@...uxfoundation.com,
	linux-kernel-mentees@...ts.linux.dev,
	Abdelrahman Fekry <abdelrahmanfekry375@...il.com>
Subject: [PATCH 2/2] docs: net: clarify sysctl value constraints

So, i also noticed that some of the parameters represented
as boolean have no value constrain checks and accept integer
values due to u8 implementation, so i wrote a note for every
boolean parameter that have no constrain checks in code. and
fixed a typo in fmwark instead of fwmark.

Added notes for 19 confirmed parameters,
Verified by code inspection and runtime testing.

Signed-off-by: Abdelrahman Fekry <abdelrahmanfekry375@...il.com>
---
 Documentation/networking/ip-sysctl.rst | 50 +++++++++++++++++++++++---
 1 file changed, 45 insertions(+), 5 deletions(-)

diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
index f7ff8c53f412..99e786915204 100644
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -68,6 +68,8 @@ ip_forward_use_pmtu - BOOLEAN
 
 	- 0 - disabled
 	- 1 - enabled
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 fwmark_reflect - BOOLEAN
 	Controls the fwmark of kernel-generated IPv4 reply packets that are not
@@ -89,6 +91,8 @@ fib_multipath_use_neigh - BOOLEAN
 
 	- 0 - disabled
 	- 1 - enabled
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 fib_multipath_hash_policy - INTEGER
 	Controls which hash policy to use for multipath routes. Only valid
@@ -489,6 +493,8 @@ tcp_fwmark_accept - BOOLEAN
 	unaffected.
 
 	Default: 0
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 tcp_invalid_ratelimit - INTEGER
 	Limit the maximal rate for sending duplicate acknowledgments
@@ -603,6 +609,8 @@ tcp_moderate_rcvbuf - BOOLEAN
 	automatically size the buffer (no greater than tcp_rmem[2]) to
 	match the size required by the path for full throughput.  Enabled by
 	default.
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 tcp_mtu_probing - INTEGER
 	Controls TCP Packetization-Layer Path MTU Discovery.  Takes three
@@ -636,6 +644,8 @@ tcp_no_ssthresh_metrics_save - BOOLEAN
 	Controls whether TCP saves ssthresh metrics in the route cache.
 
 	Default is 1, which disables ssthresh metrics.
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 tcp_orphan_retries - INTEGER
 	This value influences the timeout of a locally closed TCP connection,
@@ -703,7 +713,9 @@ tcp_retries1 - INTEGER
 
 	RFC 1122 recommends at least 3 retransmissions, which is the
 	default.
-
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
+
 tcp_retries2 - INTEGER
 	This value influences the timeout of an alive TCP connection,
 	when RTO retransmissions remain unacknowledged.
@@ -751,6 +763,8 @@ tcp_sack - BOOLEAN
 	Enable select acknowledgments (SACKS).
 	
 	Default: 1 (enabled)
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 tcp_comp_sack_delay_ns - LONG INTEGER
 	TCP tries to reduce number of SACK sent, using a timer
@@ -787,6 +801,8 @@ tcp_slow_start_after_idle - BOOLEAN
 	be timed out after an idle period.
 
 	Default: 1
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 tcp_stdurg - BOOLEAN
 	Use the Host requirements interpretation of the TCP urgent pointer field.
@@ -794,6 +810,8 @@ tcp_stdurg - BOOLEAN
 	Linux might not communicate correctly with them.
 
 	Default: 0 (disabled)
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 tcp_synack_retries - INTEGER
 	Number of times SYNACKs for a passive TCP connection attempt will
@@ -1034,6 +1052,8 @@ tcp_window_scaling - BOOLEAN
 	- 1 - Enabled.
 	
 	Default: 1 (enabled)
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 tcp_shrink_window - BOOLEAN
 	This changes how the TCP receive window is calculated.
@@ -1049,6 +1069,8 @@ tcp_shrink_window - BOOLEAN
 			scaling factor is also in effect.
 
 	Default: 0
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
 
 tcp_wmem - vector of 3 INTEGERs: min, default, max
 	min: Amount of memory reserved for send buffers for TCP sockets.
@@ -1104,7 +1126,9 @@ tcp_thin_linear_timeouts - BOOLEAN
 	Documentation/networking/tcp-thin.rst
 
 	Default: 0
-
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
+
 tcp_limit_output_bytes - INTEGER
 	Controls TCP Small Queue limit per tcp socket.
 	TCP bulk sender tends to increase packets in flight until it
@@ -1367,6 +1391,9 @@ cipso_rbm_optfmt - BOOLEAN
 	categories in order to make the packet data 32-bit aligned.
 
 	Default: 0
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
+
 
 cipso_rbm_strictvalid - BOOLEAN
 	If set, do a very strict check of the CIPSO option when
@@ -1377,6 +1404,9 @@ cipso_rbm_strictvalid - BOOLEAN
 	with other implementations that require strict checking.
 
 	Default: 0
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
+
 
 IP Variables
 ============
@@ -1437,6 +1467,9 @@ ip_nonlocal_bind - BOOLEAN
 	which can be quite useful - but may break some applications.
 
 	Default: 0
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
+
 
 ip_autobind_reuse - BOOLEAN
 	By default, bind() does not select the ports automatically even if
@@ -1447,6 +1480,8 @@ ip_autobind_reuse - BOOLEAN
 	option should only be set by experts.
 	Default: 0
 
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
+
 ip_dynaddr - INTEGER
 	If set non-zero, enables support for dynamic addresses.
 	If set to a non-zero value larger than 1, a kernel log
@@ -1476,13 +1511,16 @@ tcp_early_demux - BOOLEAN
 	Enable early demux for established TCP sockets.
 
 	Default: 1
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
+
 
 udp_early_demux - BOOLEAN
 	Enable early demux for connected UDP sockets. Disable this if
 	your system could experience more unconnected load.
 
 	Default: 1
-
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
+
 icmp_echo_ignore_all - BOOLEAN
 	If set non-zero, then the kernel will ignore all ICMP ECHO
 	requests sent to it.
@@ -1815,7 +1853,7 @@ src_valid_mark - BOOLEAN
 	  lookup.  This permits rp_filter to function when the fwmark is
 	  used for routing traffic in both directions.
 
-	This setting also affects the utilization of fmwark when
+	This setting also affects the utilization of fwmark when
 	performing source address selection for ICMP replies, or
 	determining addresses stored for the IPOPT_TS_TSANDADDR and
 	IPOPT_RR IP options.
@@ -2324,7 +2362,9 @@ fwmark_reflect - BOOLEAN
 	fwmark of the packet they are replying to.
 
 	Default: 0
-
+
+	note: Accepts integer values (0-255) but only 0/1 have defined behaviour.
+
 ``conf/interface/*``:
 	Change special settings per interface.
 
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ