diff --git a/sysctl.conf b/sysctl.conf index 05fb0c7..0993c5d 100644 --- a/sysctl.conf +++ b/sysctl.conf @@ -1,19 +1,19 @@ -# Name: K4YT3X Hardened sysctl Configuration +# Name: K4YT3X's Hardened & Optimized Linux Kernel Parameters # Author: K4YT3X # Contributor: IceCodeNew # Contributor: HorlogeSkynet # Contributor: shenzhui007 # Date Created: October 5, 2020 -# Last Updated: May 2, 2024 +# Last Updated: July 14, 2024 # Licensed under the GNU General Public License Version 3 (GNU GPL v3), # available at: https://www.gnu.org/licenses/gpl-3.0.txt # (C) 2020-2024 K4YT3X # Multiple sources have been consulted while writing this configuration -# file (e.g., nixCraft's sysctl.conf). Sources are not cited since this -# is not an academic document. Please refer to Linux documentations -# should you have any questions. +# file (e.g., nixCraft's sysctl.conf). Some sources may not have been cited. +# Please refer to Linux's kernel documentations or reach out to the author +# should you have any questions or recommendations. ########## Kernel ########## @@ -144,12 +144,12 @@ net.core.netdev_max_backlog = 250000 # this trades off performance, but can mitigate JIT spraying net.core.bpf_jit_harden = 2 -# increase TCP max buffer size setable using setsockopt() -net.core.rmem_max = 8388608 -net.core.wmem_max = 8388608 +# increase TCP max buffer size settable using setsockopt() net.core.rmem_default = 8388608 net.core.wmem_default = 8388608 -#net.core.optmem_max = 40960 +net.core.rmem_max = 536870912 +net.core.wmem_max = 536870912 +net.core.optmem_max = 40960 ########## IPv4 Networking ########## @@ -238,14 +238,12 @@ net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_timestamps = 0 # enabling SACK can increase the throughput -# but SACK is commonly exploited and rarely used +# but SACK is commonly exploited and rarely used +# re-enable this if you experience issues transferring large files over SMB net.ipv4.tcp_sack = 0 net.ipv4.tcp_dsack = 0 net.ipv4.tcp_fack = 0 -# divide socket buffer evenly between TCP window size and application -net.ipv4.tcp_adv_win_scale = 1 - # SSR could impact TCP's performance on a fixed-speed network (e.g., wired) # but it could be helpful on a variable-speed network (e.g., LTE) # uncomment this if you are on a fixed-speed network @@ -257,8 +255,16 @@ net.ipv4.tcp_mtu_probing = 1 net.ipv4.tcp_base_mss = 1024 # increase memory thresholds to prevent packet dropping -net.ipv4.tcp_rmem = 4096 87380 8388608 -net.ipv4.tcp_wmem = 4096 87380 8388608 +# the maximum buffer size is 536870912 bytes (512 MiB) +net.ipv4.tcp_rmem = 8192 262144 536870912 +net.ipv4.tcp_wmem = 4096 16384 536870912 + +# reduce the maximum window size to 128 MiB to reduce TCP receive queue collapse +# (see https://blog.cloudflare.com/optimizing-tcp-for-high-throughput-and-low-latency) +net.ipv4.tcp_adv_win_scale = -2 + +# limit the size of unsent bytes in the write queue to prevent bufferbloat +net.ipv4.tcp_notsent_lowat = 131072 ########## IPv6 Networking ##########