These parameters increase the throughput on various (large-ish)
systems by 5-10% on the slight expense of higher power consumption.
Socket buffers are increases and the system is configured to be
less aggressive when scheduling processes from one processor to
another one which ensures that the cache remains "hot" for longer.
On a slower system (apu1d) no performance improvement or loss
could have been measured.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The setting cannot be set on the default system because the ip_vs
module is not loaded by default and there is no reason to load it
just because we would be able to set the setting.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Make sure kernel address space is hidden from files somewhere
in /proc . This reduces attack surface and partially addresses #11659.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This seems to be a failed concept and causes issues with transferring
large packets through an IPsec tunnel connection.
This configures the kernel to still respond to PMTU ICMP discovery
messages, but will not try this on its own.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It comes much more handy to compile in the IPv6 kernel module
(because it is loading almost everywhere) and disable the IPv6
functionality when the system starts up.
Therefore, IPv6 is not accidentially enabled at any time unless
someone wants to use it and disables the systcl options.
This commits removes some settings from /etc/sysctl.conf that have
been there forever with no particular reason.
They could improve performance on internet connections, especially
on lines with massive packet lost.
