To make it clear why the set sysctls are necessary, add appropriate
comments to them. Also reorder them for improved readability.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Many of the set sysctls are either unnecessary, are already default in
the kernel or in OpenWrts defaults, or the reason for them being
explicitly set is unknown.
Remove all those sysctls from fff-network, as unfounded deviations from
default values will cause hard-to-debug problems in the future.
The original motivation for this patch is the netdev_max_backlog sysctl,
which was set to a very low value without any reason or comment.
This hurt forwarding performance on mt7621 with DSA significantly and
took quite a while to discover.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Source address filtering (RFC3704) can be used to mitigate source
address spoofing. However, strict mode only works when routes are
strictly symmetric. If routes are asymmetric, it can happen that
the best route to the source address of a packet is via a different
interface.
Because there is no guarantee that routes have to be symmetric in the
Freifunk Franken backbone network, we cannot use strict mode. Because
default routes are used in the Freifunk Franken backone, loose mode
could be used, but does not make any sense. Instead, revert back to the
kernel default setting, which currently is 0 (disabled).
While this change affects both layer3 and node variant, nothing changes
for the node firmware, because it does not forward packets.
Fixes: #123
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Some sysctls currently are completely useless, as they only exist if
specific kernel configurations are enabled, which we have not.
To hide the error message and prevent them from interfering
unintentionally, if new kernel configurations are activated in the
future, they are removed.
Fixes: #42 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
The net.ipv4.netfilter.ip* sysctls have been moved to
net.netfilter.nf* a long time ago, so they have been useless in our
firmware for quite a while.
It probably originally has been added because it was included in the
OpenWrt defaults and in earlier versions of our firmware the OpenWrt
defaults file got overwritten by our own one.
Because there does not seem to be any obvious reason to keep them (they
have been added without a comment in the commit or file) and they have
been inactive ever since they were moved in the kernel, they are removed
completely instead of using the correct path.
Fixes: #42 (gitea)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
tcp timestamps can improve tcp performance a lot, especially
with unstable networks like wifi.
Linux default behaviour is enabled so the tcp timestamps setting
is removed from sysctl configuration.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
When setting up a node, router solicitations can be used to speed
up receiving router advertisements a lot. This mechanism has been
previously disabled by our custom sysctl config.
However because linux does not send router solicitations, if it
doesn't accept router advertisements, which is disabled for every
link except WAN, this option can safely be set to it's default value
for all interfaces.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Fixes#83
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Just disable autoconf.
Some sysctl's are currently not available due some missing kernel
features. Maybe some day they reappear.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Fabian Bläse
Tim Niemeyer