- 追加された行はこのように表示されます。
- 削除された行は
このように表示されます。
!install
total 40G ?
/ :4G
swap :4G+
/usr/ports : 1G + 4G
/usr/src :4G
----
/boot 200M
/ 20G
/usr 24G + 15G (buildworld) = 40G
/var 23G
/home 100G+
SWAP 12G+
freebsd-update fetch
freebsd-update install
!FB13 upgrade
*FB-13-tips
!dig -> drill
drill www.iij.ad.jp
! passwd
調べてみると、パスワードデータベースである /etc/pwd.db, /etc/spwd.db が更新される必要があり、その更新には
# pwd_mkdb -p /etc/master.passwd
! RC_CONF
#=================================
# CHECK LRO/TSO option OFF!!
# LRO (Large recieve offload) - セグメントの再構築をハードウェアで実施
# TSO (TCP segmentation offload) - TCPセグメンへの分割処理をハードウェアで実施
# TOE (Full TCP offload engine) - TCP/IPの処理をすべてハードウェアで実施
# RXCSUM,TXCSUM - 送受信のChecksumをハードウェアで
# ifconfig_vtnet0="inet <IPaddress> netmask <netmask> -lro -tso"
# ifconfig_bge0="inet <IPaddress> netmask <netmask> -lro -tso"
#=================================
# ifconfig_vtnet0="inet <IPaddress> netmask <netmask> -lro -tso"
# ifconfig_bge1="inet <IPaddress> netmask <netmask> -lro -tso -rxcsum -txcsum"
#=================================
# sysctl net.inet.tcp.tso=0
#==========#=======================
ifconfig_bge0="inet 192.168.250.15 netmask 255.255.255.0 -lro -rxcsum -txcsum "
#==========#=======================
dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO).
dumpdir="/var/crash" # Directory where crash dumps are to be stored
#==================================
! ports
pkg install rsync
pkg install rcs
pkg install subversion
pkg install portupgrade
pkg install python3
# pkg install py36-pip
pkg install py37-pip
# pkg install softether
# pkg install haproxy
#
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install squid
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install net-snmpd
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install bsnmp-ucd
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install apcupsd
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install py37-sqlite3
#
pkg install smartmontools
pkg install mbmon
#
pkg install munin-node munin-master
#
# env HTTP_PROXY="http://192.168.100.10:18080" pkg install squid
#
初回
portsnap fetch
portsnap extract
2回目移行
portsnap fetch
portsnap update
## env HTTP_PROXY="http://172.16.70.10:8080" portsnap fetch
## env HTTP_PROXY="http://172.16.70.10:8080" portsnap update
#
## rm /var/db/portsnap/tag # アップデートがうまく行かないばあい
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract &
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update &
pkg version -vL=
portupgrade -rR apache
# X 関連の build には 9Gbyte のHDDの空きが必要 ( /usr/ports で 11Gbyte 程度必要 )
! Speedtest
https://www.speedtest.net/ja/apps/cli
https://github.com/sivel/speedtest-cli
! src
## svn svn : releng/12.0
## # cd /usr/src
## # rm -rf *
## # svn checkout svn://svn.FreeBSD.org/base/releng/10.1 /usr/src
## # # mv /usr/src /usr/src.bak 1
## # # svn checkout https://svn.freebsd.org/base/releng/10.3 /usr/src
## #
## # # chflags -R noschg /usr/obj/*
## # # rm -rf /usr/obj
## # # make -j4 -DNOPROFILE=true buildworld # 4process??
## # # make -j4 -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 buildworld
## # # make buildkernel TARGET_ARCH=amd64 TARGET=amd64 KERNCONF=GREN1SMP
## # # make installkernel TARGET_ARCH=amd64 TARGET=amd64 KERNCONF=GREN1SMP
## # # make -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 installworld
#
## make -j4 -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 buildworld
## make -j4 -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 buildkernel
## make -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 installkernel
## make -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 installworld
## # cd /usr/src
## # svn update /usr/src
## cd /usr/src
## make update SVN_UPDATE=yes
# svnlite update /usr/src
check /usr/src/UPDATING
## # svnlite info /usr/src
##
# cd /usr/src
# make -j4 buildworld
# make -j4 kernel
## shutdown -r now
## cd /usr/src
## make installworld
## mergemaster -Ui
## shutdown -r now
! FB12 UPDATE
# freebsd-update fetch
# freebsd-update install
# tool & lib のインストール
##### UPGRADE
### freebsd-update -r 12.1-RELEASE upgrade
## freebsd-update -r 12.2-RELEASE upgrade
# freebsd-update -r 12.4-RELEASE upgrade
# 質問には基本的に「y」
### freebsd-update -r 12.1-RELEASE install
## freebsd-update -r 12.2-RELEASE install
# freebsd-update -r 12.4-RELEASE install
# ## kernel インストール
再起動
# freebsd-update install
# tool & lib のインストール
# ( Package のアップデート )
# pkg upgrade -y
#( 古い ファイルの削除 )
# freebsd-update install
#
# pkgdb -F ##: パッケージ・レジストリ・データベース (package registry database) の不整合修正 (fix)
# portsdb -uU ##: ポーツ・データベース・ファイル INDEX.db の生成/更新と,ポーツ・インデックス・ファイル INDEXの生成/更新
============================
$ sudo freebsd-update upgrade -r 12.0-RELEASE
$ sudo freebsd-update install
$ sudo reboot
$ sudo freebsd-update install
$ sudo pkg upgrade -y
$ sudo freebsd-update install
## NTPなどがうまく動かないばあい
# pwd_mkdb /etc/master.passwd
# chown ntpd:ntpd /var/db/ntp/{ntpd.drift,ntpd.pid}
! PROXY
7 13:18 env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update
env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update
env HTTP_PROXY="http://192.168.11.80:8080" pkg install squid
env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update fetch
env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update install
FreeBSD-UPgrade PROXY use
#
#### env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update upgrade -r 12.1-RELEASE
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update upgrade -r 12.2-RELEASE
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
< Reboot>
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
# env HTTP_PROXY="http://127.0.0.1:18080" pkg bootstrap -f
# env HTTP_PROXY="http://127.0.0.1:18080" pkg upgrade -y
< >
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
# pwd_mkdb /etc/master.passwd
# env HTTP_PROXY="http://127.0.0.1:18080" pkg upgrade -y
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install munin-node
/usr/local/sbin/munin-node-configure --shell | sh -x
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install perl5
# setenv HTTP_PROXY "http://proxy.ne.jp:8080"
# setenv HTTP_PROXY_AUTH "basic:*:userid:password"
# setenv HTTP_PROXY "http://userid:password@proxy.ne.jp:8080"
# setenv HTTP_TIMEOUT 1800
~/.subversion/servers
[global]
http-proxy-host = 192.168.11.80
http-proxy-port = 8080
!Release ISO の作成
FB-bootdvd
に
! /proc
マニュアルで
mount -t procfs proc /proc
fstab に
proc /proc procfs rw 0 0
を追加
----
https://wiki.freebsd.org/NetworkPerformanceTuning
hw.igb.max_interrupt_rate- :: 32000以上
net.inet.tcp.tcbhashsize- :: 最大32K以上
net.inet.ip.output_flowtable_size ::
kern.maxfiles- ::
kern.maxfilesperproc ;;
kern.ipc.nmbclusters-ローダーの調整可能および読み取り/書き込みsysctl、システム内のmbufクラスター数のグローバル制限。この値に達すると、パケットドロップが発生します。
kern.ipc.nmbjumbop-FreeBSD 7以降、TCPソケットは送信データに2Kサイズのmbufクラスターを使用せず、ページサイズのmbufクラスター(一般に4K)を使用します。これはローダーで調整可能であり、読み取り/書き込みsysctlで数を制限します。
kern.ipc.nmbjumbo9
kern.ipc.nmbjumbo16
net.inet.tcp.per_cpu_timers
net.inet.flowtable.nmbflows
https://people.freebsd.org/~olivier/talks/2018_AsiaBSDCon_Tuning_FreeBSD_for_routing_and_firewalling-Paper.pdf
https://calomel.org/freebsd_network_tuning.html
----
!boot/locader.conf
#RELOAD is
# service sysctl restart
#
# amdtemp_load="YES"
coretemp_load="YES"
# Accept filters for data, http and DNS requests
# Useful when your software creates process/thread on each request (i.e. apache)
# Note: DNS accf available on 8.0+
# Note: In case of badly written software this can increase performance,
# but I still would recommend against using accept filters in production because of
# their opacity - they really break abstractions. Also it's not trivial to debug/monitor
# their state.
#accf_data_load="YES"
#accf_http_load="YES"
#accf_dns_load="YES"
# Async IO system calls
aio_load="YES"
# Linux specific devices in /dev
# As for 8.1 it only /dev/full
#lindev_load="YES"
# Adds NCQ support in FreeBSD
# WARNING! all ad[0-9]+ devices will be renamed to ada[0-9]+
# 8.0+ only
#ahci_load="YES"
#siis_load="YES"
# FreeBSD 9+
# New Congestion Control for FreeBSD
cc_htcp_load="YES"
#cc_cubic_load="YES"
# Increase kernel memory size to 3G.
#
# Use ONLY if you have KVA_PAGES in kernel configuration, and you have more than 3G RAM
# Otherwise panic will happen on next reboot!
#
# It's required for high buffer sizes: kern.ipc.nmbjumbop, kern.ipc.nmbclusters, etc
# Useful on highload stateful firewalls, proxies or ZFS fileservers
# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
#vm.kmem_size="3G"
# If you have really busy forking webserver (i.e. apache13) you may run out of processes
#kern.maxproc=10000
# If your server has lots of swap (>4Gb) you should increase following value
# according to http://lists.freebsd.org/pipermail/freebsd-hackers/2009- October/029616.html
# Otherwise you'll be getting errors
# "kernel: swap zone exhausted, increase kern.maxswzone"
#kern.maxswzone="256M"
# Older versions of FreeBSD can't tune maxfiles on the fly
#kern.maxfiles="200000"
# Useful for databases
# Sets maximum data size to 1G
# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
#kern.maxdsiz="1G"
# Maximum buffer size(vfs.maxbufspace)
# You can check current one via vfs.bufspace
# Should be lowered/upped depending on server's load-type
# Usually decreased to preserve kmem
# (default is 10% of mem)
#kern.maxbcache="512M"
# Sendfile buffers
# Note: i386 only
#kern.ipc.nsfbufs=10240
# syncache tuning
net.inet.tcp.syncache.hashsize=32768
net.inet.tcp.syncache.bucketlimit=32
net.inet.tcp.syncache.cachelimit=1048576
# Send RST on listen queue overflow / memory shortage.
# Hosts behind Load-Balancer should set it to 1 to fail fast.
# Hosts facing clients should set it to 0 for client to retry connection.
#net.inet.tcp.syncache.rst_on_sock_fail=0
# Increased hostcache
# Later host cache can be viewed via net.inet.tcp.hostcache.list hidden sysctl
# Very useful for it's RTT RTTVAR
# Must be power of two
net.inet.tcp.hostcache.hashsize=65536
# hashsize * bucketlimit (which is 30 by default)
# It allocates 255Mb (1966080*136) of RAM
net.inet.tcp.hostcache.cachelimit=1966080
# TCP control-block Hash table tuning
# See: http://serverfault.com/questions/372512/why-change-net-inet-tcp-tcbhashsize-in-freebsd
net.inet.tcp.tcbhashsize=524288
# Disable ipfw deny all
# Should be uncommented when there is a chance that
# kernel and ipfw binary may be out-of sync on next reboot
#net.inet.ip.fw.default_to_accept=1
#
# SIFTR (Statistical Information For TCP Research) is a kernel module that
# logs a range of statistics on active TCP connections to a log file.
# See prerelease notes:
#
# http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/b4c18be6 cdce76e4
# and man 4 sitfr
#siftr_load="YES"
# Enable superpages, for 7.2+ only
# See: http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030094.html
vm.pmap.pg_ps_enabled=1
# Useful if you are using Intel-Gigabit NIC
#hw.em.rxd=4096
#hw.em.txd=4096
#hw.em.rx_process_limit="-1"
# Also if you have A LOT interrupts on NIC - play with following parameters
# NOTE: You should set them for every NIC
#dev.em.0.rx_int_delay: 250
#dev.em.0.tx_int_delay: 250
#dev.em.0.rx_abs_int_delay: 250
#dev.em.0.tx_abs_int_delay: 250
# There is also multithreaded version of em/igb drivers that can be found here:
# http://people.yandex-team.ru/~wawa/
#
# for additional em monitoring and statistics use
# sysctl dev.em.0.stats=1 ; dmesg
# sysctl dev.em.0.debug=1 ; dmesg
# Also after r209242 (-CURRENT) there is a separate sysctl for each stat variable;
# Same tunings for igb
#hw.igb.rxd=4096
#hw.igb.txd=4096
#hw.igb.rx_process_limit=100
# Some useful netisr tunables. See sysctl net.isr
#net.isr.maxthreads=4
#net.isr.defaultqlimit=10240
#net.isr.maxqlimit=10240
# Bind netisr threads to CPUs
#net.isr.bindthreads=1
#
# FreeBSD 9.x+
# Increase interface send queue length
# See commit message http://svn.freebsd.org/viewvc/base?
view=revision&revision=207554
net.link.ifqmaxlen=1024
# IPC prametor
kern.ipc.msgmnb=8192
kern.ipc.msgssz=64
kern.ipc.msgtql=2048
# Nicer boot logo =)
loader_logo="beastie"
----
loader.conf
##########################
# smartpqi_load="YES"
##########################
coretemp_load="YES"
# aio_load="YES"
cc_htcp_load="YES"
##########################
machdep.hyperthreading_allowed="0"
# net.inet.tcp.soreceive_stream="1"
##########################
net.inet.tcp.syncache.hashsize=32768
net.inet.tcp.syncache.bucketlimit=32
net.inet.tcp.syncache.cachelimit=1048576
net.inet.tcp.hostcache.hashsize=65536
# net.inet.tcp.hostcache.cachelimit=1966080
net.inet.tcp.hostcache.cachelimit="0"
net.inet.tcp.tcbhashsize=524288
vm.pmap.pg_ps_enabled=1
net.link.ifqmaxlen=1024
kern.ipc.msgmnb=8192
kern.ipc.msgssz=64
kern.ipc.msgtql=2048
##########################
net.graph.maxdata=65536
net.graph.maxalloc=65536
##########################
!/ets/syscrl
# $FreeBSD: releng/10.1/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#
# How many routing_table
net.fibs=1
# Ensure ZFS uses 4k block size
vfs.zfs.min_auto_ashift=12
kern.ipc.somaxconn=2048
# set to at least 16MB for 10GE hosts
kern.ipc.maxsockbuf=16777216
# socket buffers
net.inet.tcp.recvspace=4194304
net.inet.tcp.sendspace=2097152
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.recvbuf_inc=524288
# security
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
# drop UDP packets destined for closed sockets
net.inet.udp.blackhole=1
# drop TCP packets destined for closed sockets
net.inet.tcp.blackhole=2
# ipfw
net.inet.ip.fw.verbose_limit=3
# H-TCP congestion control algorithm
net.inet.tcp.cc.algorithm=htcp
# maximum incoming and outgoing IPv4 network queue sizes
net.inet.ip.intr_queue_maxlen=2048
net.route.netisr_maxqlen=2048
net.inet.ip.redirect=0
net.inet.raw.maxdgram=16384
net.inet.raw.recvspace=16384
----
# Ensure ZFS uses 4k block size
# vfs.zfs.min_auto_ashift=12
# kern.ipc.somaxconn=2048
kern.ipc.somaxconn=4096
kern.ipc.soacceptqueue=4096
# set to at least 16MB for 10GE hosts
kern.ipc.maxsockbuf=16777216
# socket buffers
net.inet.tcp.recvspace=4194304
net.inet.tcp.sendspace=2097152
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.recvbuf_inc=524288
#
net.local.stream.recvspace=131070
net.local.stream.sendspace=131070
# security
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
# drop UDP packets destined for closed sockets
net.inet.udp.blackhole=1
# drop TCP packets destined for closed sockets
net.inet.tcp.blackhole=2
# ipfw
net.inet.ip.fw.verbose_limit=3
# H-TCP congestion control algorithm
net.inet.tcp.cc.algorithm=htcp
# maximum incoming and outgoing IPv4 network queue sizes
net.inet.ip.intr_queue_maxlen=2048
net.route.netisr_maxqlen=2048
####
# net.ip.redirect=0
# net.inet.raw.maxdgram=16384
# net.inet.raw.recvspace=16384
###############################################################################
#kern.ipc.maxsockbuf=2097152 # (wscale 6 ; default) 1G
kern.ipc.maxsockbuf=4194304 # (wscale 7) 2G
#kern.ipc.maxsockbuf=16777216 # (wscale 9) 10G
#kern.ipc.maxsockbuf=157286400 # (wscale 12) 40G
#kern.ipc.maxsockbuf=614400000 # (wscale 14) 100G
#############################
#
net.inet.tcp.recvbuf_inc=65536 # (default 16384)
net.inet.tcp.recvbuf_max=4194304 # (default 2097152)
net.inet.tcp.recvspace=65536 # (default 65536)
net.inet.tcp.sendbuf_inc=65536 # (default 8192)
net.inet.tcp.sendbuf_max=4194304 # (default 2097152)
net.inet.tcp.sendspace=65536 # (default 32768)
#
net.inet.tcp.mssdflt=1460 # Option 1 (default 536)
#net.inet.tcp.mssdflt=1240 # Option 2 (default 536)
#############################
#
net.inet.tcp.minmss=536 # (default 216)
#
net.inet.tcp.abc_l_var=44 # (default 2) if net.inet.tcp.mssdflt = 1460
#net.inet.tcp.abc_l_var=52 # (default 2) if net.inet.tcp.mssdflt = 1240
#
net.inet.tcp.initcwnd_segments=44 # (default 10 for FreeBSD 11.2) if net.inet.tcp.mssdflt = 1460
#net.inet.tcp.initcwnd_segments=52 # (default 10 for FreeBSD 11.2) if net.inet.tcp.mssdflt = 1240
#net.inet.tcp.experimental.initcwnd10=1 # (default 1 for FreeBSD 10.1)
net.inet.tcp.cc.htcp.adaptive_backoff=1 # (default 0 ; disabled)
net.inet.tcp.cc.htcp.rtt_scaling=1 # (default 0 ; disabled)
net.tcp.cc.abe=1
net.inet.tcp.rfc6675_pipe=1 # (default 0)
net.inet.tcp.syncache.rexmtlimit=0 # (default 3)
#
net.inet.ip.maxfragpackets=0 # (default 63474)
net.inet.ip.maxfragsperpacket=0 # (default 16)
net.inet6.ip6.maxfragpackets=0 # (default 507715)
net.inet6.ip6.maxfrags=0 # (default 507715)
#
net.inet.tcp.syncookies=0 # (default 1)
#
net.inet.tcp.isn_reseed_interval=4500 # (default 0, disabled)
#
net.inet.tcp.tso=0 # (default 1)
kern.random.fortuna.minpoolsize=128 # (default 64)
kern.random.harvest.mask=351 # (default 511, FreeBSD 11 and 12 without Intel Secure Key RNG)
#kern.random.harvest.mask=65887 # (default 66047, FreeBSD 12 with Intel Secure Key RNG)
#
#
net.inet.ip.redirect=0
kern.ipc.shm_use_phys=1 # lock shared memory into RAM and prevent it from being paged out to swap (default 0, disabled)
kern.msgbuf_show_timestamp=1 # display timestamp in msgbuf (default 0)
kern.randompid=1 # calculate PIDs by the modulus of an integer, set to one(1) to auto random (default 0)
net.bpf.optimize_writers=1 # bpf is write-only unless program explicitly specifies the read filter (default 0)
net.inet.icmp.drop_redirect=1 # no redirected ICMP packets (default 0)
net.inet.ip.check_interface=1 # verify packet arrives on correct interface (default 0)
net.inet.ip.portrange.first=32768 # use ports 32768 to portrange.last for outgoing connections (default 10000)
net.inet.ip.portrange.randomcps=9999 # use random port allocation if less than this many ports per second are allocated (default 10)
net.inet.ip.portrange.randomtime=1 # seconds to use sequental port allocation before switching back to random (default 45 secs)
net.inet.ip.random_id=1 # assign a random IP id to each packet leaving the system (default 0)
net.inet.ip.redirect=0 # do not send IP redirects (default 1)
net.inet6.ip6.redirect=0 # do not send IPv6 redirects (default 1)
net.inet.sctp.blackhole=2 # drop stcp packets destined for closed ports (default 0)
net.inet.tcp.blackhole=2 # drop tcp packets destined for closed ports (default 0)
net.inet.tcp.drop_synfin=1 # SYN/FIN packets get dropped on initial connection (default 0)
net.inet.tcp.fast_finwait2_recycle=1 # recycle FIN/WAIT states quickly, helps against DoS, but may cause false RST (default 0)
net.inet.tcp.fastopen.client_enable=0 # disable TCP Fast Open client side, enforce three way TCP handshake (default 1, enabled)
net.inet.tcp.fastopen.server_enable=0 # disable TCP Fast Open server side, enforce three way TCP handshake (default 0)
net.inet.tcp.finwait2_timeout=1000 # TCP FIN_WAIT_2 timeout waiting for client FIN packet before state close (default 60000, 60 sec)
net.inet.tcp.icmp_may_rst=0 # icmp may not send RST to avoid spoofed icmp/udp floods (default 1)
net.inet.tcp.keepcnt=2 # amount of tcp keep alive probe failures before socket is forced closed (default 8)
net.inet.tcp.keepidle=62000 # time before starting tcp keep alive probes on an idle, TCP connection (default 7200000, 7200 secs)
net.inet.tcp.keepinit=5000 # tcp keep alive client reply timeout (default 75000, 75 secs)
# net.inet.tcp.msl=2500 # Maximum Segment Lifetime, time the connection spends in TIME_WAIT state (default 30000, 2*MSL = 60 sec)
net.inet.tcp.path_mtu_discovery=0 # disable for mtu=1500 as most paths drop ICMP type 3 packets, but keep enabled for mtu=9000 (default 1)
net.inet.udp.blackhole=1 # drop udp packets destined for closed sockets (default 0)
net.inet.udp.recvspace=1048576 # UDP receive space, HTTP/3 webserver, "netstat -sn -p udp" and increase if full socket buffers (default 42080)
security.bsd.hardlink_check_gid=1 # unprivileged processes may not create hard links to files owned by other groups, DISABLE for mailman (default 0)
# security.bsd.hardlink_check_uid=1 # unprivileged processes may not create hard links to files owned by other users, DISABLE for mailman (default 0)
# security.bsd.see_other_gids=0 # groups only see their own processes. root can see all (default 1)
# security.bsd.see_other_uids=0 # users only see their own processes. root can see all (default 1)
# security.bsd.stack_guard_page=1 # insert a stack guard page ahead of growable segments, stack smashing protection (SSP) (default 0)
# security.bsd.unprivileged_proc_debug=0 # unprivileged processes may not use process debugging (default 1)
# security.bsd.unprivileged_read_msgbuf=0 # unprivileged processes may not read the kernel message buffer (default 1)
###############################################################################
check :
# sysctl net.inet.tcp.tso=0
#
# ifconfig vtnet0 -lro
###############################################################################
! TAG vlan
http://wiki.tomocha.net/BSD_802.1QVLAN.html
! fib
FB-setfib
! リンクアグリゲーション
FB-interface
command::
ifconfig lagg0 laggproto lacp laggport em0 laggport em1
ifconfig lagg0
rc.conf ::
ifconfig_em0="up"
ifconfig_em1="up"
ifconfig_lagg0="laggproto lacp laggport em0 laggport em1"
https://qiita.com/shiest/items/c2d559a60b8e0b561f51
https://qastack.jp/server/619574/freebsd-link-aggregation-no-faster-than-single-link
!SoftEther
https://gist.github.com/imksoo/4a768345443242e829d7b040047bd65f
! IP を複数
> ifconfig bgeo alias 192.168.16.130/28
! シングルユーザモード
FB13-single
!tips
https://calomel.org/freebsd_network_tuning.html
https://techracho.bpsinc.jp/ika/2016_12_17/30656
https://calomel.org/freebsd_network_tuning.html
https://calomel.org/freebsd_network_tuning.html
https://calomel.org/freebsd_network_tuning.html