sysctl 未允禁转 2022-11-25

关键词

• sysctl
• directory /proc/sys/
• kernel

有什么用

sysctl在运行时配置内核参数

Sysctl is a means of configuring certain aspects of the kernel at run-time, and the /proc/sys/ directory is there so that you don’t even need special tools to do it! In fact, there are only 4 things needed to use these config facilities:

• a running Linux system
• root access
• common sense
• knowledge of what all those kernel parameters-values mean

可以配置哪些内核参数

可用的内核参数在目录/proc/sys

As a quick ls /proc/sys will show, the directory consists of several (arch-dependent?) subdirs. Each subdir is mainly about one part of the kernel, so you can do configuration on a piece by piece basis, or just some ‘thematic frobbing’.

[root@CENT64 /proc/sys]# ls
abi  debug  dev  fs  kernel  net  sunrpc  svr_nf  tkernel  vm
[root@CENT64 /proc/sys]# 

上例中/proc/sys下有10个目录，abi debug dev fs kernel net sunrpc svr_nf tkernel vm，对应可以配置的10类内核参数。如/proc/sys/net/core/somaxconn对应sysctl command的参数net.core.somaxconn

查看和修改sysctl配置

查看当前sysctl某个参数的配置. e.g.
sysctl -a | grep net.ipv6.neigh.lo.locktime

临时改变内核参数，重启系统后参数丢失（就是改了存储在ram中的参数，断电后丢失）. e.g.
/sbin/sysctl -w kernel.domainname="example.com"

改变内核参数并持久化（修改sysctl.conf，每次开机运行都会加载这里的sysctl配置）

vim /etc/sysctl.conf; 
sysctl -p/etc/sysctl.conf  # Load in sysctl settings from the file specified or /etc/sysctl.conf if none given.

what does sysctl -p actually do?

sysctl -pConfFilePath其实就是把ConfFilePath的内容读出来，一一写入/proc/sys/对应的文件中，而/proc/sys/就是我们配置内核的接口

introduction to /proc/sys

The proc filesystem is a pseudo-filesystem which provides an interface to kernel data structures.
It is commonly mounted at /proc.
Typically, it is mounted automatically by the system, but it can also be mounted manually using a command such as:

    mount -t proc proc /proc

Most of the files in the proc filesystem are read-only, but some files are writable, allowing kernel variables to be changed.

procfs是Linux内核信息的抽象文件接口，大量内核中的信息以及可调参数都被作为常规文件映射到一个目录树中，这样我们就可以简单直接的通过echo或cat这样的文件操作命令对系统信息进行查取和调整了

而Linux内核的大部分默认可调参数都被放在了/proc/sys目录下，这些参数都以常规文件的形式承载，并且可以用echo/cat等文件操作命令进行调整，调整的效果是即时的，并且在系统运行的整个生命周期之间都有效(直到再次改变它们或者系统重启。我们使用sysctl命令查看内核参数，实际上查看的就是当前/proc/sys/对应文件中的值

[root@CENT64 /proc/sys/net/core]# mount | grep /proc
proc on /proc type proc (rw,relatime) # type proc 说明是procfs文件系统
etc... 
[root@CENT64 /proc/sys/net/core]# 
[root@CENT64 /proc/sys/net/core]# sysctl net.core.somaxconn
net.core.somaxconn = 256
[root@CENT64 /proc/sys/net/core]# echo 128 > /proc/sys/net/core/somaxconn 
[root@CENT64 /proc/sys/net/core]# sysctl net.core.somaxconn
net.core.somaxconn = 128
[root@CENT64 /proc/sys/net/core]#

but what about the case below? it seems that changing net.ipv6.neigh.lo.locktime does not work

[root@CENT64 ~]# echo "net.ipv6.neigh.lo.locktime = 1" >> /etc/sysctl.conf
[root@CENT64 ~]# cat /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv6.neigh.lo.locktime = 1
[root@CENT64 ~]# sysctl -a | grep net.ipv6.neigh.lo.locktime
net.ipv6.neigh.lo.locktime = 0
[root@CENT64 ~]# sysctl -p
net.ipv6.neigh.lo.locktime = 1
[root@CENT64 ~]# sysctl -a | grep net.ipv6.neigh.lo.locktime
net.ipv6.neigh.lo.locktime = 0
[root@CENT64 ~]# sysctl net.ipv6.neigh.lo.locktime
net.ipv6.neigh.lo.locktime = 0
[root@CENT64 ~]# echo 1 > /proc/sys/net/ipv6/neigh/lo/locktime 
[root@CENT64 /proc/sys/net/core]# sysctl net.ipv6.neigh.lo.locktime
net.ipv6.neigh.lo.locktime = 0
### 看起来对net.ipv6.neigh.lo.locktime的设置无效
### 下面看看对net.core.somaxconn和net.core.wmem_default的配置
[root@CENT64 ~]# 
[root@CENT64 ~]# sysctl net.core.somaxconn
net.core.somaxconn = 128
[root@CENT64 ~]# echo "net.core.somaxconn=32768" >> /etc/sysctl.conf
[root@CENT64 ~]# sysctl -p
net.ipv6.neigh.lo.locktime = 1
net.core.somaxconn = 32768
[root@CENT64 ~]# sysctl net.core.somaxconn
net.core.somaxconn = 32768
[root@CENT64 ~]# sysctl net.core.wmem_default
net.core.wmem_default = 229376
[root@CENT64 ~]# echo "net.core.wmem_default=8388608" >> /etc/sysctl.conf 
[root@CENT64 ~]# sysctl -p
net.ipv6.neigh.lo.locktime = 1
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
[root@CENT64 ~]# sysctl net.core.wmem_default
net.core.wmem_default = 8388608
### 对net.core.somaxconn和net.core.wmem_default的配置都正常生效，可能本机上net.ipv6.neigh.lo.locktime被其他因素影响了

小结

/proc/sys是操作系统以文件形式对外提供的配置内核的接口，sysctl -p会把指定文件的配置刷入/proc/sys从而实现对内核的配置

sysctl
  |
/proc/sys  (the interface of kernel config based on procfs)
  |
kernel