diff --git a/usr/lib/sysctl.d/99-cachyos-settings.conf b/usr/lib/sysctl.d/99-cachyos-settings.conf index 15b1085..7b0126f 100644 --- a/usr/lib/sysctl.d/99-cachyos-settings.conf +++ b/usr/lib/sysctl.d/99-cachyos-settings.conf @@ -38,9 +38,94 @@ kernel.printk = 3 3 3 3 # Restricting access to kernel pointers in the proc filesystem kernel.kptr_restrict = 2 -# Increase netdev receive queue -# May help prevent losing packets -net.core.netdev_max_backlog = 4096 - # Set size of file handles and inode cache fs.file-max = 2097152 + +# ============================================================================== +# Optimized for: Low-Latency Gaming, High-Throughput File Transfer, VPNs +# Target Environments: Wired (1Gbps+), Wireless (Wi-Fi/5G), High Jitter +# ============================================================================== + +# --- 1. Maximum Socket Buffer Size (Throughput Optimization) --- +# Increases the maximum window size for TCP/UDP. +# Benefit: Allows high-performance devices to saturate Gigabit+ and WAN links. +# Use Case: Prevents throttling in high-bandwidth apps like Syncthing (Large Syncs), Steam Downloads, and Sunshine/Moonlight (4K HDR Streams). +net.core.rmem_max = 33554432 +net.core.wmem_max = 33554432 + +# --- 2. Default Socket Buffer Size (Universal Baseline) --- +# Sets a baseline buffer larger than the generic Linux default (~212KB). +# Benefit: Improves throughput stability on all connections without app-specific tuning. +# Constraint: Safe for low-memory devices (4GB+ RAM) to prevent OOM conditions. +net.core.rmem_default = 1048576 +net.core.wmem_default = 1048576 + +# --- 3. UDP Safety Floor (Audio/Input Stability) --- +# Sets a minimum buffer reservation for every UDP socket (Default 4096 -> 8192). +# Benefit: Eliminates "robotic" audio and input drops during CPU usage spikes by ensuring breathing room. +# Use Case: Critical for 7.1 Surround Sound in Moonlight and glitch-free calls in high-load scenarios. +net.ipv4.udp_rmem_min = 8192 +net.ipv4.udp_wmem_min = 8192 + +# --- 4. Input Packet Queue (Burst Handling) --- +# Increases the backlog queue for incoming packets. +# Benefit: Prevents packet drops on wireless (Wi-Fi/5G) networks where data often arrives in "clumps" or bursts due to signal jitter. +# Use Case: Smoother playback in Moonlight/Parsec and fewer re-transmits in WireGuard. +net.core.netdev_max_backlog = 4096 + +# --- 5. Connection Queue Limit (Startup Storms) --- +# Increases the maximum number of pending connections waiting to be accepted. +# Benefit: Prevents "Connection Refused" errors during sudden bursts of connection attempts. +# Use Case: Ensures Syncthing connects to all peers instantly at startup; stabilizes Tailscale subnet routers. +net.core.somaxconn = 8192 + +# --- 6. TCP Write Limit (Anti-Bufferbloat) --- +# Limits the amount of unsent data in the TCP write buffer. +# Benefit: Drastically reduces bufferbloat and input latency by keeping data "fresh". +# Use Case: Critical for reducing input lag in RustDesk, Moonlight, and SSH sessions. +net.ipv4.tcp_notsent_lowat = 131072 + +# --- 7. MTU Probing (Connection Stability) --- +# Enables Path MTU Discovery. +# Benefit: Essential for connections involving encapsulation where the MTU is < 1500. +# Use Case: Fixes "black hole" connections and stalled transfers in Tailscale, ZeroTier, and Docker networks running over Cellular/5G. +net.ipv4.tcp_mtu_probing = 1 + +# --- 8. Fast Resume (Responsiveness) --- +# Disables "Slow Start" after a connection has been idle. +# Benefit: Ensures immediate maximum throughput when resuming a stream or transfer. +# Use Case: Prevents "ramp up" blurriness when unpausing a Sunshine stream or resuming a Syncthing transfer after idle. +net.ipv4.tcp_slow_start_after_idle = 0 + +# --- 9. Aggressive Keepalives (NAT Persistence) --- +# Reduces the time before keepalive packets are sent (Default: 120s on Arch Linux -> 60s). +# https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/51 +# Benefit: Prevents aggressive Carrier-Grade NATs (CGNAT) or Mobile Networks from closing idle connections. +# Use Case: Keeps RustDesk, SSH, and Database connections alive on mobile data. +net.ipv4.tcp_keepalive_time = 60 +net.ipv4.tcp_keepalive_intvl = 10 +net.ipv4.tcp_keepalive_probes = 6 + +# --- 10. IP Forwarding (Routing Support) --- +# Enables IPv4 packet forwarding. +# Benefit: Necessary for functionality in Containers and VPN Mesh networks. +# Use Case: Required for Tailscale (Exit Nodes/Subnet Routers) and Docker/Podman. +net.ipv4.ip_forward = 1 + +# --- 11. Half-Open Connection Queue (DDoS/Storm Protection) --- +# Increases the queue for connections that are sending SYN but haven't ACKed yet. +# Benefit: Prevents dropped connections when many peers try to connect at the exact same second. +# Use Case: Vital for Syncthing when waking up a device with 20+ peers. +net.ipv4.tcp_max_syn_backlog = 8192 + +# --- 12. Socket Cleanup (Resource Recycling) --- +# Reduces the time a closed connection stays in "FIN-WAIT-2" (Default 60s -> 30s). +# Benefit: Releases memory and port handles faster after a disconnect. +# Use Case: Helps Syncthing and Web Browsers free up resources during heavy P2P usage. +net.ipv4.tcp_fin_timeout = 30 + +# --- 13. TCP Timewait Reuse (P2P Optimization) --- +# Allows reusing sockets in TIME_WAIT state for new connections. +# Benefit: Prevents "Port Exhaustion" when Syncthing rotates through hundreds of peers. +# Use Case: Keeps Syncthing fast during heavy multi-peer syncing. +net.ipv4.tcp_tw_reuse = 1