Update tiny network tweaks 99-cachyos-settings.conf #187
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,7 +21,7 @@ vm.page-cluster = 0 | |
| # flusher threads will start writing out dirty data. | ||
| vm.dirty_background_bytes = 67108864 | ||
|
|
||
| # The kernel flusher threads will periodically wake up and write old data out to disk. This | ||
| # tunable expresses the interval between those wakeups, in 100'ths of a second (Default is 500). | ||
| vm.dirty_writeback_centisecs = 1500 | ||
|
|
||
|
|
@@ -38,9 +38,35 @@ kernel.printk = 3 3 3 3 | |
| # Restricting access to kernel pointers in the proc filesystem | ||
| kernel.kptr_restrict = 2 | ||
|
|
||
| # Set size of file handles and inode cache | ||
| # (Often tweaked alongside network settings for high-concurrency apps) | ||
| fs.file-max = 2097152 | ||
|
|
||
| # ============================================================================== | ||
| # UNIVERSAL NETWORK TUNING (Performance & Stability) | ||
| # Optimized for: Low-Latency Gaming, VPNs, and Container Routing | ||
| # ============================================================================== | ||
|
|
||
| # --- 1. IP Forwarding (Routing Support) --- | ||
| # Enables IPv4 packet forwarding. | ||
| # Benefit: Necessary for functionality in Containers and VPN Mesh networks. | ||
| # Use Case: Required for Tailscale/ProtonVPN (Exit Nodes/Subnet Routers) and Docker/Podman containers. | ||
| net.ipv4.ip_forward = 1 | ||
|
|
||
| # --- 2. MTU Probing (Connection Stability) --- | ||
| # Enables Path MTU Discovery. | ||
| # Benefit: Essential for connections involving encapsulation (VPNs) where the MTU is < 1500. | ||
| # Use Case: Fixes "black hole" connections and stalled transfers in WireGuard, OpenVPN, or mobile networks. | ||
| net.ipv4.tcp_mtu_probing = 1 | ||
|
|
||
| # --- 3. TCP Timewait Reuse (Socket Efficiency) --- | ||
| # Allows reusing sockets in TIME_WAIT state for new connections. | ||
| # Benefit: Prevents "Port Exhaustion" during high connection turnover. | ||
| # Use Case: Improves performance for P2P apps (Syncthing/Torrents) and web servers. | ||
| net.ipv4.tcp_tw_reuse = 1 | ||
|
Member
There was a problem hiding this comment. This also seems to be only beneficial for busy servers. IOW, doesn't have much effect if at all on desktops.
Contributor
Author
There was a problem hiding this comment. I agree this is a really edge-case parameter, which we could drop. It would be beneficial on desktop only for large torrenting. There was a problem hiding this comment. I can`t say much about that but: Hope that helps. |
||
|
|
||
| # --- 4. Input Packet Queue (Burst Handling) --- | ||
| # Increases the backlog queue for incoming packets. | ||
| # Benefit: Prevents losing packets when the interface receives data faster than the kernel can process it. | ||
| # Use Case: Smoother playback in streaming apps and better handling of high-speed downloads (Gigabit+). | ||
| net.core.netdev_max_backlog = 4096 | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this mainly for servers that are trying to act as routers? I don't see why this should be enabled for desktops.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We already had that enabled; I just moved this to the network section to have everything in one place.
If you are not using Docker, KVM virtualization, or VPN, then that is useless, correct.
The host kernel must forward packets from the virtual interface (e.g., docker0, virbr0) to your physical interface (e.g., Ethernet or Wi-Fi).
Since Docker, KVM, or VPN is used on the desktop, I think we should keep it enabled as we have it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know about docker, but there's no need to enable this for KVM network access or using a VPN.
a. The virtual bridge for KVM works fine accessing the host network via dnsmasq without touching this setting.
b. No, you don't need this to use a VPN. It's needed if you're hosting a VPN server.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check this:
net.ipv4.ip_forward = 1, so I think this one should still be there. I also noticed we have some Tailscale users on Discord, and Tailscale requires this one if you want to act as exit node, but yeah, that's small amount users, mostly needed for Docker.Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's very software-specific. Rather useless for the average desktop user. If the value is enabled, it applies not only to Docker but globally(for security reasons, this should remain disabled (set to 0) unless the software explicitly). With this enable (1) packages can then be forwarded. The computer acts as a router. I think if someone is using Docker or other specific (server) software, they'll already know what they need and will have to adjust it manually.
Hope that helps. KISS