|
|
If you are a privileged user and need to stop and restart TCP/IP, shut down and reboot the system as described in ``Starting and stopping the system''.
Changes to client configuration, for example, name resolution using the Client Manager, also do not require TCP/IP to be restarted.
The system's LAN networking interfaces are initialized, TCP/IP configured over them, and TCP/IP services are started, when the system goes to multi-user state (state 2; see init(1M)). Following are the main steps in this process:
A request for service from a client process is handled by a daemon process running on a server. The client process may be running on the same system as the server process or the processes may be running on different systems that are connected via a network.
A TCP service requires the establishment of a long-term connection between a client and a server for the exchange of information. Applications that use the TCP protocol as their transport protocol can automatically take advantage of built-in reliablity features such as flow control and retransmission.
A UDP service provides a simple one-time response by a server to a request from a client. The UDP protocol does not establish a connection and it does not check that a transmitted UDP datagram reaches its destination. Applications that use UDP for their transport protocol must implement reliability themselves if they require this.
The TCP and UDP services that your system knows about are defined in the /etc/inet/services file (see services(4tcp)).
Several TCP/IP service daemons are always configured to be running on your system because they are frequently used or because there is a large system performance overhead involved in starting them. An example is the network unicast routing daemon, routed(1Mtcp) which is configured to run via an entry in the /etc/inet/config configuration file (see config(4tcp)). Other daemons that are listed in this file, such as the Internet domain name server daemon, named(1Mtcp), and the Network Time Protocol (NTP) daemon, xntpd(1Mtcp), also require their own configuration file to be present in the appropriate location before they will run.
Other services may require several instances of a server daemon to be run to handle requests from different clients, or may be less frequently used so their continual presence on a system is not desirable for the sake of performance. Daemons for such services are usually started by the Internet services daemon, inetd(1Mtcp) which is itself started by the Service Access Facility (SAF). Examples are the File Transfer Protocol (FTP) daemon, ftpd(1Mtcp), and the remote login daemon, rlogind(1Mtcp). If inetd receives a request for a service on a TCP or UDP port on which it has been configured to listen, it responds by starting the appropriate service daemon or rejecting the request. The daemon processes that inetd can start are defined in the /etc/inet/inetd.conf file (see inetd.conf(4tcp)).
By default, inetd does not start Internet service daemons directly. Instead, it runs the TCP wrapper daemon, in.tcpd, which controls access to services by hosts. If the wrapper daemon decides that a host is permitted access, it invokes the service daemon. If it decides that a host is bogus, it can deny access and send a report of the incident to an administrator. See ``Configuring TCP Wrappers'' for more information.
The inetd.conf file contains two configuration lines for each Internet service daemon: one to start the daemon via in.tcpd, and the other to start the daemon directly. One or both entries for a service are commented out using a ``#'' character at the start of the line. If both entries are commented out, inetd will not start the service provided that it has been told to read the file since you last changed it.
To make inetd re-read inetd.conf,
send it a SIGHUP signal using the following command:
kill -HUP `cat /etc/saf/inetd/_pid`
or stop and restart it:
sacadm -k -p inetd
sacadm -s -p inetd
If you want to enable a service, remove the comment character from the start of the appropriate line in the pair of lines for the service, ensure that the other line is commented out, and then stop and restart inetd.
Similarly, if you want to disable a service, comment out both lines for the service, and then stop and restart inetd.
You can adjust the configuration parameters for TCP/IP using the ifconfig(1Mtcp) and inconfig(1Mtcp) utilities as described in the following sections:
You can use the ifconfig(1Mtcp) command to reconfigure performance parameters for a single network interface. If you wish to make this change permanent you must edit the entry for the interface in /etc/confnet.d/inet/interface (see interface(4tcp)).
The metric, onepacket, and perf parameters affect performance.
metric can be used to artificially raise the routing
metric of the interface used by the routing daemon,
routed(1Mtcp).
This has the effect of making a route using this interface less
favorable.
For example, to set the metric for the sme0
interface to 10, enter:
/etc/ifconfig sme0 inet metric 10
onepacket enables one-packet at a time operation for
interfaces with small buffers that are unable to handle continuous
streams of back-to-back packets. This parameter takes two
arguments that allow you to define a small packet size, and the
number of these that you will permit in the receive window.
This deals with TCP/IP implementations that can send
more than one packet within the window size for the connection.
Set the small packet size and count to zero if you are not
interested in detecting small packets. For example, to set
one-packet mode with a small
packet threshold of one small packet of 512 bytes on
the en0 interface, enter:
/etc/ifconfig en0 inet onepacket 512 1
To turn off one-packet mode for this interface, enter:
/etc/ifconfig en0 inet -onepacket
perf allows you to tune performance parameters on a per-interface basis. The arguments to perf specify the default TCP receive and send window sizes in bytes, and whether TCP should restrict the size of a segment to a multiple of 1KB (when set to 0) or use all available space in a frame for a segment (when set to 1).
The following example sets the receive and send window size to
16KB, and uses the maximum space available in an
Ethernet frame for each TCP segment:
/etc/ifconfig sme0 inet perf 16384 16384 1
As root, you can use the inconfig(1Mtcp) command to change the global default TCP/IP configuration values.
For example, to enable forwarding of IP
packets, you would enter:
inconfig ipforwarding 1
inconfig updates the values of the parameters defined in /etc/inet/inet.dfl and those in use by the currently executing kernel. You do not need to reboot your system for these changes to take effect; inconfig dynamically updates the kernel with the changes you specify. Before doing so, it verifies that the values you input are valid. If they are not, the current values of the parameters are retained.
See ``Parameters'' for a description of the TCP/IP parameters that you can tune using inconfig.