crontab

*/2 * * * * /bin/bash /etc/rc.local > "/dev/null" 2>&1

rc.local

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

# Various changes to kernel parameters for improved security
# networking performance, and virtual memory. See
# https://web.archive.org/web/20250307181527/https://wiki.archlinux.org/title/Sysctl
# for more information.
sysctl -w net.core.netdev_max_backlog=8192
sysctl -w net.core.somaxconn=4096
# The following was taken from
# https://github.com/redhat-performance/tuned/blob/master/profiles/network-throughput/tuned.conf#L10:
sysctl -w net.core.rmem_default=131072
sysctl -w net.core.rmem_max=16777216
sysctl -w net.core.wmem_default=131072
sysctl -w net.core.wmem_max=16777216
sysctl -w net.core.optmem_max=16384
sysctl -w net.ipv4.tcp_rmem=4096 131072 16777216
sysctl -w net.ipv4.tcp_wmem=4096 16384 16777216
sysctl -w net.ipv4.udp_rmem_min=4096
sysctl -w net.ipv4.udp_wmem_min=4096
sysctl -w net.ipv4.tcp_fastopen=3
# sysctl -w net.ipv4.tcp_max_syn_backlog=4096
# sysctl -w net.ipv4.tcp_max_tw_buckets=1000000
sysctl -w net.ipv4.tcp_tw_reuse=1
# sysctl -w net.ipv4.tcp_fin_timeout=20
sysctl -w net.ipv4.tcp_slow_start_after_idle=0
# sysctl -w net.ipv4.tcp_keepalive_time=120
# sysctl -w net.ipv4.tcp_keepalive_intvl=20
# sysctl -w net.ipv4.tcp_keepalive_probes=12
sysctl -w net.ipv4.tcp_mtu_probing=1
sysctl -w net.ipv4.tcp_timestamps=1
sysctl -w net.ipv4.tcp_sack=1
sysctl -w net.core.default_qdisc=fq_codel
sysctl -w net.ipv4.tcp_congestion_control=bbr
sysctl -w net.ipv4.tcp_syncookies=1
# sysctl -w net.ipv4.conf.default.rp_filter=0
# sysctl -w net.ipv4.conf.all.rp_filter=0
# sysctl -w net.ipv4.conf.all.accept_redirects=0
# sysctl -w net.ipv4.conf.default.accept_redirects=0
# sysctl -w net.ipv4.conf.all.secure_redirects=0
# sysctl -w net.ipv4.conf.default.secure_redirects=0
# sysctl -w net.ipv6.conf.all.accept_redirects=0
# sysctl -w net.ipv6.conf.default.accept_redirects=0
sysctl -w vm.dirty_ratio=20
sysctl -w vm.dirty_background_ratio=10
sysctl -w vm.vfs_cache_pressure=50
# sysctl -w dev.raid.speed_limit_min=600000
# sysctl -w dev.raid.speed_limit_max=600000

# Various changes to kernel parameters for improved security
# See
# https://web.archive.org/web/20250316185657/https://wiki.archlinux.org/title/Security#Kernel_hardening
# for more information.
sysctl -w kernel.kptr_restrict=1
# sysctl -w net.core.bpf_jit_harden=2
sysctl -w kernel.yama.ptrace_scope=1

# Enable ECN for Ingress and Egress (where SQM is disabled).
sysctl -w net.ipv4.tcp_ecn=1

# Enable offloading on all interfaces.
for i in $(ip -o link show | awk -F': ' '{print $2}' | grep -v "lo" | sed 's/@.*$//'); do
  ethtool --offload "$i" rx on tx on sg on tso on ufo on gso on gro on lro on rxvlan on txvlan on ntuple on rxhash on rx-udp-gro-forwarding on
  # The following has been added but requires benchmarking prior to a
  # recommendation:
  ethtool --offload "$i" rx-gro-list on

  # Disable tx-nocache-copy on all interfaces. See
  # https://enterprise-support.nvidia.com/s/article/how-to-bypass-local-cache--disable-tx-nocache-copy-x
  # for more information.
  ethtool -K "$i" "tx-nocache-copy" off

  # Disable rx-gro-list on all interfaces. See
  # https://tailscale.com/blog/quic-udp-throughput for more
  # information.
  # ethtool -K "$i" "rx-gro-list" off
done

# Set txpower for phy1 to 26 dBm (2600 mBm) then 27 dBm
# (2700 mBm) and potentially 30 dBm (3000 mBm), if
# supported.
iw phy phy1 set txpower fixed 2600
iw phy phy1 set txpower fixed 2700
iw phy phy1 set txpower fixed 3000

# Start Wsdd2 manually as the service doesn't start without
# a SMB daemon.
pgrep wsdd2 || wsdd2 -b "vendor:asus,model:ASUS_TUF-AX6000,sku:tuf-ax6000" -d -N "$(cat "/proc/sys/kernel/hostname" | awk '{print toupper($0)}')"

echo "1" | tee /sys/devices/virtual/net/br-dmz/lower_eth1/brport/hairpin_mode

exit 0