From bf67f2b591167c1c28ce337c6810e3dabce6790b Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 14 Feb 2025 09:07:47 +0100
Subject: [PATCH] system: a few more #7440

Leave vm.pmap.pti and hw.ibrs_disable im the sysctl tag for legacy
reasons at the moment keeping their "optional" status.
---
 src/etc/config.xml.sample                     | 30 -------------------
 src/etc/inc/system.inc                        | 12 ++++----
 .../models/OPNsense/ACL/AclConfig/config.xml  | 30 -------------------
 3 files changed, 6 insertions(+), 66 deletions(-)

diff --git a/src/etc/config.xml.sample b/src/etc/config.xml.sample
index f6ea81563..694b3af39 100644
--- a/src/etc/config.xml.sample
+++ b/src/etc/config.xml.sample
@@ -3,36 +3,6 @@
   <trigger_initial_wizard/>
   <theme>opnsense</theme>
   <sysctl>
-    <item>
-      <descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
-      <tunable>net.inet.tcp.syncookies</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
-      <tunable>net.inet.tcp.recvspace</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
-      <tunable>net.inet.tcp.sendspace</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
-      <tunable>net.inet.tcp.delayed_ack</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Enable TCP extended debugging]]></descr>
-      <tunable>net.inet.tcp.log_debug</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[TCP Offload Engine]]></descr>
-      <tunable>net.inet.tcp.tso</tunable>
-      <value>default</value>
-    </item>
     <item>
       <descr><![CDATA[Page Table Isolation (Meltdown mitigation, requires reboot.)]]></descr>
       <tunable>vm.pmap.pti</tunable>
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index 1700d6e6b..b002aedb4 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -95,13 +95,13 @@ function system_sysctl_defaults()
         'net.inet.ip.redirect' => [ 'default' => '0' ],
         'net.inet.ip.sourceroute' => [ 'default' => '0' ],
         'net.inet.tcp.blackhole' => [ 'default' => '2' ],
-        'net.inet.tcp.delayed_ack' => [ 'default' => '0', 'optional' => true ],
+        'net.inet.tcp.delayed_ack' => [ 'default' => '0' ],
         'net.inet.tcp.drop_synfin' => [ 'default' => '1' ],
-        'net.inet.tcp.log_debug' => [ 'default' => '0', 'optional' => true ],
-        'net.inet.tcp.recvspace' => [ 'default' => '65228', 'optional' => true ],
-        'net.inet.tcp.sendspace' => [ 'default' => '65228' , 'optional' => true],
-        'net.inet.tcp.syncookies' => [ 'default' => '1', 'optional' => true ],
-        'net.inet.tcp.tso' => [ 'default' => '1', 'optional' => true ],
+        'net.inet.tcp.log_debug' => [ 'default' => '0' ],
+        'net.inet.tcp.recvspace' => [ 'default' => '65228' ],
+        'net.inet.tcp.sendspace' => [ 'default' => '65228' ],
+        'net.inet.tcp.syncookies' => [ 'default' => '1' ],
+        'net.inet.tcp.tso' => [ 'default' => '1' ],
         'net.inet.udp.blackhole' => [ 'default' => '1' ],
         'net.inet.udp.checksum' => [ 'default' => 1 ],
         'net.inet.udp.maxdgram' => [ 'default' => '57344' ],
diff --git a/src/opnsense/mvc/tests/app/models/OPNsense/ACL/AclConfig/config.xml b/src/opnsense/mvc/tests/app/models/OPNsense/ACL/AclConfig/config.xml
index 6219d27f9..941c78088 100644
--- a/src/opnsense/mvc/tests/app/models/OPNsense/ACL/AclConfig/config.xml
+++ b/src/opnsense/mvc/tests/app/models/OPNsense/ACL/AclConfig/config.xml
@@ -3,36 +3,6 @@
   <trigger_initial_wizard/>
   <theme>opnsense</theme>
   <sysctl>
-    <item>
-      <descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
-      <tunable>net.inet.tcp.syncookies</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
-      <tunable>net.inet.tcp.recvspace</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
-      <tunable>net.inet.tcp.sendspace</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
-      <tunable>net.inet.tcp.delayed_ack</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Enable TCP extended debugging]]></descr>
-      <tunable>net.inet.tcp.log_debug</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[TCP Offload Engine]]></descr>
-      <tunable>net.inet.tcp.tso</tunable>
-      <value>default</value>
-    </item>
     <item>
       <descr><![CDATA[Page Table Isolation (Meltdown mitigation, requires reboot.)]]></descr>
       <tunable>vm.pmap.pti</tunable>