note: for items where i give three default values, the first is for small machines (<12.5 MB), the second is medium machines (12.5 to 20 MB) and the third is for large machines (> 20 MB). **** AFD is the driver which handles winsock. the following values may be set under Services\Afd\Parameters: BufferAlignment, REG_DWORD - must be power of 2 and less then PAGE_SIZE, default = provided by kernel(actually hal) via KeGetRecommendedSharedDataAlignment. Afd aligns all of its buffers allocated from non-page pool to this value to avoid DMA's of misaligned buffers by the NIC. IrpStackSize, REG_DWORD, default = 4 The count of IRP stack locations used by default for AFD. Users shouldn't need to change this. PriorityBoost, REG_DWORD - 0-16, default = 2 The priority boost AFD gives to a thread when it completes I/O for that thread. If a multithreaded application experiences starvation of some threads, reducing this value may remedy the problem. IgnorePushBitOnReceives, REG_DWORD, default = 0 If this value is zero (the default) and the TCP push bit is set on a receive indication, then a larger then necessary buffer is passed down to the TCP stack. This often gives a performance boost on receives. If this value is non-zero, then the TCP push bit is ignored (this was the behaviour of NT 3.1). DisableRawSecurity, REG_DWORD default = 0; Non-zero value tells afd to not require admin privilege to open a raw socket. This only has effect for TDI transports that do not do their own security checking (don't have TDI_SERVICE_FORCE_ACCESS_CHECK flag set in their provider information structure). DisableAddressSharing, REG_DWORD, default = 0 Disallows sharing of ports between processes even if application specifies SO_REUSEADDR in an attempt to hajack some other application's port. Setting this flag will tighten security although at the expense of additional checking for each created socket as well as possibility of breaking some application which require socket sharing across processes DisableDirectAcceptEx, REG_DWORD, default = 0 If non-0, disables using IO subsystem IRPs to accept transport indicated connection requests. Some transport do not handle cancel semantics correctly, this setting might solve the problem if transport hangs the application and eventually bugchecks the system when processing accept IRP. DisableChainedReceive, REG_DWORD, default = 0 If non-0, disable registering ChainedReceive indication handler with transport. Can be used to avoid problems with NIC/transport drivers that incorrectly implement NDIS full packet/TDI chained receive indication. UseTdiSendInDisconnect, REG_DWORD, default = 0 If non-0, disables using TDI_SEND_AND_DISCONNECT flag when submitting last buffer in TransmitFile/TransmitPackets API. Can be used to avoid problems with transport drivers that do not implement this correctly (e.g. TDI filters). StandardAddressLength, REG_DWORD, default = 24 The length of TDI addresses typically used for the machine (geared towards IPv4). If the customer has a transport protocol like TP4 or IPv6 which uses very long addresses, then increasing this value will result in a slight performance improvement. DefaultReceiveWindow, REG_DWORD, default = 8192 The number of receive bytes AFD will buffer on a connection before imposing flow control. For some applications, a larger value here will give slightly better performance at the expense of increases resource utilization. Note that applications can modify this value on a per-socket basis with the SO_RCVBUF socket option. DefaultSendWindow, REG_DWORD, default = 8192 As with DefaultReceiveWindow, but for the send side of connections. LargeBufferSize, REG_DWORD, default = 3876 The size in bytes of large buffers used by AFD. smaller values use less memory, larger values can improve performance. LargBufferListDepth, REG_DWORD, default = 0/2/10 The initial maximum count of large buffers that AFD keeps in reserve. larger numbers give better performance at the cost of physical memory. Kernel adjust this value using algorithm that sample allocation and reuse frequencies, so initial value has very little if any effect. MediumBufferSize, REG_DWORD, default = 1504 Size of medium buffers. MediumBufferListDepth, REG_DWORD, default = 4/8/16 Initial max count of medium buffers in reserve. SmallBufferSize, REG_DWORD, default = 128 Size of small buffers. SmallBufferListDepth, REG_DWORD, default = 8/16/16 Initial max count of medium buffers in reserve MaxActiveTransmitFileCount, REG_DWORD, default = 0 This value controls the maximum number of simultaneous TransmitFile operations allowed. This registry value is only honored in the NT Server product; NT Workstations always use a hardcoded (not configurable) value. DefaultPacketElementCount, REG_DWORD, default = 3. Default number of packets allocated for TransmitPackets request. The default of 3 is targetted for optimal support TransmitFile which has header, body, and trailer. TransmitWorker, REG_DWORD, default=0x10 Specifies how afd should schedule work items to process long (more than one send) transmit file request. By default (0x10) afd uses system worker threads, with 0x20 it will use kernel APC's in the context of the thread that initiated the request. 0x20 reduces number of context switches and potentially improves performance, however, if thread that originated TransmitFile request is used for heavy computation, it may not be interrupted by the OS scheduler for significant period of time (up to a full quantum) and APC will not get processed thus starwing request processing EnableDynamicBacklog, REG_DWORD, default = 0 Enables dynamic backlog algorithm on listening endpoints in an attempt to thwart off syn attacks: // If the free connection count has dropped below the configured minimum, the number of "quasi-free" connections is less than the configured maximum, and we haven't already queued enough requests to take us past the maximum, then add new free connections to the endpoint. "Quasi-free" is defined as the sum of the free connection count and the count of pending TDI accepts. MinimumDynamicBacklog, REG_DWORD, default = 0 MaximumDynamicBacklog, REG_DWORD, default = 0 DynamicBacklogGrowthDelta, REG_DWORD, default = 0 Parameters in the algorithm described above. VolatileParameters, REG_DWORD, default = 0 Non-0 value makes AFD watch its parameter key for any changes and dynamically re-read them without need to restart the AFD (via system reboot). Only the Threshold values listed below are affected by this (changes in other values are ignored until AFD is restarted). BlockingSendCopyThreshold, REG_DWORD, default = 64k Blocking and overlapped sends with length above double this value will be split in two, with first part sent directly from application buffers and second part with the length of this threshold copied and sent out of the non-paged pool. This is used to avoid allocating huge amount of non-paged pool for applications that do large sends without disabling send buffering. FastSendDatagramThreshold, REG_DWORD, default = 1024 Datagrams smaller than this get bufferred on send, larger ones are pended. The default value was found by testing to be the best overall value for performance. PacketFragmentCopyThreshold, REG_DWORD, default = 1504 TransmitPacket elements smaller than this get bufferred on send, larger ones are sent directly from the application buffer. The default value was found by testing to be the best overall value for performance. TransmitIoLength, REG_DWORD, default = PAGE_SIZE,PAGE_SIZE*2,65536 the default size for I/O (reads and sends) performed by TransmitFile(). Note that for the NT workstation product, the default I/O size is exactly one page. MaxFastTransmit, REG_DWORD, default = 65536 This is the threshold count, in bytes, for the TransmitFile fast path to fail. If the caller requests a send larger than this, it will never go through the TransmitFile fast path. MaxFastCopyTransmit, REG_DWORD, default = 3876 If a TransmitFile caller requests a send smaller than this size, the operation is performed by doing a data copy from the file data to a system buffer. This is slightly faster than direct I/O for small files, but for larger files the copy overhead overwhelms the inherent efficiency of the copy operation. *********** THE KEYS BELOW SHOULD NO LONGER BE RELEVANT ********* (however, some code may be still using them) *********** SEE WINSOCK2 SPECIFICATION ************************** **** the following keys are used by the RNR (service resolution and registration) apis in winsock. these are all just "pointers" to other stuff in the registry. users should never need to change these. under CurrentControlSet\Control\ServiceProvider\Order, values: ExcludedProviders: a REG_MULTI_SZ that contains decimal values corresponding to name space providers that should be excluded. default is an empty set. some name space provider decimal values include: #define NS_SAP (1) #define NS_NDS (2) #define NS_TCPIP_LOCAL (10) #define NS_TCPIP_HOSTS (11) #define NS_DNS (12) #define NS_NETBT (13) #define NS_WINS (14) #define NS_NBP (20) #define NS_MS (30) #define NS_STDA (31) #define NS_NTDS (32) #define NS_X500 (40) #define NS_NIS (41) for example, setting ExcludedProviders to "1" "12" means that GetAddressByName() will not attempt to use SAP or DNS when doing typical name resolution operations. ProviderOrder: a REG_MULTI_SZ that contains strings corresponding to keys under CurrentControlSet\Services. these keys must have a ServiceProvider subkey which provides information about the name space provider, especially Class and ProviderPath values. **** the following values are relevent to TCP/IP name resolution (gethostbyname()) and the GetAddressByName() API. under Services\Tcpip\ServiceProvider: Class, REG_DWORD, default = 8. should never change--this indicates that TCPIP is a name service provider. DnsPriority, REG_DWORD, default = 0x7D0 HostsPriority, REG_DWORD, default = 0x1F4 LocalPriority, REG_DWORD, default = 0x1F3 NetbtPriority, REG_DWORD, default = 0x7D1 these priority values are used to determine the order of name resolutions. low priority mechanisms are used first, so the default order is local, hosts, dns, netbt. if someone wants a different name resolution order, readjust the priority values as needed. note that values under 1000 decimal are considered "fast" name resolution providers, so putting network-based resolution mechanisms like dns and netbt at values under 1000 may have weird effects. Name, REG_SZ, default = "TCP/IP" no need to change. ProviderPath, REG_SZ, default = "%SystemRoot%\System32\wsock32.dll" points to the dll that does tcpip name resolution. there is no need to change this. **** there are other keys associated with netware name resolution. chuck chan will comment on their names and meaning.