mirror of https://github.com/mkerrisk/man-pages
tcp.7: tcp_syncookies: It is now an integer [0, 2]
Since Linux kernel 3.12, tcp_syncookies can have the value 2, which sends out cookies unconditionally. Related kernel commits: 5ad37d5deee1ff7150a2d0602370101de158ad86 d8513df2598e5142f8a5c4724f28411936e1dfc7 Reported-by: Philip Rowlands <linux-kernel@dimebar.com> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
b5dae39596
commit
3af0cb4890
15
man7/tcp.7
15
man7/tcp.7
|
@ -830,12 +830,11 @@ The maximum number of times a SYN/ACK segment
|
|||
for a passive TCP connection will be retransmitted.
|
||||
This number should not be higher than 255.
|
||||
.TP
|
||||
.IR tcp_syncookies " (Boolean; since Linux 2.2)"
|
||||
.IR tcp_syncookies " (integer; default: 1; since Linux 2.2)"
|
||||
.\" Since 2.1.43
|
||||
Enable TCP syncookies.
|
||||
The kernel must be compiled with
|
||||
.BR CONFIG_SYN_COOKIES .
|
||||
Send out syncookies when the syn backlog queue of a socket overflows.
|
||||
The syncookies feature attempts to protect a
|
||||
socket from a SYN flood attack.
|
||||
This should be used as a last resort, if at all.
|
||||
|
@ -849,6 +848,18 @@ For recommended alternatives see
|
|||
.IR tcp_synack_retries ,
|
||||
and
|
||||
.IR tcp_abort_on_overflow .
|
||||
Set to one of the following values:
|
||||
.RS
|
||||
.IP 0 3
|
||||
Disable TCP syncookies.
|
||||
.IP 1
|
||||
Send out syncookies when the syn backlog queue of a socket overflows.
|
||||
.IP 2
|
||||
(since Linux 3.12)
|
||||
.\" commit 5ad37d5deee1ff7150a2d0602370101de158ad86
|
||||
Send out syncookies unconditionally.
|
||||
This can be useful for network testing.
|
||||
.RE
|
||||
.TP
|
||||
.IR tcp_timestamps " (integer; default: 1; since Linux 2.2)"
|
||||
.\" Since 2.1.36
|
||||
|
|
Loading…
Reference in New Issue