tcp.7: tcp_syncookies: It is now an integer [0, 2]

Since Linux kernel 3.12, tcp_syncookies can have the value 2, which sends out cookies unconditionally. Related kernel commits: 5ad37d5deee1ff7150a2d0602370101de158ad86 d8513df2598e5142f8a5c4724f28411936e1dfc7 Reported-by: Philip Rowlands <linux-kernel@dimebar.com> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-12-11 19:47:10 +01:00 · 2020-12-11 19:47:10 +01:00 · 3af0cb4890
parent b5dae39596
commit 3af0cb4890
1 changed files with 13 additions and 2 deletions
--- a/man7/tcp.7
+++ b/man7/tcp.7
@ -830,12 +830,11 @@ The maximum number of times a SYN/ACK segment
 for a passive TCP connection will be retransmitted.
 This number should not be higher than 255.
 .TP
-.IR tcp_syncookies " (Boolean; since Linux 2.2)"
+.IR tcp_syncookies " (integer; default: 1; since Linux 2.2)"
 .\" Since 2.1.43
 Enable TCP syncookies.
 The kernel must be compiled with
 .BR CONFIG_SYN_COOKIES .
-Send out syncookies when the syn backlog queue of a socket overflows.
 The syncookies feature attempts to protect a
 socket from a SYN flood attack.
 This should be used as a last resort, if at all.
@ -849,6 +848,18 @@ For recommended alternatives see
 .IR tcp_synack_retries ,
 and
 .IR tcp_abort_on_overflow .
+Set to one of the following values:
+.RS
+.IP 0 3
+Disable TCP syncookies.
+.IP 1
+Send out syncookies when the syn backlog queue of a socket overflows.
+.IP 2
+(since Linux 3.12)
+.\" commit 5ad37d5deee1ff7150a2d0602370101de158ad86
+Send out syncookies unconditionally.
+This can be useful for network testing.
+.RE
 .TP
 .IR tcp_timestamps " (integer; default: 1; since Linux 2.2)"
 .\" Since 2.1.36