From 3af0cb4890a7d71b5bdeb5f04f2001aead3523dc Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Fri, 11 Dec 2020 19:47:10 +0100 Subject: [PATCH] tcp.7: tcp_syncookies: It is now an integer [0, 2] Since Linux kernel 3.12, tcp_syncookies can have the value 2, which sends out cookies unconditionally. Related kernel commits: 5ad37d5deee1ff7150a2d0602370101de158ad86 d8513df2598e5142f8a5c4724f28411936e1dfc7 Reported-by: Philip Rowlands Signed-off-by: Alejandro Colomar Cc: Eric Dumazet Cc: Hannes Frederic Sowa Cc: David S. Miller Signed-off-by: Michael Kerrisk --- man7/tcp.7 | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/man7/tcp.7 b/man7/tcp.7 index d983a8f9a..cce8dd910 100644 --- a/man7/tcp.7 +++ b/man7/tcp.7 @@ -830,12 +830,11 @@ The maximum number of times a SYN/ACK segment for a passive TCP connection will be retransmitted. This number should not be higher than 255. .TP -.IR tcp_syncookies " (Boolean; since Linux 2.2)" +.IR tcp_syncookies " (integer; default: 1; since Linux 2.2)" .\" Since 2.1.43 Enable TCP syncookies. The kernel must be compiled with .BR CONFIG_SYN_COOKIES . -Send out syncookies when the syn backlog queue of a socket overflows. The syncookies feature attempts to protect a socket from a SYN flood attack. This should be used as a last resort, if at all. @@ -849,6 +848,18 @@ For recommended alternatives see .IR tcp_synack_retries , and .IR tcp_abort_on_overflow . +Set to one of the following values: +.RS +.IP 0 3 +Disable TCP syncookies. +.IP 1 +Send out syncookies when the syn backlog queue of a socket overflows. +.IP 2 +(since Linux 3.12) +.\" commit 5ad37d5deee1ff7150a2d0602370101de158ad86 +Send out syncookies unconditionally. +This can be useful for network testing. +.RE .TP .IR tcp_timestamps " (integer; default: 1; since Linux 2.2)" .\" Since 2.1.36