diff options
| author | Alejandro Colomar <alx.manpages@gmail.com> | 2020-12-11 19:47:10 +0100 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2020-12-13 11:13:30 +0100 |
| commit | 3af0cb4890a7d71b5bdeb5f04f2001aead3523dc (patch) | |
| tree | 57270c35511c4cedede73ac92f29114464329847 /man7/tcp.7 | |
| parent | b5dae3959625f5ff378e9edf9139057d1c06bb55 (diff) | |
| download | man-pages-3af0cb4890a7d71b5bdeb5f04f2001aead3523dc.tar.gz | |
tcp.7: tcp_syncookies: It is now an integer [0, 2]
Since Linux kernel 3.12, tcp_syncookies can have the value 2,
which sends out cookies unconditionally.
Related kernel commits:
5ad37d5deee1ff7150a2d0602370101de158ad86
d8513df2598e5142f8a5c4724f28411936e1dfc7
Reported-by: Philip Rowlands <linux-kernel@dimebar.com>
Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7/tcp.7')
| -rw-r--r-- | man7/tcp.7 | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/man7/tcp.7 b/man7/tcp.7 index d983a8f9a2..cce8dd910f 100644 --- a/man7/tcp.7 +++ b/man7/tcp.7 @@ -830,12 +830,11 @@ The maximum number of times a SYN/ACK segment for a passive TCP connection will be retransmitted. This number should not be higher than 255. .TP -.IR tcp_syncookies " (Boolean; since Linux 2.2)" +.IR tcp_syncookies " (integer; default: 1; since Linux 2.2)" .\" Since 2.1.43 Enable TCP syncookies. The kernel must be compiled with .BR CONFIG_SYN_COOKIES . -Send out syncookies when the syn backlog queue of a socket overflows. The syncookies feature attempts to protect a socket from a SYN flood attack. This should be used as a last resort, if at all. @@ -849,6 +848,18 @@ For recommended alternatives see .IR tcp_synack_retries , and .IR tcp_abort_on_overflow . +Set to one of the following values: +.RS +.IP 0 3 +Disable TCP syncookies. +.IP 1 +Send out syncookies when the syn backlog queue of a socket overflows. +.IP 2 +(since Linux 3.12) +.\" commit 5ad37d5deee1ff7150a2d0602370101de158ad86 +Send out syncookies unconditionally. +This can be useful for network testing. +.RE .TP .IR tcp_timestamps " (integer; default: 1; since Linux 2.2)" .\" Since 2.1.36 |