diff options
| -rw-r--r-- | man7/tcp.7 | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/man7/tcp.7 b/man7/tcp.7 index d983a8f9a2..cce8dd910f 100644 --- a/man7/tcp.7 +++ b/man7/tcp.7 @@ -830,12 +830,11 @@ The maximum number of times a SYN/ACK segment for a passive TCP connection will be retransmitted. This number should not be higher than 255. .TP -.IR tcp_syncookies " (Boolean; since Linux 2.2)" +.IR tcp_syncookies " (integer; default: 1; since Linux 2.2)" .\" Since 2.1.43 Enable TCP syncookies. The kernel must be compiled with .BR CONFIG_SYN_COOKIES . -Send out syncookies when the syn backlog queue of a socket overflows. The syncookies feature attempts to protect a socket from a SYN flood attack. This should be used as a last resort, if at all. @@ -849,6 +848,18 @@ For recommended alternatives see .IR tcp_synack_retries , and .IR tcp_abort_on_overflow . +Set to one of the following values: +.RS +.IP 0 3 +Disable TCP syncookies. +.IP 1 +Send out syncookies when the syn backlog queue of a socket overflows. +.IP 2 +(since Linux 3.12) +.\" commit 5ad37d5deee1ff7150a2d0602370101de158ad86 +Send out syncookies unconditionally. +This can be useful for network testing. +.RE .TP .IR tcp_timestamps " (integer; default: 1; since Linux 2.2)" .\" Since 2.1.36 |