summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortrhodes <trhodes@FreeBSD.org>2008-01-22 18:35:23 +0000
committertrhodes <trhodes@FreeBSD.org>2008-01-22 18:35:23 +0000
commit99f7e3c6dbb47cabf8e8c6d2c82aef0c888608e1 (patch)
tree776d485039441c07aa289e25b3b44554b708a235
parent284acd07811df2f3bec640e57f13586c261e76e0 (diff)
downloadFreeBSD-src-99f7e3c6dbb47cabf8e8c6d2c82aef0c888608e1.zip
FreeBSD-src-99f7e3c6dbb47cabf8e8c6d2c82aef0c888608e1.tar.gz
Document net.inet.tcp.syncookies_only using a description taken from
tcp_syncache.c revision 1.99 of andre's commit log. PR: 107611
-rw-r--r--share/man/man4/syncache.412
1 files changed, 11 insertions, 1 deletions
diff --git a/share/man/man4/syncache.4 b/share/man/man4/syncache.4
index 5395a50..e878a4a 100644
--- a/share/man/man4/syncache.4
+++ b/share/man/man4/syncache.4
@@ -12,7 +12,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 18, 2007
+.Dd January 22, 2008
.Dt SYNCACHE 4
.Os
.Sh NAME
@@ -24,6 +24,8 @@ MIBs for controlling TCP SYN caching
.Bl -item -compact
.It
.Nm sysctl Cm net.inet.tcp.syncookies
+.It
+.Nm sysctl Cm net.inet.tcp.syncoockies_only
.El
.Pp
.Bl -item -compact
@@ -98,6 +100,14 @@ an attacker to ACK flood a machine in an attempt to create a connection.
While steps have been taken to mitigate this risk, this may provide a way
to bypass firewalls which filter incoming segments with the SYN bit set.
.Pp
+To disable the
+.Nm syncache
+and run only with
+.Nm syncookies ,
+set
+.Va net.inet.tcp.syncookies_only
+to 1.
+.Pp
The
.Nm
implements a number of variables in
OpenPOWER on IntegriCloud