Document net.inet.tcp.syncookies_only using a description taken from

tcp_syncache.c revision 1.99 of andre's commit log.

PR:	107611

1 files changed, 11 insertions, 1 deletions

diff --git a/share/man/man4/syncache.4 b/share/man/man4/syncache.4
index 5395a50..e878a4a 100644
--- a/share/man/man4/syncache.4
+++ b/share/man/man4/syncache.4
@@ -12,7 +12,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 18, 2007
+.Dd January 22, 2008
 .Dt SYNCACHE 4
 .Os
 .Sh NAME
@@ -24,6 +24,8 @@ MIBs for controlling TCP SYN caching
 .Bl -item -compact
 .It
 .Nm sysctl Cm net.inet.tcp.syncookies
+.It
+.Nm sysctl Cm net.inet.tcp.syncoockies_only
 .El
 .Pp
 .Bl -item -compact
@@ -98,6 +100,14 @@ an attacker to ACK flood a machine in an attempt to create a connection.
 While steps have been taken to mitigate this risk, this may provide a way
 to bypass firewalls which filter incoming segments with the SYN bit set.
 .Pp
+To disable the
+.Nm syncache
+and run only with
+.Nm syncookies ,
+set
+.Va net.inet.tcp.syncookies_only
+to 1.
+.Pp
 The
 .Nm
 implements a number of variables in