diff options
author | bmah <bmah@FreeBSD.org> | 2001-12-20 17:42:49 +0000 |
---|---|---|
committer | bmah <bmah@FreeBSD.org> | 2001-12-20 17:42:49 +0000 |
commit | 54203dfec2faff806d6cd1994d308ea3ef6d3621 (patch) | |
tree | 45c23d4b8f5b0aab8ad2bbc6525237075266400a /release | |
parent | 9562ac6964268e9552c4a91e037f388993ba31af (diff) | |
download | FreeBSD-src-54203dfec2faff806d6cd1994d308ea3ef6d3621.zip FreeBSD-src-54203dfec2faff806d6cd1994d308ea3ef6d3621.tar.gz |
Modified release note: syncache with syncookies.
Diffstat (limited to 'release')
-rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/article.sgml | 8 | ||||
-rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 8 |
2 files changed, 12 insertions, 4 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index b6f4ea0..b3dcb12 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -764,8 +764,12 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> outstanding, received SYN segments. Incoming SYN segments now cause entries to be placed in the cache until the TCP three-way handshake is complete, at which point, memory is allocated for - the connection as usual. This so-called - <quote>syncache</quote> makes a host much more resistant to + the connection as usual. In addition, all TCP Initial Sequence + Numbers (ISNs) are used as cookies, allowing entries in the + cache to be dropped, but still have their corresponding ACKs + accepted later. The combination of the so-called + <quote>syncache</quote> and <quote>syncookies</quote> features + makes a host much more resistant to TCP-based Denial of Service attacks. Work on this feature was sponsored by DARPA and NAI Labs. &merged;</para> diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index b6f4ea0..b3dcb12 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -764,8 +764,12 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> outstanding, received SYN segments. Incoming SYN segments now cause entries to be placed in the cache until the TCP three-way handshake is complete, at which point, memory is allocated for - the connection as usual. This so-called - <quote>syncache</quote> makes a host much more resistant to + the connection as usual. In addition, all TCP Initial Sequence + Numbers (ISNs) are used as cookies, allowing entries in the + cache to be dropped, but still have their corresponding ACKs + accepted later. The combination of the so-called + <quote>syncache</quote> and <quote>syncookies</quote> features + makes a host much more resistant to TCP-based Denial of Service attacks. Work on this feature was sponsored by DARPA and NAI Labs. &merged;</para> |