From 99f7e3c6dbb47cabf8e8c6d2c82aef0c888608e1 Mon Sep 17 00:00:00 2001
From: trhodes <trhodes@FreeBSD.org>
Date: Tue, 22 Jan 2008 18:35:23 +0000
Subject: Document net.inet.tcp.syncookies_only using a description taken from
 tcp_syncache.c revision 1.99 of andre's commit log.

PR:	107611
---
 share/man/man4/syncache.4 | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/share/man/man4/syncache.4 b/share/man/man4/syncache.4
index 5395a50..e878a4a 100644
--- a/share/man/man4/syncache.4
+++ b/share/man/man4/syncache.4
@@ -12,7 +12,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 18, 2007
+.Dd January 22, 2008
 .Dt SYNCACHE 4
 .Os
 .Sh NAME
@@ -24,6 +24,8 @@ MIBs for controlling TCP SYN caching
 .Bl -item -compact
 .It
 .Nm sysctl Cm net.inet.tcp.syncookies
+.It
+.Nm sysctl Cm net.inet.tcp.syncoockies_only
 .El
 .Pp
 .Bl -item -compact
@@ -98,6 +100,14 @@ an attacker to ACK flood a machine in an attempt to create a connection.
 While steps have been taken to mitigate this risk, this may provide a way
 to bypass firewalls which filter incoming segments with the SYN bit set.
 .Pp
+To disable the
+.Nm syncache
+and run only with
+.Nm syncookies ,
+set
+.Va net.inet.tcp.syncookies_only
+to 1.
+.Pp
 The
 .Nm
 implements a number of variables in
-- 
cgit v1.1