Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 325aadc8 authored by Simon Horman's avatar Simon Horman Committed by Pablo Neira Ayuso
Browse files

ipvs: secure_tcp does provide alternate state timeouts 



Also reword the test to make it read more easily (to me)

Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent b6338b55

Documentation/networking/ipvs-sysctl.txt

+4 −6
Original line number Original line Diff line number Diff line
@@ -140,13 +140,11 @@ nat_icmp_send - BOOLEAN 
secure_tcp - INTEGER

secure_tcp - INTEGER

        0  - disabled (default)

        0  - disabled (default)





        The secure_tcp defense is to use a more complicated state

	The secure_tcp defense is to use a more complicated TCP state

        transition table and some possible short timeouts of each

	transition table. For VS/NAT, it also delays entering the

        state. In the VS/NAT, it delays the entering the ESTABLISHED

	TCP ESTABLISHED state until the three way handshake is completed.

        until the real server starts to send data and ACK packet

        (after 3-way handshake).





        The value definition is the same as that of drop_entry or

        The value definition is the same as that of drop_entry and

        drop_packet.

        drop_packet.





sync_threshold - INTEGER

sync_threshold - INTEGER