diff options
| author | Simon Horman <horms@verge.net.au> | 2011-09-29 03:14:51 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-11-01 04:19:41 -0400 |
| commit | 325aadc8483e4fc3bbd4acfa7e471e3a032bc941 (patch) | |
| tree | e62a383de40b720412f09dbdf4394660d17bd609 /Documentation | |
| parent | b6338b55bd2e7c51a46b23150695d821ae6626d8 (diff) | |
ipvs: secure_tcp does provide alternate state timeouts
Also reword the test to make it read more easily (to me)
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/networking/ipvs-sysctl.txt | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt index 1dcdd49594c4..13610e3bcf92 100644 --- a/Documentation/networking/ipvs-sysctl.txt +++ b/Documentation/networking/ipvs-sysctl.txt | |||
| @@ -140,13 +140,11 @@ nat_icmp_send - BOOLEAN | |||
| 140 | secure_tcp - INTEGER | 140 | secure_tcp - INTEGER |
| 141 | 0 - disabled (default) | 141 | 0 - disabled (default) |
| 142 | 142 | ||
| 143 | The secure_tcp defense is to use a more complicated state | 143 | The secure_tcp defense is to use a more complicated TCP state |
| 144 | transition table and some possible short timeouts of each | 144 | transition table. For VS/NAT, it also delays entering the |
| 145 | state. In the VS/NAT, it delays the entering the ESTABLISHED | 145 | TCP ESTABLISHED state until the three way handshake is completed. |
| 146 | until the real server starts to send data and ACK packet | ||
| 147 | (after 3-way handshake). | ||
| 148 | 146 | ||
| 149 | The value definition is the same as that of drop_entry or | 147 | The value definition is the same as that of drop_entry and |
| 150 | drop_packet. | 148 | drop_packet. |
| 151 | 149 | ||
| 152 | sync_threshold - INTEGER | 150 | sync_threshold - INTEGER |