syncache.4 - OpenGrok cross reference for /freebsd/share/man/man4/syncache.4

Deleted Added

sdiffudifftextold (246e7a2b..)new (cb8d7c44..)

syncache.4 (246e7a2b6494cd991b08ac669ed761ecea0cc98c)	syncache.4 (cb8d7c44d6acd4f7f6be7f8b762315260f70d896)
1.\" 2.\" syncache - TCP SYN caching to handle SYN flood DoS. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" $FreeBSD$ 14.\"	1.\" 2.\" syncache - TCP SYN caching to handle SYN flood DoS. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" $FreeBSD$ 14.\"
15.Dd January 22, 2008	15.Dd April 12, 2021
16.Dt SYNCACHE 4 17.Os 18.Sh NAME 19.Nm syncache , syncookies 20.Nd 21.Xr sysctl 8 22MIBs for controlling TCP SYN caching 23.Sh SYNOPSIS --- 10 unchanged lines hidden (view full) --- 34.It 35.Nm sysctl Cm net.inet.tcp.syncache.bucketlimit 36.It 37.Nm sysctl Cm net.inet.tcp.syncache.cachelimit 38.It 39.Nm sysctl Cm net.inet.tcp.syncache.rexmtlimit 40.It 41.Nm sysctl Cm net.inet.tcp.syncache.count	16.Dt SYNCACHE 4 17.Os 18.Sh NAME 19.Nm syncache , syncookies 20.Nd 21.Xr sysctl 8 22MIBs for controlling TCP SYN caching 23.Sh SYNOPSIS --- 10 unchanged lines hidden (view full) --- 34.It 35.Nm sysctl Cm net.inet.tcp.syncache.bucketlimit 36.It 37.Nm sysctl Cm net.inet.tcp.syncache.cachelimit 38.It 39.Nm sysctl Cm net.inet.tcp.syncache.rexmtlimit 40.It 41.Nm sysctl Cm net.inet.tcp.syncache.count
	42.It 43.Nm sysctl Cm net.inet.tcp.syncache.see_other
42.El 43.Sh DESCRIPTION 44The 45.Nm 46.Xr sysctl 8 47MIB is used to control the TCP SYN caching in the system, which 48is intended to handle SYN flood Denial of Service attacks. 49.Pp --- 95 unchanged lines hidden (view full) --- 145The default of 3 retransmits corresponds to a 45 second timeout, this value 146may be increased depending on the RTT to client machines. 147Tunable via 148.Xr sysctl 3 . 149.It Va count 150Number of entries present in the 151.Nm 152(read-only).	44.El 45.Sh DESCRIPTION 46The 47.Nm 48.Xr sysctl 8 49MIB is used to control the TCP SYN caching in the system, which 50is intended to handle SYN flood Denial of Service attacks. 51.Pp --- 95 unchanged lines hidden (view full) --- 147The default of 3 retransmits corresponds to a 45 second timeout, this value 148may be increased depending on the RTT to client machines. 149Tunable via 150.Xr sysctl 3 . 151.It Va count 152Number of entries present in the 153.Nm 154(read-only).
	155.It Va see_other 156If set to true value, all 157.Nm 158entries will be visible via 159.Va net.inet.tcp.pcblist 160sysctl, or via 161.Xr netstat 1 , 162ignoring all of 163.Xr security 7 164UID/GID, 165.Xr jail 2 166and 167.Xr mac 4 168checks. 169If turned off, the visibility checks are enforced. 170However, extra 171.Xr ucred 9 172referencing is required on every incoming SYN packet processed. 173The default is off.
153.El 154.Pp 155Statistics on the performance of the 156.Nm 157may be obtained via 158.Xr netstat 1 , 159which provides the following counts: 160.Bl -tag -width ".Li cookies received" --- 26 unchanged lines hidden (view full) --- 187Failures to allocate new 188.Nm 189entry. 190.It Li "cookies received" 191Connections created from segment containing ACK. 192.El 193.Sh SEE ALSO 194.Xr netstat 1 ,	174.El 175.Pp 176Statistics on the performance of the 177.Nm 178may be obtained via 179.Xr netstat 1 , 180which provides the following counts: 181.Bl -tag -width ".Li cookies received" --- 26 unchanged lines hidden (view full) --- 208Failures to allocate new 209.Nm 210entry. 211.It Li "cookies received" 212Connections created from segment containing ACK. 213.El 214.Sh SEE ALSO 215.Xr netstat 1 ,
	216.Xr jail 2 , 217.Xr mac ,
195.Xr tcp 4 ,	218.Xr tcp 4 ,
	219.Xr security 7,
196.Xr loader 8 ,	220.Xr loader 8 ,
197.Xr sysctl 8	221.Xr sysctl 8 , 222.Xr ucred 9
198.Sh HISTORY 199The existing 200.Nm 201implementation 202first appeared in 203.Fx 4.5 . 204The original concept of a 205.Nm 206originally appeared in 207.Bsx , 208and was later modified by 209.Nx , 210then further extended here. 211.Sh AUTHORS 212The 213.Nm 214code and manual page were written by 215.An Jonathan Lemon Aq Mt jlemon@FreeBSD.org .	223.Sh HISTORY 224The existing 225.Nm 226implementation 227first appeared in 228.Fx 4.5 . 229The original concept of a 230.Nm 231originally appeared in 232.Bsx , 233and was later modified by 234.Nx , 235then further extended here. 236.Sh AUTHORS 237The 238.Nm 239code and manual page were written by 240.An Jonathan Lemon Aq Mt jlemon@FreeBSD.org .