tcp_syncookies.
\nSend out syncookies when the syn backlog queue of a socket overflows. This is to prevent against the common “syn flood attack”. Disabled (0) by default.<\/p>\n
\n:--:cat \/proc\/sys\/net\/ipv4\/tcp_syncookies\n0\n:--:\n<\/pre>\n\nadded from linux kernel source.\n\/*\n160 * Generate a syncookie. mssp points to the mss, which is returned\n161 * rounded down to the value encoded in the cookie.\n162 *\/\n163 __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)\n164 {\n165 const struct iphdr *iph = ip_hdr(skb);\n166 const struct tcphdr *th = tcp_hdr(skb);\n167 int mssind;\n168 const __u16 mss = *mssp;\n169\n170 tcp_synq_overflow(sk);\n171\n172 \/* XXX sort msstab[] by probability? Binary search? *\/\n173 for (mssind = 0; mss > msstab[mssind + 1]; mssind++)\n174 ;\n175 *mssp = msstab[mssind] + 1;\n176\n177 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);\n178\n179 return secure_tcp_syn_cookie(iph->saddr, iph->daddr,\n180 th->source, th->dest, ntohl(th->seq),\n181 jiffies \/ (HZ * 60), mssind);\n182 }\n<\/pre>\n","protected":false},"excerpt":{"rendered":"tcp_syncookies. Send out syncookies when the syn backlog queue of a socket overflows. This is to prevent against the common “syn flood attack”. Disabled (0) by default. :–:cat \/proc\/sys\/net\/ipv4\/tcp_syncookies 0 :–: added from linux kernel source. \/* 160 * Generate a syncookie. mssp points to the mss, which is returned 161 * rounded down to … <\/p>\n