UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

ipvs: secure_tcp does provide alternate state timeouts 

Also reword the test to make it read more easily (to me)

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Simon Horman 2011-09-29 16:14:51 +09:00 committed by Pablo Neira Ayuso
parent b6338b55bd
commit 325aadc848
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Documentation/networking/ipvs-sysctl.txt
View File

@ -140,13 +140,11 @@ nat_icmp_send - BOOLEAN
secure_tcp - INTEGER secure_tcp - INTEGER
0 - disabled (default) 0 - disabled (default)
The secure_tcp defense is to use a more complicated state The secure_tcp defense is to use a more complicated TCP state
transition table and some possible short timeouts of each transition table. For VS/NAT, it also delays entering the
state. In the VS/NAT, it delays the entering the ESTABLISHED TCP ESTABLISHED state until the three way handshake is completed.
until the real server starts to send data and ACK packet
(after 3-way handshake).
The value definition is the same as that of drop_entry or The value definition is the same as that of drop_entry and
drop_packet. drop_packet.
sync_threshold - INTEGER sync_threshold - INTEGER