Commit 325aadc8 authored by Simon Horman's avatar Simon Horman Committed by Pablo Neira Ayuso

ipvs: secure_tcp does provide alternate state timeouts

Also reword the test to make it read more easily (to me)
Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent b6338b55
...@@ -140,13 +140,11 @@ nat_icmp_send - BOOLEAN ...@@ -140,13 +140,11 @@ nat_icmp_send - BOOLEAN
secure_tcp - INTEGER secure_tcp - INTEGER
0 - disabled (default) 0 - disabled (default)
The secure_tcp defense is to use a more complicated state The secure_tcp defense is to use a more complicated TCP state
transition table and some possible short timeouts of each transition table. For VS/NAT, it also delays entering the
state. In the VS/NAT, it delays the entering the ESTABLISHED TCP ESTABLISHED state until the three way handshake is completed.
until the real server starts to send data and ACK packet
(after 3-way handshake).
The value definition is the same as that of drop_entry or The value definition is the same as that of drop_entry and
drop_packet. drop_packet.
sync_threshold - INTEGER sync_threshold - INTEGER
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment