Document net.inet.tcp.syncookies_only using a description taken from

tcp_syncache.c revision 1.99 of andre's commit log. PR: 107611
2008-01-22 18:35:23 +00:00 · 2008-01-22 18:35:23 +00:00 · 771553b905
commit 771553b905
parent a1435ad491
1 changed files with 11 additions and 1 deletions
--- a/share/man/man4/syncache.4
+++ b/share/man/man4/syncache.4
@ -12,7 +12,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 18, 2007
+.Dd January 22, 2008
 .Dt SYNCACHE 4
 .Os
 .Sh NAME
@ -24,6 +24,8 @@ MIBs for controlling TCP SYN caching
 .Bl -item -compact
 .It
 .Nm sysctl Cm net.inet.tcp.syncookies
+.It
+.Nm sysctl Cm net.inet.tcp.syncoockies_only
 .El
 .Pp
 .Bl -item -compact
@ -98,6 +100,14 @@ an attacker to ACK flood a machine in an attempt to create a connection.
 While steps have been taken to mitigate this risk, this may provide a way
 to bypass firewalls which filter incoming segments with the SYN bit set.
 .Pp
+To disable the
+.Nm syncache
+and run only with
+.Nm syncookies ,
+set
+.Va net.inet.tcp.syncookies_only
+to 1.
+.Pp
 The
 .Nm
 implements a number of variables in