summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>1998-11-29 14:12:15 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>1998-11-29 14:12:15 +0000
commitb488000e207e5256a37aed34ea0ae5b0cd76c615 (patch)
tree4b50ab704a9f0cc9faad40cefdb01370e8c9c69b /share
parent6df218f451f9894839d3e50f0c93ba2e9204ced1 (diff)
Document the TCPCOOKIE option.
Diffstat (limited to 'share')
-rw-r--r--share/man/man4/options.413
1 files changed, 12 insertions, 1 deletions
diff --git a/share/man/man4/options.4 b/share/man/man4/options.4
index 7d0d12d32e8..1b52686e564 100644
--- a/share/man/man4/options.4
+++ b/share/man/man4/options.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: options.4,v 1.24 1998/11/17 23:10:13 aaron Exp $
+.\" $OpenBSD: options.4,v 1.25 1998/11/29 14:12:14 angelos Exp $
.\" $NetBSD: options.4,v 1.21 1997/06/25 03:13:00 thorpej Exp $
.\"
.\" Copyright (c) 1998 Theo de Raadt
@@ -598,6 +598,17 @@ one segment has been dropped per window, the transmission can continue
without waiting for a retranmission timeout. This option cannot be used
together with
.Em TCP_SACK .
+.It Cd option TCPCOOKIE
+This causes the kernel to keep a list of "friendly" hosts, that is IP
+addresses that have been verified to exist. TCP connections from these
+addresses are allowed to proceed. Connections from other addresses
+trigger a mechanism for determining whether those are "friendly". The
+list of friendle addresses is controlled by the
+.Em TCK_NFRIENDS
+option, which is by default set to 16. Unfortunately, hosts behind a
+some stateful packet-filtering firewalls are unverifiable due to the
+nature of the mechanism and the filtering process, thus connections
+from such hosts are not allowed to proceed.
.It Cd option TCP_SACK
Turns on selective acknowledgements. Additional information about
segments already received can be transmitted back to the sender,