summaryrefslogtreecommitdiff
path: root/Documentation/networking/ip-sysctl.rst
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/networking/ip-sysctl.rst')
-rw-r--r--Documentation/networking/ip-sysctl.rst5
1 files changed, 4 insertions, 1 deletions
diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
index 56cd4ea059b2..a759872a2883 100644
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -1035,7 +1035,10 @@ tcp_limit_output_bytes - INTEGER
tcp_challenge_ack_limit - INTEGER
Limits number of Challenge ACK sent per second, as recommended
in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
- Default: 1000
+ Note that this per netns rate limit can allow some side channel
+ attacks and probably should not be enabled.
+ TCP stack implements per TCP socket limits anyway.
+ Default: INT_MAX (unlimited)
UDP variables
=============
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-05 17:38:41 +0000