extensions: SYNPROXY: should not be needed anymore on current kernels

SYN packets do not require taking the listener socket lock anymore as of 4.4 kernel, i.e. this target should not be needed anymore. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2019-05-03 12:35:38 +0200
committer: Florian Westphal <fw@strlen.de> 2019-05-08 16:33:27 +0200
commit: 10f1d8d3ba0394a8b5669013596190ea2ff38030 (patch)
tree: 3e8fb743b34f6ccd9e7b32577347c997b4d4d2c8
parent: 2ae1099a42e6a0f06de305ca13a842ac83d4683e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/extensions/libxt_SYNPROXY.man b/extensions/libxt_SYNPROXY.man
index 25325fc2..30a71ed2 100644
--- a/extensions/libxt_SYNPROXY.man
+++ b/extensions/libxt_SYNPROXY.man
@@ -1,6 +1,8 @@
 This target will process TCP three-way-handshake parallel in netfilter
 context to protect either local or backend system. This target requires
 connection tracking because sequence numbers need to be translated.
+The kernels ability to absorb SYNFLOOD was greatly improved starting with
+Linux 4.4, so this target should not be needed anymore to protect Linux servers.
 .TP
 \fB\-\-mss\fP \fImaximum segment size\fP
 Maximum segment size announced to clients. This must match the backend.
author	Florian Westphal <fw@strlen.de>	2019-05-03 12:35:38 +0200
committer	Florian Westphal <fw@strlen.de>	2019-05-08 16:33:27 +0200
commit	10f1d8d3ba0394a8b5669013596190ea2ff38030 (patch)
tree	3e8fb743b34f6ccd9e7b32577347c997b4d4d2c8
parent	2ae1099a42e6a0f06de305ca13a842ac83d4683e (diff)