parameters tcp_retries2

A UNIX Parameter
$cat /proc/sys/net/ipv4/tcp_retries2
15
$

Parameter Definition
How  many  times  to   retry  before  killing  alive  TCP
connection. RFC1122 says that  the limit should be longer
than 100 sec.  It is too small number.  The default value
of 15 corresponds to ~ 13 - 30 minutes, depending on RTO.

Parameter Code Internals


snippet 1
{
.procname = "tcp_retries2",
.data = &sysctl_tcp_retries2,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec
},

snippet 2
if (retransmits_timed_out(sk, sysctl_tcp_retries1, 0, 0)) {
/* Black hole detection */
tcp_mtu_probing(icsk, sk);

dst_negative_advice(sk);
}

retry_until = sysctl_tcp_retries2;
if (sock_flag(sk, SOCK_DEAD)) {
const int alive = (icsk->icsk_rto < TCP_RTO_MAX);

retry_until = tcp_orphan_retries(sk, alive);
do_reset = alive ||
!retransmits_timed_out(sk, retry_until, 0, 0);

if (tcp_out_of_resources(sk, do_reset))
return 1;
}


Related From Research Paper
A tool  for TCP  stack testing and  TCP/IP fingerprinting
(a.k.a.   OS  detection)   is  introduced.   While  tools
presently exist  to do either  OS detection[1, 2]  or TCP
stack testing[3, 4], the  methods they employ are limited
by  the  techniques  and  analysis  performed,  sometimes
resulting in incorrect re- sults or no results at all. We
introduce   synscan,  a  tool   whose  objective   is  to
fingerprint     every      aspect     of     a     TCP/IP
implementation.    synscan   is    not    meant   as    a
proof-of-concept tool; rather, it  is a robust and useful
tool which can  be used in addition to  others for TCP/IP
stack  testing and OS  de- tection.  synscan incorporates
most  of the  techiques used  by the  existing  tools and
introduces  a number  of new  ones.  synscan's  s primary
advantage is that each test begins with a TCP SYN segment
(hence the name)  to an open port, giving  it the ability
to   test  and  fingerprint   even  the   most  fortified
hosts. Conclusive data from  large network scans and com-
parisons  to   results  from  existing   tools  are  also
reported.

source:
SYNSCAN: Towards Complete TCP/IP Fingerprinting
                       Greg Taleck
                    
                    NFR Security, Inc.
               5 Choke Cherry Rd, Suite 200
                   Rockville, MD 20850




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s