A UNIX Parameter
$cat /proc/sys/net/ipv4/tcp_retries2 15 $
Parameter Definition
How many times to retry before killing alive TCP connection. RFC1122 says that the limit should be longer than 100 sec. It is too small number. The default value of 15 corresponds to ~ 13 - 30 minutes, depending on RTO.
Parameter Code Internals
snippet 1
{
.procname = "tcp_retries2",
.data = &sysctl_tcp_retries2,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec
},
snippet 2
if (retransmits_timed_out(sk, sysctl_tcp_retries1, 0, 0)) {
/* Black hole detection */
tcp_mtu_probing(icsk, sk);
dst_negative_advice(sk);
}
retry_until = sysctl_tcp_retries2;
if (sock_flag(sk, SOCK_DEAD)) {
const int alive = (icsk->icsk_rto < TCP_RTO_MAX);
retry_until = tcp_orphan_retries(sk, alive);
do_reset = alive ||
!retransmits_timed_out(sk, retry_until, 0, 0);
if (tcp_out_of_resources(sk, do_reset))
return 1;
}
Related From Research Paper
A tool for TCP stack testing and TCP/IP fingerprinting (a.k.a. OS detection) is introduced. While tools presently exist to do either OS detection[1, 2] or TCP stack testing[3, 4], the methods they employ are limited by the techniques and analysis performed, sometimes resulting in incorrect re- sults or no results at all. We introduce synscan, a tool whose objective is to fingerprint every aspect of a TCP/IP implementation. synscan is not meant as a proof-of-concept tool; rather, it is a robust and useful tool which can be used in addition to others for TCP/IP stack testing and OS de- tection. synscan incorporates most of the techiques used by the existing tools and introduces a number of new ones. synscan's s primary advantage is that each test begins with a TCP SYN segment (hence the name) to an open port, giving it the ability to test and fingerprint even the most fortified hosts. Conclusive data from large network scans and com- parisons to results from existing tools are also reported. source: SYNSCAN: Towards Complete TCP/IP Fingerprinting Greg Taleck NFR Security, Inc. 5 Choke Cherry Rd, Suite 200 Rockville, MD 20850