Configuring tcp optional parameters – H3C Technologies H3C S5120 Series Switches User Manual
Page 218
1-4
z
With the protection against Naptha attack enabled, the device will periodically check and record the
number of TCP connections in each state.
z
With the protection against Naptha attack enabled, if the device detects that the number of TCP
connections in a state exceeds the maximum number, the device will consider that as Naptha
attacks and accelerate the aging of these TCP connections. The device will not stop accelerating
the aging of TCP connections until the number of TCP connections in the state is less than 80% of
the maximum number.
Configuring TCP Optional Parameters
TCP optional parameters that can be configured include:
z
synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packet is
received within the synwait timer interval, the TCP connection cannot be created.
z
finwait timer: When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer is
started. If no FIN packets is received within the timer interval, the TCP connection will be
terminated. If a FIN packet is received, the TCP connection state changes to TIME_WAIT. If a
non-FIN packet is received, the system restarts the timer upon receiving the last non-FIN packet.
The connection is broken after the timer expires.
z
Size of TCP receive/send buffer
Follow these steps to configure TCP optional parameters:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure the TCP synwait
timer
tcp timer syn-timeout
time-value
Optional
75 seconds by default.
Configure the TCP finwait timer
tcp timer fin-timeout
time-value
Optional
675 seconds by default.
Configure the size of TCP
receive/send buffer
tcp window window-size
Optional
8 KB by default.
The actual length of the finwait timer is determined by the following formula:
Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the
synwait timer