Enabling syncookies in /proc not working

Question

I'm trying to enable syncookies by echoing '1' in de /proc file like this:

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

(I also tried it with quotes, without whitespace "1>/proc...")

However after running this command, there is still a '0' in the file...

root# cat /proc/sys/net/ipv4/tcp_syncookies 
0

enter image description here

Changing other /proc files causes no problems.

Shell version:

4.3.30(1)-release

Distro:

Debian GNU/Linux jessie/sid

root:~# uname -a
Linux xxxxx 2.6.32-29-pve #1 SMP Thu Apr 24 10:03:02 CEST 2014 x86_64 GNU/Linux

What is causing this? I get no error message and have sudo (root) rights.

The command was the one above in the post. Echoing that "1" in de proc file. — Sam Hendrickx, Dec 22 '14 at 18:18
Yes, also when I try to edit other proc files, that works perfectly. — Sam Hendrickx, Dec 22 '14 at 19:42
loging as root and use your previous command "sudo su -" and after this "echo 1 > /proc/sys/net/ipv4/tcp_syncookies" — c4f4t0r, Dec 22 '14 at 19:54
I'm already logged in as root. But just to make sure I just tried it by first doing "sudo su -" and still the same. — Sam Hendrickx, Dec 22 '14 at 19:57
have you tried without double quote, because you need to write an integer, using double quotes you are writing an string. — c4f4t0r, Dec 22 '14 at 22:07
You need to update your question with the exact kernel version you are using. Otherwise we would not be able to reproduce the problem. Also you need to tell us what shell you are using. In bash using `echo 1 >` works, but `echo 1>` does not work. Without knowing which shell it is, we couldn't point exactly what subtleties there might be. It is also possible something else is changing the setting between echo and your cat commands. You could try executing both from the same command line to see if that makes any difference. — kasperd, Dec 22 '14 at 23:27
Updated the post with shell and distro version. Also when I change other /proc files, this works perfect. — Sam Hendrickx, Dec 23 '14 at 08:30
Contains the following: `device eth0 entered promiscuous mode - device eth0 left promiscuous mode ...` — Sam Hendrickx, Dec 23 '14 at 08:53

score 1 · Answer 1 · answered Dec 22 '14 at 22:45

1

The only thing I could think of now is that your kernel was not compiled with the option CONFIG_SYN_COOKIES, because the default value of tcp_syncookies is 1. Try to check this option.

Else try to use sysctl (sysctl -w net.ipv4.tcp_syncookies=1).

answered Dec 22 '14 at 22:45

Zimmi

1,071
7
11

When executing that command, I get the following output: `net.ipv4.tcp_syncookies = 1`. But when I cat the /proc file, there still is a zero in it... – Sam Hendrickx Dec 23 '14 at 08:33
@chiodos And what about the CONFIG_SYN_COOKIES ? – Zimmi Dec 23 '14 at 09:17
How can I check this? – Sam Hendrickx Dec 23 '14 at 09:29
Hum... Ok depends on you kernel/distro (you should provide the output of `uname -a` instead of just distro name). Usually you can find kernel compile options in /proc/config.gz or in /boot/config-kernel-version: `zgrep COOKIES /proc/config.gz` – Zimmi Dec 23 '14 at 09:35
Updated post. None of these two files exists – Sam Hendrickx Dec 23 '14 at 09:39
Then I can't help you more. Just a bit strange that you use a debian sid with a squeeze kernel... – Zimmi Dec 23 '14 at 10:12

Enabling syncookies in /proc not working

1 Answers1