Limit Challenge ACK Rate

Onload User Guide (UG1586)

Document ID
UG1586
Release Date
2023-07-31
Revision
1.2 English

The per-stack environment variable, EF_CHALLENGE_ACK_RATELIMIT enables Onload support for the Linux tcp_challenge_ack_limit where the aim is to limit the number of Challenge ACKs sent per second when mitigating against a TCP blind window attack.

The default rate is that from /proc/sys/net/ipv4/tcp_challenge_ack_limit.