Skip to content

Home

Jump to bottom
Alexander Polakov edited this page Nov 29, 2016 · 6 revisions

Welcome to the syncookied wiki!

Frequently asked questions

Syncookied fails to compile. What to do?

If you're seeing something like this:

error: #[feature] may not be used on the stable release channel

it means you're using stable rust compiler. Currently nightly branch is required. Use the command below to install it:

curl -sSf https://static.rust-lang.org/rustup.sh | sh -s -- --channel=nightly

I get TCP resets! What to do?

Here's a checklist for you:

On protected server:

  • make sure tcpsecrets module is loaded:

    # lsmod|grep tcpse
    tcpsecrets 16384 0

  • make sure dmesg does NOT contain any of these messages:

    tcp_secrets: can't find cookie_v4_check function!

    tcp_secrets: can't find syncookie secret!

  • in sysctl:

    • net.ipv4.tcp_timestamps = 1
    • net.ipv4.tcp_window_scaling = 1
    • net.ipv4.tcp_syncookies = 2

  • make sure syncookied server is running

  • make sure you're not using any NAT or forward (packet modifying) rules in iptables for protected IPs

On firewall:

  • make sure syncookied server is accessible, for example: echo YO | nc -u 1.2.3.4 1488 should report the contents of /proc/tcp_secrets file)

I'm getting Invalid instruction

Your CPU doesn't support AVX instruction set. Use cargo build --features=sse3 --no-default-features --release to build with SSE3.

Clone this wiki locally