- The server must simply set the TCP_FASTOPEN flag using setsockopt() on the listening socket (note . On linux the qlen value passed in to the function limits the number of outstanding TFO requests as a simple defense against IP spoofing attacks (see RFC7413).
- Note on OS X the socket MUST be listening already for this flag to be set, and the qlen MUST be 1
- (the actual value is set via the net.inet.tcp.fastopen_backlog kernel parameter.
- On linux this call can be done after bind() is called.
The kernel parameter net.ipv4.tcp_fastopen controls TFO and since 4.1 has been set to 1 by default. This enables client mode but not server mode. To act in pure server mode set the integer value to 2. To enable both client and server mode, set it to 3, for example:
sysctl -w net.ipv4.tcp_fastopen=2