On Thu, 13 Jan 2005 18:36:19 +0200, Oskari Saarenmaa <os@xxxxxxxx> wrote: > Note that syncookies are not used until the synqueue is full, so unless the > server is under attack everything proceeds just as it would with syncookies > turned off. They are only enabled when the queue fills up, and in that case > spending a bit more (I don't have any numbers on this) CPU time should be > favourable to not being able to answer incoming requests. Seems reasonable to me. I asked just as a clarification. If your explanation as to when in the process the syncookies have to be dealt with is correct... then the performance tradeoff is a non-issue. Other post(s) have implied there is a cpu hit during non-attacked situations, but if thre isn't then there isnt a concern here. -jef
