Re: enable tcp_syncookies by default?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 13, 2005 at 07:31:58PM +0100, Iago Rubio wrote:
> [quote]
> syncookies seriously violate TCP protocol, do not allow	to use TCP
> extensions, can result in serious degradation of some services (f.e.
> SMTP relaying), visible not by you, but your clients and relays,
> contacting you.
> [/quote]

The protocol violation claim is IMHO garbage. Most of the reason syn cookies
are not used under high load by default is because they were invented by
Dan Bernstein.

The extensions are problematic but this kicks in mostly at the point where
things are not working full stop.

There are some things it does confuse a little - programs expecting that
the server will intentionally ignore and not make connections when busy
for example.

> 2.- You can't use extensions as T/TCP with syncookies.

T/TCP is an experiment that is dead, it also violates the TCP specification
and turned out to have security issues. So T/TCP is dead. OTOH under load
you do lose SACK, FACK, PAWS, large windows and some other really useful
features.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux