Re: TCP_SYNCOOKIES - Negative impact(s) when enabled?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

thank very much guys! That's exactly what i was searching for!
After reading different changelogs (mostly 2.6.36) it seems as if a lot of work is/was going into this feature.
So even if kernel documentation ("ip-sysctl.txt") states syncookies as a "fallback facility" and that it "seriously violates TCP protocol" it's now enabled by default since v2.6.33.
Does that say kernel developers do "trust" into it now whithout any negative impact on highly loaded systems? 

kind regards - Philipp


Am 16.11.2010 13:14, schrieb Pascal Hambourg:

Philipp Herz - Profihost AG a écrit :


Since what kernel version this should be fixed? Is it affected to IPv4
and IPv6 or only IPv4?


=== ChangeLog-2.6.26 ===

commit 4dfc2817025965a2fc78a18c50f540736a6b5c24
Author: Florian Westphal<fw@xxxxxxxxx>
Date:   Thu Apr 10 03:12:40 2008 -0700

     [Syncookies]: Add support for TCP options via timestamps.

     Allow the use of SACK and window scaling when syncookies are used
     and the client supports tcp timestamps. Options are encoded into
     the timestamp sent in the syn-ack and restored from the timestamp
     echo when the ack is received.

(side note : the feature was broken in 2.6.27 and restored in 2.6.28)

commit c6aefafb7ec620911d46174eed514f9df639e5a4
Author: Glenn Griffin<ggriffin.kernel@xxxxxxxxx>
Date:   Thu Feb 7 21:49:26 2008 -0800

     [TCP]: Add IPv6 support to TCP SYN cookies

=== ChangeLog-2.6.33 ===

commit e994b7c901ded7200b525a707c6da71f2cf6d4bb
Author: David S. Miller<davem@xxxxxxxxxxxxx>
Date:   Sat Nov 21 11:22:25 2009 -0800

     tcp: Don't make syn cookies initial setting depend on CONFIG_SYSCTL

     That's extremely non-intuitive, noticed by William Allen Simpson.

     And let's make the default be on, it's been suggested by a lot of
     people so we'll give it a try.

=== ChangeLog-2.6.36 ===

commit 172d69e63c7f1e8300d0e1c1bbd8eb0f630faa15
Author: Florian Westphal<fw@xxxxxxxxx>
Date:   Mon Jun 21 11:48:45 2010 +0000

     syncookies: add support for ECN

     Allows use of ECN when syncookies are in effect by encoding ecn_ok
     into the syn-ack tcp timestamp.

--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux