Pablo,
Thank you for clearing that aspect! I now understand why not always do i
get an error...
However the following two points still have me confused..
a.) If I enable syn cookies, shouldnt it stop completely the SYN RECV
state connections in my netstat? Because i still do get them a lot. In
fact my tests reveal that with or without syn cookies the maximum
connections in SYN RECV always reach 256 and then no more connections
are allowed.
b.) I tried disabling iptables all together (thus no conntrack) and I
still saw 100% packetloss , iam sure iamnot hitting a cpu or link limit
because previously i hit a 100k pps 50mbits, and now iam doing half that
for testing and still using syncookies. Why would i still be lossing
packets?
Thanks
Alex
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
