Re: [PATCH] Add IPv6 support to TCP SYN cookies

From: Evgeniy Polyakov
Date: Tue Feb 05 2008 - 15:40:19 EST

Next message: Pekka Paalanen: "[PATCH 4/4] x86 mmiotrace: move files into arch/x86/mm/"
Previous message: Harvey Harrison: "[PATCH 1/8] x86: fix sparse error in traps_32.c"
In reply to: Andi Kleen: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Next in thread: Andi Kleen: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 05, 2008 at 09:02:11PM +0100, Andi Kleen (andi@xxxxxxxxxxxxxx) wrote:
> On Tue, Feb 05, 2008 at 10:29:28AM -0800, Glenn Griffin wrote:
> > > Syncookies are discouraged these days. They disable too many
> > > valuable TCP features (window scaling, SACK) and even without them
> > > the kernel is usually strong enough to defend against syn floods
> > > and systems have much more memory than they used to be.
> > >
> > > So I don't think it makes much sense to add more code to it, sorry.

How does syncookies prevent windows from growing?
Most (if not all) distributions have them enabled and window growing
works just fine. Actually I do not see any reason why connection
establishment handshake should prevent any run-time operations at all,
even if it was setup during handshake.

--
Evgeniy Polyakov
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pekka Paalanen: "[PATCH 4/4] x86 mmiotrace: move files into arch/x86/mm/"
Previous message: Harvey Harrison: "[PATCH 1/8] x86: fix sparse error in traps_32.c"
In reply to: Andi Kleen: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Next in thread: Andi Kleen: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]