Re: [PATCH] Add IPv6 support to TCP SYN cookies

From: Alan Cox
Date: Tue Feb 05 2008 - 16:28:38 EST

Next message: Alan Cox: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Previous message: Jesper Juhl: "Re: [linux-pm] Re: Small pm documentation cleanups"
In reply to: Evgeniy Polyakov: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Next in thread: Evgeniy Polyakov: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> How does syncookies prevent windows from growing?

Enabling them doesn't.

> Most (if not all) distributions have them enabled and window growing
> works just fine. Actually I do not see any reason why connection
> establishment handshake should prevent any run-time operations at all,
> even if it was setup during handshake.

Syncookies are only triggered if the system is under a load where it
would begin to lose connections otherwise. So they merely turn a DoS into
a working if slightly slower setup (and > 64K windows don't matter for
most normal users, especially on mobile devices).

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Previous message: Jesper Juhl: "Re: [linux-pm] Re: Small pm documentation cleanups"
In reply to: Evgeniy Polyakov: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Next in thread: Evgeniy Polyakov: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]