[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: enable tcp_syncookies by default?

From: Jeff Spaleta <jspaleta gmail com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: enable tcp_syncookies by default?
Date: Thu, 13 Jan 2005 11:59:27 -0500

On Thu, 13 Jan 2005 18:36:19 +0200, Oskari Saarenmaa <os sumu org> wrote:
> Note that syncookies are not used until the synqueue is full, so unless the
> server is under attack everything proceeds just as it would with syncookies
> turned off.  They are only enabled when the queue fills up, and in that case
> spending a bit more (I don't have any numbers on this) CPU time should be
> favourable to not being able to answer incoming requests.

Seems reasonable to me. I asked just as a clarification. If your
explanation as to when in the process the syncookies have to be dealt
with is correct... then the performance tradeoff is a non-issue. Other
post(s) have implied there is a cpu hit during non-attacked
situations, but if thre isn't then there isnt a concern here.

-jef

Follow-Ups:
- Re: enable tcp_syncookies by default?
  - From: Iago Rubio

References:
- enable tcp_syncookies by default?
  - From: Marius Andreiana
- Re: enable tcp_syncookies by default?
  - From: Jeff Spaleta
- Re: enable tcp_syncookies by default?
  - From: Oskari Saarenmaa

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]