[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: enable tcp_syncookies by default?



On Thu, 13 Jan 2005 18:36:19 +0200, Oskari Saarenmaa <os sumu org> wrote:
> Note that syncookies are not used until the synqueue is full, so unless the
> server is under attack everything proceeds just as it would with syncookies
> turned off.  They are only enabled when the queue fills up, and in that case
> spending a bit more (I don't have any numbers on this) CPU time should be
> favourable to not being able to answer incoming requests.

Seems reasonable to me. I asked just as a clarification. If your
explanation as to when in the process the syncookies have to be dealt
with is correct... then the performance tradeoff is a non-issue. Other
post(s) have implied there is a cpu hit during non-attacked
situations, but if thre isn't then there isnt a concern here.
 
-jef


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]