[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: enable tcp_syncookies by default?

On Thu, Jan 13, 2005 at 07:31:58PM +0100, Iago Rubio wrote:
> [quote]
> syncookies seriously violate TCP protocol, do not allow	to use TCP
> extensions, can result in serious degradation of some services (f.e.
> SMTP relaying), visible not by you, but your clients and relays,
> contacting you.
> [/quote]

The protocol violation claim is IMHO garbage. Most of the reason syn cookies
are not used under high load by default is because they were invented by
Dan Bernstein.

The extensions are problematic but this kicks in mostly at the point where
things are not working full stop.

There are some things it does confuse a little - programs expecting that
the server will intentionally ignore and not make connections when busy
for example.

> 2.- You can't use extensions as T/TCP with syncookies.

T/TCP is an experiment that is dead, it also violates the TCP specification
and turned out to have security issues. So T/TCP is dead. OTOH under load
you do lose SACK, FACK, PAWS, large windows and some other really useful

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]