LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Andi Kleen <andi@firstfloor.org>
To: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Cc: Andi Kleen <andi@firstfloor.org>,
	Glenn Griffin <ggriffin.kernel@gmail.com>,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Add IPv6 support to TCP SYN cookies
Date: Tue, 5 Feb 2008 21:53:45 +0100	[thread overview]
Message-ID: <20080205205345.GA20920@basil.nowhere.org> (raw)
In-Reply-To: <20080205203911.GA9891@2ka.mipt.ru>

On Tue, Feb 05, 2008 at 11:39:11PM +0300, Evgeniy Polyakov wrote:
> On Tue, Feb 05, 2008 at 09:02:11PM +0100, Andi Kleen (andi@firstfloor.org) wrote:
> > On Tue, Feb 05, 2008 at 10:29:28AM -0800, Glenn Griffin wrote:
> > > > Syncookies are discouraged these days. They disable too many
> > > > valuable TCP features (window scaling, SACK) and even without them
> > > > the kernel is usually strong enough to defend against syn floods
> > > > and systems have much more memory than they used to be.
> > > >
> > > > So I don't think it makes much sense to add more code to it, sorry.
> 
> How does syncookies prevent windows from growing?

Syncookies do not allow window scaling so you can't have any windows >64k

> Most (if not all) distributions have them enabled and window growing
> works just fine. Actually I do not see any reason why connection
> establishment handshake should prevent any run-time operations at all,
> even if it was setup during handshake.

TCP only uses options negotiated during the hand shake and syncookies
is incapable to do this.

-Andi

  reply	other threads:[~2008-02-05 20:54 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-04 23:01 Glenn Griffin
2008-02-05 15:55 ` Andi Kleen
2008-02-05 15:42   ` Alan Cox
2008-02-05 16:39     ` Andi Kleen
2008-02-05 16:03       ` Alan Cox
2008-02-05 16:48         ` Andi Kleen
2008-02-05 16:14           ` Alan Cox
2008-02-05 20:50       ` Willy Tarreau
2008-02-05 18:29   ` Glenn Griffin
2008-02-05 19:25     ` Ross Vandegrift
2008-02-05 20:11       ` Andi Kleen
2008-02-05 21:23         ` Ross Vandegrift
2008-02-06  8:53           ` Andi Kleen
2008-02-07 19:44             ` Ross Vandegrift
2008-02-08 12:07               ` Andi Kleen
2008-02-12 20:38                 ` Ross Vandegrift
2008-02-05 20:02     ` Andi Kleen
2008-02-05 20:39       ` Evgeniy Polyakov
2008-02-05 20:53         ` Andi Kleen [this message]
2008-02-05 21:50           ` Evgeniy Polyakov
2008-02-05 21:20         ` Alan Cox
2008-02-05 21:52           ` Evgeniy Polyakov
2008-02-05 21:20             ` Willy Tarreau
2008-02-05 22:05             ` Alan Cox
2008-02-06  1:52               ` Glenn Griffin
2008-02-06  7:50                 ` Andi Kleen
2008-02-06 17:36                   ` Glenn Griffin
2008-02-06 18:45                     ` Andi Kleen
2008-02-06 23:03                       ` Glenn Griffin
2008-02-06  9:13                 ` Evgeniy Polyakov
2008-02-06 18:30                   ` Glenn Griffin
2008-02-07  7:24                     ` Evgeniy Polyakov
2008-02-07  9:40                       ` Eric Dumazet
2008-02-08  5:32                         ` Glenn Griffin
2008-02-08  5:49                           ` Glenn Griffin
2008-02-11 16:07                             ` YOSHIFUJI Hideaki / 吉藤英明
2008-02-18 23:45                               ` Glenn Griffin
2008-02-13  7:31                         ` YOSHIFUJI Hideaki / 吉藤英明
2008-02-05 19:57   ` Jan Engelhardt
2008-02-05 21:25     ` Alan Cox
2008-02-04 23:01 Glenn Griffin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080205205345.GA20920@basil.nowhere.org \
    --to=andi@firstfloor.org \
    --cc=ggriffin.kernel@gmail.com \
    --cc=johnpol@2ka.mipt.ru \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --subject='Re: [PATCH] Add IPv6 support to TCP SYN cookies' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).