On Tue, Feb 05, 2008 at 11:39:11PM +0300, Evgeniy Polyakov wrote: > On Tue, Feb 05, 2008 at 09:02:11PM +0100, Andi Kleen ([EMAIL PROTECTED]) > wrote: > > On Tue, Feb 05, 2008 at 10:29:28AM -0800, Glenn Griffin wrote: > > > > Syncookies are discouraged these days. They disable too many > > > > valuable TCP features (window scaling, SACK) and even without them > > > > the kernel is usually strong enough to defend against syn floods > > > > and systems have much more memory than they used to be. > > > > > > > > So I don't think it makes much sense to add more code to it, sorry. > > How does syncookies prevent windows from growing?
Syncookies do not allow window scaling so you can't have any windows >64k > Most (if not all) distributions have them enabled and window growing > works just fine. Actually I do not see any reason why connection > establishment handshake should prevent any run-time operations at all, > even if it was setup during handshake. TCP only uses options negotiated during the hand shake and syncookies is incapable to do this. -Andi -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
