DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type;
        b=fsspQCkcQLnfNi1ZHVsvr7lXdrrT1fSq3IGlLhkSD4UzF+fm56Sdv+2QuA+nLv987m
         KyMOmSoqJooAXgoLy8xKn6A0mvDDS/EHLIom7TbYNid7SI0+eOsGZrganAeCznIzRmKI
         PpeliC39gquF0xQcVutm5kYi4BUPpcf29DHIA=
MIME-Version: 1.0
Date: Sat, 10 Oct 2009 15:01:33 +0200
Message-ID: <b2cc26e40910100601q7aed04acjcc9973ef06e6458f@mail.gmail.com>
Subject: Enable syn cookies by default
From: Olaf van der Spek <olafvdspek@gmail.com>
To: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1096
Lines: 32

Hi,

I'm forwarding Debian feature request #520668.

Could syn cookies be enabled by default?

AFAIK syn cookies only get send when the half-open TCP connection
queue is full. So stuff like window scaling should work fine in normal
situations.

Speaking of which:
When the half-open TCP connection queue is full and syn cookies are
enabled, you get a message like "kernel: possible SYN flooding on port
2710. Sending cookies."
However when syn cookies are disabled, you don't get any message (in
kern.log), although connections to your server are timing out.
Could such a message be added?
Maybe with a suggestion to increase the size of that queue or to
enable syn cookies.

Greetings,

Olaf

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520668
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520667
https://bugs.launchpad.net/ubuntu/+bug/57091
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/