From: Frans Pop <elendil@planet.nl>
To: Olaf van der Spek <olafvdspek@gmail.com>, netdev@vger.kernel.org
Subject: Re: Enable syn cookies by default
Date: Sun, 11 Oct 2009 12:26:43 +0200
User-Agent: KMail/1.9.9
Cc: linux-kernel@vger.kernel.org
References: <b2cc26e40910100601q7aed04acjcc9973ef06e6458f@mail.gmail.com>
In-reply-To: <b2cc26e40910100601q7aed04acjcc9973ef06e6458f@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200910111226.44828.elendil@planet.nl>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1229
Lines: 39

This question is better asked on the kernel network development list.
Original mail from Olaf below.

Cheers,
FJP

=================
Hi,

I'm forwarding Debian feature request #520668.

Could syn cookies be enabled by default?

AFAIK syn cookies only get send when the half-open TCP connection
queue is full. So stuff like window scaling should work fine in normal
situations.

Speaking of which:
When the half-open TCP connection queue is full and syn cookies are
enabled, you get a message like "kernel: possible SYN flooding on port
2710. Sending cookies."
However when syn cookies are disabled, you don't get any message (in
kern.log), although connections to your server are timing out.
Could such a message be added?
Maybe with a suggestion to increase the size of that queue or to
enable syn cookies.

Greetings,

Olaf

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520668
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520667
https://bugs.launchpad.net/ubuntu/+bug/57091
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/