Re: TCP_SYNCOOKIES - Negative impact(s) when enabled?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Philipp Herz - Profihost AG a écrit :
> 
> Since what kernel version this should be fixed? Is it affected to IPv4 
> and IPv6 or only IPv4?

=== ChangeLog-2.6.26 ===

commit 4dfc2817025965a2fc78a18c50f540736a6b5c24
Author: Florian Westphal <fw@xxxxxxxxx>
Date:   Thu Apr 10 03:12:40 2008 -0700

    [Syncookies]: Add support for TCP options via timestamps.

    Allow the use of SACK and window scaling when syncookies are used
    and the client supports tcp timestamps. Options are encoded into
    the timestamp sent in the syn-ack and restored from the timestamp
    echo when the ack is received.

(side note : the feature was broken in 2.6.27 and restored in 2.6.28)

commit c6aefafb7ec620911d46174eed514f9df639e5a4
Author: Glenn Griffin <ggriffin.kernel@xxxxxxxxx>
Date:   Thu Feb 7 21:49:26 2008 -0800

    [TCP]: Add IPv6 support to TCP SYN cookies

=== ChangeLog-2.6.33 ===

commit e994b7c901ded7200b525a707c6da71f2cf6d4bb
Author: David S. Miller <davem@xxxxxxxxxxxxx>
Date:   Sat Nov 21 11:22:25 2009 -0800

    tcp: Don't make syn cookies initial setting depend on CONFIG_SYSCTL

    That's extremely non-intuitive, noticed by William Allen Simpson.

    And let's make the default be on, it's been suggested by a lot of
    people so we'll give it a try.

=== ChangeLog-2.6.36 ===

commit 172d69e63c7f1e8300d0e1c1bbd8eb0f630faa15
Author: Florian Westphal <fw@xxxxxxxxx>
Date:   Mon Jun 21 11:48:45 2010 +0000

    syncookies: add support for ECN

    Allows use of ECN when syncookies are in effect by encoding ecn_ok
    into the syn-ack tcp timestamp.
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux