From: Florian Westphal <fw@strlen.de>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Florian Westphal <fw@strlen.de>,
David Miller <davem@davemloft.net>,
hannes@stressinduktion.org, netdev@vger.kernel.org
Subject: Re: updates to syncookies - timestamps not needed any more (freebsd)
Date: Fri, 12 Jul 2013 16:25:21 +0200 [thread overview]
Message-ID: <20130712142521.GA22686@breakpoint.cc> (raw)
In-Reply-To: <1373637885.10804.7.camel@edumazet-glaptop>
Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Fri, 2013-07-12 at 10:41 +0200, Florian Westphal wrote:
>
> > The main difference to what linux does is to avoid encoding the 'count'
> > value (Linux doesn't reseed secret[], and relies on count to detect old
> > cookies).
> >
> > Not having the counter frees up space to encode tcp options in the cookie
> > instead of the timestamp.
>
> But still wscale and sack options are disabled.
Yes, in Linux sack and wscale will be encoded in the timestamp, as
cookie is already restricted to 24 bits due to counter.
Without the counter, that could be changed to allow sack/wscale even
with ts off.
> BTW, following patch allows to test more easily syncookies behavior.
>
> If sysctl_tcp_syncookies is set to 2, we always use syncookies.
I think this change would be useful.
> --- a/net/ipv4/tcp_ipv4.c
> +++ b/net/ipv4/tcp_ipv4.c
> @@ -1462,7 +1462,8 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
> * limitations, they conserve resources and peer is
> * evidently real one.
> */
> - if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
> + if ((sysctl_tcp_syncookies == 2 ||
> + inet_csk_reqsk_queue_is_full(sk)) && !isn) {
> want_cookie = tcp_syn_flood_action(sk, skb, "TCP");
> if (!want_cookie)
next prev parent reply other threads:[~2013-07-12 14:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-08 16:04 updates to syncookies - timestamps not needed any more (freebsd) Hannes Frederic Sowa
2013-07-08 16:39 ` Eric Dumazet
2013-07-08 18:09 ` Hannes Frederic Sowa
2013-07-11 23:57 ` David Miller
2013-07-12 1:41 ` Hannes Frederic Sowa
2013-07-12 2:25 ` Eric Dumazet
2013-07-12 6:59 ` richard -rw- weinberger
2013-07-12 15:22 ` Rick Jones
2013-07-12 16:18 ` Eric Dumazet
2013-07-12 16:33 ` Rick Jones
2013-07-12 17:00 ` Eric Dumazet
2013-07-12 7:24 ` David Miller
2013-07-12 8:41 ` Florian Westphal
2013-07-12 14:04 ` Eric Dumazet
2013-07-12 14:25 ` Florian Westphal [this message]
2013-07-12 14:32 ` Eric Dumazet
2013-07-12 23:37 ` David Miller
2013-07-26 6:45 ` Hannes Frederic Sowa
2013-07-26 12:56 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130712142521.GA22686@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.