On Sat, 13 Feb 2010, Florian Weimer wrote: > * Craig Small: > > > While initially skeptical, I can see that under high TCP loads having > > some sort of connection is better than having no connection. Connections > > with large windows will be dropped, but they would be anyhow. > > This argument ignores the non-attack overload case. Lack of window > scaling may increase the load (in terms of the number of connections > required for achieve a certain level of aggregated bandwidth), making > such situations worse. > > (Window scaling is more important than it used to be because > bandwidth-delay products tend to be larger these days.)
AIUI syn cookies will not affect anything while things are normal, that is window scaling and other TCP options will still work as they should. Once the syn queue gets full and new connections would be dropped syn cookies start becoming active, still accepting connections but without options such as window scaling enabled. If your choice is to get no connection or a connection without the window scale option which would you pick? Cheers, weasel -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org