Alan Cox <alan@lxorguk.ukuu.org.uk> writes:
> > Is there anyone who has any evidence that SYN cookies do anything in
> > kernel 2.2.x? If so, how did you get that evidence, because I would
> > like to reproduce it.
>
> They work fine for me in 2.2.19/2.2.20.
That was reassuring enough that I persisted and found that the problem
was this: my home-spun SYN-flooder wasn't changing the TCP sequence
number, and so the "victim" was discarding the packets.
The three-second pause I observed previously was a red herring that
went away when I started using separate hosts for flooding and
connection-testing.
Now I see a night-and-day difference between with and without SYN
cookies (although when tcp_max_syn_backlog is set to more than a five
it takes a long time to fill the queue).
Thanks again.
-- --Ed Cashin PGP public key: ecashin@terry.uga.edu http://www.terry.uga.edu/~ecashin/pgp/- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/