Subject: Re: interrupt rate from a NIC
To: Martin Husemann <firstname.lastname@example.org>
From: Kevin Lahey <email@example.com>
Date: 03/07/2003 12:28:39
On Fri, 7 Mar 2003 09:35:06 +0100
Martin Husemann <firstname.lastname@example.org> wrote:
> Could someone please remind me why the syn-cookie aproach was considered bad?
I've always thought it was a bad idea because you can't properly preserve
all of the TCP options that arrive with the SYN, including stuff like
MSS, SACK ok, timestamps, etc. Now, I think that you *could* actually
squeeze the important stuff into the sequence number, but then it wouldn't
be very random, because you wouldn't have many extra bits to play with.
I was a little surprised to see that FreeBSD now uses SYN cookies.
A brief perusal of the code suggests that they assume that the MSS will
compress into just a couple of bits, which could present some interesting
problems, especially with things like MSS clamping (another possibly
questionable hack, but, hey, there it is). I didn't read on to see what
they were doing about window scaling.
As far as the SACK okay and the rest of it, well, unexpectedly providing
timestamps or SACK options really *shouldn't* confuse a modern TCP
implementation. OTOH, it *is* strictly speaking a violation of the
Did I read the FreeBSD code right, or am I just confused?