Re: TCP SYN Cookies for NetBSD

To: tech-net%NetBSD.org@localhost
Subject: Re: TCP SYN Cookies for NetBSD
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Mon, 5 Nov 2012 21:03:32 -0500 (EST)

> [...SYN cookies...]

Don't they break TCP's retransmission semantics?  Certainly SYN cookies
as I understand them do.  If the third packet of the three-way
handshake (the pure ACK) is lost, neither end is going to retransmit
ever, the active host because it thinks it has an established
connection and the passive host because it has - this is the whole
point of SYN cookies - no state to retransmit based on.

Thus, we have a half-open connection.  If the active peer sends data
without expecting anything from the passive peer first, I'd expect an
RST.  If the other way around, the connection is permanently wedged.

I don't consider either consequence acceptable.

It's not obvious to me from the patches - are these SYN cookies
something else?

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: TCP SYN Cookies for NetBSD
  - From: je

References:
- TCP SYN Cookies for NetBSD
  - From: Paul Goyette

Prev by Date: Re: TCP SYN Cookies for NetBSD
Next by Date: Re: TCP SYN Cookies for NetBSD
Previous by Thread: Re: TCP SYN Cookies for NetBSD
Next by Thread: Re: TCP SYN Cookies for NetBSD
Indexes:

Home | Main Index | Thread Index | Old Index