Howdy,

I've been reviewing the SYN cache and SYN cookie code and I'm wondering why we 
do all the work
of generating a SYN cache entry before sending a SYN cookie.  If the point of 
SYN cookies is to
defend against a SYN flood then, to my mind, the SYN/ACK for the cookie case 
should be sent off before
doing all the work to try to create and insert a cache entry.  Has anyone, as 
yet, looked at a way
to move the sending code earlier into syncache_add() and checked to see if 
there is a performance
improvement when a system is flooded with SYN packets?

Best,
George

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to