Improved TCP syncookie implementation
Igor Sysoev
is at rambler-co.ru
Wed Sep 13 08:19:06 PDT 2006
On Sun, 3 Sep 2006, Andre Oppermann wrote:
> I've pretty much rewritten our implementation of TCP syncookies to get
> rid of some locking in TCP syncache and to improve their functionality.
>
> The RFC1323 timestamp option is used to carry the full TCP SYN+SYN/ACK
> optional feature information. This means that a FreeBSD host may run
> with syncookies only and not degrade TCP connections made through it.
> All important TCP connection setup negotiated options are preserved
> (send/receive window scaling, SACK, MSS) without storing any state on
> the host during the SYN-SYN/ACK phase. As a nice side effect the
> timestamps we respond with are randomized instead of directly using
> ticks (which reveals out uptime).
As I understand syncache is used to retransmit SYN/ACK.
What would be if
1) a client sent SYN,
2) we sent SYN/ACK with cookie,
3) the client sent ACK, but the ACK was lost
?
I suppose the client will see timed out error.
Igor Sysoev
http://sysoev.ru/en/
More information about the freebsd-net
mailing list