Hlavní navigace

Názor k článku Vlastimil Pečínka (Seznam.cz): Anomálie v trafficu nás dovedly do Ruska od Ondřej Surý - Docela pěkně je to vysvětleno zde: http://lwn.net/Articles/277146/ The major downside...

  • Článek je starý, nové názory již nelze přidávat.
  • 11. 3. 2013 13:06

    Ondřej Surý

    Docela pěkně je to vysvětleno zde:

    http://lwn.net/Articles/277146/

    The major downside to syncookies is that they only have space to encode the most basic of TCP handshake options. At the time of initial syncookie deployment this was not a large problem because the only option prominently in use at the time was the Maximum Segment Size (MSS) option. This option is provided to help the peer avoid unnecessary fragmentation by sending packets that the other end of the connection knows a priori are too large to cross its network. This is exactly the kind of information that is normally stored as state in the SYN queue. The syncookie designers knew that this option was important to performance and found 3 bits for it in the encoded syncookie. These bits are used to approximate the real value of the option to one of 8 common values.

    In the intervening years new options have come into prominence and these are not syncookie compatible. The most important of these are the window scaling and Selective Acknowledgment (SACK) options. These features respectively allow the TCP congestion control window to grow beyond 64KB and be more efficient in the case of minor packet losses from those large windows. Without using these features it is impossible to get good transfer rates on networks with large bandwidth or large latency. Many household broadband links require at least the window scaling option to fully utilize the network connection. Due to this limitation, and the modest computation overhead of the cryptographic hash, the Linux stack only resorts to syncookie based connections when the number of half-open connection exceeds a high watermark controlled by the net.ipv4.tcp_max_syn­_backlog sysctl. These connections are less featureful than normal connections but they are only resorted to when the queue would otherwise require active pruning.

Upozorníme vás na články, které by vám neměly uniknout (maximálně 2x týdně).