From owner-freebsd-hackers  Sat Aug 26  8:20:55 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from bluerose.windmoon.nu (c255152-a.plstn1.sfba.home.com [24.176.132.48])
	by hub.freebsd.org (Postfix) with ESMTP id 50BFA37B423
	for <freebsd-hackers@freebsd.org>; Sat, 26 Aug 2000 08:20:53 -0700 (PDT)
Received: from localhost (fengyue@localhost)
	by bluerose.windmoon.nu (8.10.2/Windmoon/8.10.2) with ESMTP id e7QFJaC09611
	for <freebsd-hackers@freebsd.org>; Sat, 26 Aug 2000 08:19:36 -0700 (PDT)
Date: Sat, 26 Aug 2000 08:19:36 -0700 (PDT)
From: FengYue <fengyue@bluerose.windmoon.nu>
To: freebsd-hackers@freebsd.org
Subject: SYN flood prevention methods
Message-ID: <Pine.BSF.4.10.10008260810450.9608-100000@bluerose.windmoon.nu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Hi, I know this is an old topic but I don't seem to find answers
to my questions in the mailing list archives.

I'm wondering why FreeBSD did not implement the SYN cookies method
that is currently implemented in Linux?  To my best understanding,
SYN cookie seems to be a better method against SYS flood than
the random drop method.  It seems both OpenBSD and FreeBSD have 
implemented the random drop method.  I guess there are must be some 
"bad things" about SYN cookies that I don't know about.  

Also, I was looking at the netinet/ code this morning but was not able
to find how the seq backlog queue is created/defined.

Thanks!



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message