[...SYN cookies...]
Don't they break TCP's retransmission semantics? Certainly SYN cookies
as I understand them do. If the third packet of the three-way
handshake (the pure ACK) is lost, neither end is going to retransmit
ever, the active host because it thinks it has an established
connection and the passive host because it has - this is the whole
point of SYN cookies - no state to retransmit based on.
Thus, we have a half-open connection. If the active peer sends data
without expecting anything from the passive peer first, I'd expect an
RST. If the other way around, the connection is permanently wedged.
I don't consider either consequence acceptable.
It's not obvious to me from the patches - are these SYN cookies
something else?
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B