roop kumar
New Member
Is there any drawback/limitation at syncookie implementation for ipv6 ?
Because, current I'm using Linux 4.19 & syncookie enabled as net.ipv4.tcp_syncookies=1
Used netwox tool for simulate TCP synflood for ipv4/ipv6.
Didn't observe any issue for ipv4.
But, observed cpu% for si hits spike for Tcpv6 syn flood .Also, ssh/ping is not working at that time for ipv4/ipv6 address.
If we disable syncookie, as expected only ssh is not working while tcpv6 synflood.
Because, current I'm using Linux 4.19 & syncookie enabled as net.ipv4.tcp_syncookies=1
Used netwox tool for simulate TCP synflood for ipv4/ipv6.
Didn't observe any issue for ipv4.
But, observed cpu% for si hits spike for Tcpv6 syn flood .Also, ssh/ping is not working at that time for ipv4/ipv6 address.
If we disable syncookie, as expected only ssh is not working while tcpv6 synflood.