All of lore.kernel.org
 help / color / mirror / Atom feed
* net.ipv4.tcp_max_syn_backlog implementation
@ 2017-08-29  3:47 Harsha Chenji
  2017-08-29  4:12 ` Willy Tarreau
  2017-08-29  4:17 ` Eric Dumazet
  0 siblings, 2 replies; 5+ messages in thread
From: Harsha Chenji @ 2017-08-29  3:47 UTC (permalink / raw)
  To: netdev

So I have ubuntu 12.04 x32 in a VM with syncookies turned off. I tried
to do a syn flood (with netwox) on 3 different processes. Each of them
returns a different value with netstat -na | grep -c RECV :

nc -l 5555 returns 16 (netcat-traditional)
apache2 port 80 returns 256
vsftpd on 21 returns 64.
net.ipv4.tcp_max_syn_backlog is 512.

Why do these different processes on different ports have different
queue lengths for incomplete connections? Where exactly in the kernel
is this decided?

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: net.ipv4.tcp_max_syn_backlog implementation
  2017-08-29  3:47 net.ipv4.tcp_max_syn_backlog implementation Harsha Chenji
@ 2017-08-29  4:12 ` Willy Tarreau
  2017-08-29  4:17 ` Eric Dumazet
  1 sibling, 0 replies; 5+ messages in thread
From: Willy Tarreau @ 2017-08-29  4:12 UTC (permalink / raw)
  To: Harsha Chenji; +Cc: netdev

On Mon, Aug 28, 2017 at 11:47:41PM -0400, Harsha Chenji wrote:
> So I have ubuntu 12.04 x32 in a VM with syncookies turned off. I tried
> to do a syn flood (with netwox) on 3 different processes. Each of them
> returns a different value with netstat -na | grep -c RECV :
> 
> nc -l 5555 returns 16 (netcat-traditional)
> apache2 port 80 returns 256
> vsftpd on 21 returns 64.
> net.ipv4.tcp_max_syn_backlog is 512.
> 
> Why do these different processes on different ports have different
> queue lengths for incomplete connections? Where exactly in the kernel
> is this decided?

The listening socket's backlog (second argument to the listen() syscall)
is considered as well. The code path to determine whether or not to start
to send SYN cookies is far from being trivial but makes sense once you
write it down completely. I never perfectly remember it, I regularly have
to recheck when I have a doubt.

Willy

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: net.ipv4.tcp_max_syn_backlog implementation
  2017-08-29  3:47 net.ipv4.tcp_max_syn_backlog implementation Harsha Chenji
  2017-08-29  4:12 ` Willy Tarreau
@ 2017-08-29  4:17 ` Eric Dumazet
  2017-08-29 15:05   ` Harsha Chenji
  1 sibling, 1 reply; 5+ messages in thread
From: Eric Dumazet @ 2017-08-29  4:17 UTC (permalink / raw)
  To: Harsha Chenji; +Cc: netdev

On Mon, 2017-08-28 at 23:47 -0400, Harsha Chenji wrote:
> So I have ubuntu 12.04 x32 in a VM with syncookies turned off. I tried
> to do a syn flood (with netwox) on 3 different processes. Each of them
> returns a different value with netstat -na | grep -c RECV :
> 
> nc -l 5555 returns 16 (netcat-traditional)
> apache2 port 80 returns 256
> vsftpd on 21 returns 64.
> net.ipv4.tcp_max_syn_backlog is 512.
> 
> Why do these different processes on different ports have different
> queue lengths for incomplete connections? Where exactly in the kernel
> is this decided?

See 2nd argument in listen() system call, ie backlog 

man listen

Without a synflood, just look at "ss -t state listening" 

The backlog is the 2nd column (Send)

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: net.ipv4.tcp_max_syn_backlog implementation
  2017-08-29  4:17 ` Eric Dumazet
@ 2017-08-29 15:05   ` Harsha Chenji
  2017-08-29 16:17     ` Eric Dumazet
  0 siblings, 1 reply; 5+ messages in thread
From: Harsha Chenji @ 2017-08-29 15:05 UTC (permalink / raw)
  To: Eric Dumazet; +Cc: netdev

According to the man:

The behavior of the backlog argument on TCP sockets changed with Linux
2.2. Now it specifies the queue length for *completely established
sockets waiting to be accepted*, instead of the number of incomplete
connection requests. The maximum length of the queue for incomplete
sockets can be set using /proc/sys/net/ipv4/tcp_max_syn_backlog. When
syncookies are enabled there is no logical maximum length and this
setting is ignored. See tcp(7) for more information.


On Tue, Aug 29, 2017 at 12:17 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Mon, 2017-08-28 at 23:47 -0400, Harsha Chenji wrote:
>> So I have ubuntu 12.04 x32 in a VM with syncookies turned off. I tried
>> to do a syn flood (with netwox) on 3 different processes. Each of them
>> returns a different value with netstat -na | grep -c RECV :
>>
>> nc -l 5555 returns 16 (netcat-traditional)
>> apache2 port 80 returns 256
>> vsftpd on 21 returns 64.
>> net.ipv4.tcp_max_syn_backlog is 512.
>>
>> Why do these different processes on different ports have different
>> queue lengths for incomplete connections? Where exactly in the kernel
>> is this decided?
>
> See 2nd argument in listen() system call, ie backlog
>
> man listen
>
> Without a synflood, just look at "ss -t state listening"
>
> The backlog is the 2nd column (Send)
>
>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: net.ipv4.tcp_max_syn_backlog implementation
  2017-08-29 15:05   ` Harsha Chenji
@ 2017-08-29 16:17     ` Eric Dumazet
  0 siblings, 0 replies; 5+ messages in thread
From: Eric Dumazet @ 2017-08-29 16:17 UTC (permalink / raw)
  To: Harsha Chenji; +Cc: netdev

On Tue, 2017-08-29 at 11:05 -0400, Harsha Chenji wrote:
> According to the man:
> 
> The behavior of the backlog argument on TCP sockets changed with Linux
> 2.2. Now it specifies the queue length for *completely established
> sockets waiting to be accepted*, instead of the number of incomplete
> connection requests. The maximum length of the queue for incomplete
> sockets can be set using /proc/sys/net/ipv4/tcp_max_syn_backlog. When
> syncookies are enabled there is no logical maximum length and this
> setting is ignored. See tcp(7) for more information.
> 
> 


The sysctl was simply there to make sure that someone would not :

listen(fd, 0x40000000);

It served to cap the 2nd argument of listen() to something that the
admin considered as acceptable.

This was particularly important few years back when handling of SYN_RECV
sockets involved O(N) behavior for SYNACK retransmits.

Nowadays, a backlog of 10,000,000 is okay, if you have ram to spend on
it.

> On Tue, Aug 29, 2017 at 12:17 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > On Mon, 2017-08-28 at 23:47 -0400, Harsha Chenji wrote:
> >> So I have ubuntu 12.04 x32 in a VM with syncookies turned off. I tried
> >> to do a syn flood (with netwox) on 3 different processes. Each of them
> >> returns a different value with netstat -na | grep -c RECV :
> >>
> >> nc -l 5555 returns 16 (netcat-traditional)
> >> apache2 port 80 returns 256
> >> vsftpd on 21 returns 64.
> >> net.ipv4.tcp_max_syn_backlog is 512.
> >>
> >> Why do these different processes on different ports have different
> >> queue lengths for incomplete connections? Where exactly in the kernel
> >> is this decided?
> >
> > See 2nd argument in listen() system call, ie backlog
> >
> > man listen
> >
> > Without a synflood, just look at "ss -t state listening"
> >
> > The backlog is the 2nd column (Send)
> >
> >
> >

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-08-29 16:17 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-29  3:47 net.ipv4.tcp_max_syn_backlog implementation Harsha Chenji
2017-08-29  4:12 ` Willy Tarreau
2017-08-29  4:17 ` Eric Dumazet
2017-08-29 15:05   ` Harsha Chenji
2017-08-29 16:17     ` Eric Dumazet

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.