All of lore.kernel.org
 help / color / mirror / Atom feed
* [RFC] random SYN drops causing connect() delays
@ 2010-04-12  8:06 Thomas Graf
  2010-04-12  8:39 ` Thomas Graf
  2010-04-14 11:37 ` Lennart Schulte
  0 siblings, 2 replies; 7+ messages in thread
From: Thomas Graf @ 2010-04-12  8:06 UTC (permalink / raw)
  To: netdev

Hello,

I have been tracking down an issue commonly referred to as the 3-sec
connect() delay. It exists since recent 2.6.x kernels and has never
been fixed even though it disappeared in recent releases unless
sched_child_runs_first is set to 1 again.

What happens is that if a client attemps to open many connections to
a socket with only minimal delay inbetween attemps some SYNs are
randomly dropped on the server side causing the client to resend after
the 3 sec TCP timeout and thus causing connect()s to be randomly delayed.

Steps to reproduce:
 1. Compile reproducer attached below
 2. run ./test_delay 127.0.0.1 22 10000 0 > log
 3. awk -F: '{if ($2>2990) print $1 $2;}' log
 4. all listed connection attemps will have been delayed for >3s

Facts:
 - Issue can be reproduced over loopback or real networks.
 - Enabling SO_LINGER on the client side will make the issue disappear!!
 - While the issue is appearing, the acceptq seems to be overflowing. Both
   LISTENOVERFLOWS and LISTENDROPS are increasing although not by the exact
   number of delay occurences. inetdiag reports sk_max_ack_backlog to be 0
   therefore one possibility that comes to mind is that sk_ack_backlog
   underflows due to a race.
 - The issue disappeared in recent kernels, I bisected it down to the following
   commit:
	commit 2bba22c50b06abe9fd0d23933b1e64d35b419262
	Author: Mike Galbraith <efault@gmx.de>
	Date:   Wed Sep 9 15:41:37 2009 +0200

	    sched: Turn off child_runs_first
	    
	    Set child_runs_first default to off.

   Setting kernel.sched_child_runs_first=1 makes the isssue reappear in recent
   kernels.  This hardens the theory of a race condition.
 - It looks like that the issue can only be reproduced if the server
   socket sends out data immediately after the connection has been established
   but I cannot proof this theory.

I will continue to look into the sk_ack_backlog underflow theory but would
appreciate any comments or theories.

Thanks,

Reproducer:

#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <time.h>
#include <sys/time.h>

int main(int argc, char *argv[])
{

        int sock,i;  
        struct timeval tim;
        double start,end;  

        struct hostent *host;
        struct sockaddr_in server_addr, local;
	socklen_t len = sizeof(local);

        char* hostname;
        int port, count, delay;

        if( argc < 3 ){
           printf("Usage:\n\t%s host port [count=1000] [delay=0]\n",argv[0]);
           return 1;
        }

        hostname = argv[1];
        port = atoi(argv[2]);

        if( argc > 3 )
           count = atoi(argv[3]);
	else
           count = 1000;

        if( argc > 4 )
           delay = atoi(argv[4]);
	else
           delay = 0;

        host = gethostbyname(hostname);

        server_addr.sin_family = AF_INET;     
        server_addr.sin_port = htons(port);   
        server_addr.sin_addr = *((struct in_addr *)host->h_addr);
        bzero(&(server_addr.sin_zero),8); 

        for(i=0; i< count; i=i+1){
          gettimeofday(&tim, NULL);
          start=tim.tv_sec*1000+(tim.tv_usec/1000);

          if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
            perror("Socket");
            exit(1);
          }

          if (connect(sock, (struct sockaddr *)&server_addr,
                    sizeof(struct sockaddr)) == -1) 
          {
            perror("Connect");
            exit(1);
          }

	  getsockname(sock, (struct sockaddr *) &local, &len);
          close(sock);

          gettimeofday(&tim, NULL);
          end=tim.tv_sec*1000+(tim.tv_usec/1000);
          printf("[%d] %u-> Time to open socket (clock): %d\n",
	  	i, ntohs(local.sin_port), (int)(end - start));
	  usleep(delay*1000);
        }
/*
        printf("Time to open socket (ms): %d\n", ((end - start)*1000)/CLOCKS_PER_SEC);
*/

        return 0;
}



^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [RFC] random SYN drops causing connect() delays
  2010-04-12  8:06 [RFC] random SYN drops causing connect() delays Thomas Graf
@ 2010-04-12  8:39 ` Thomas Graf
  2010-04-28  1:56   ` David Miller
  2010-04-14 11:37 ` Lennart Schulte
  1 sibling, 1 reply; 7+ messages in thread
From: Thomas Graf @ 2010-04-12  8:39 UTC (permalink / raw)
  To: netdev

On Mon, Apr 12, 2010 at 04:06:33AM -0400, Thomas Graf wrote:
>  - While the issue is appearing, the acceptq seems to be overflowing. Both
>    LISTENOVERFLOWS and LISTENDROPS are increasing although not by the exact
>    number of delay occurences. inetdiag reports sk_max_ack_backlog to be 0
>    therefore one possibility that comes to mind is that sk_ack_backlog
>    underflows due to a race.

Forget about the underflow thought, inetdiag was reporting falsely.
sk_max_ack_backlog is set to 128 as it should and the listen overflow
happens normally. Still the fact remains that while the issue is appearing
listen overflows are counted.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [RFC] random SYN drops causing connect() delays
  2010-04-12  8:06 [RFC] random SYN drops causing connect() delays Thomas Graf
  2010-04-12  8:39 ` Thomas Graf
@ 2010-04-14 11:37 ` Lennart Schulte
  1 sibling, 0 replies; 7+ messages in thread
From: Lennart Schulte @ 2010-04-14 11:37 UTC (permalink / raw)
  To: tgraf; +Cc: netdev

Hi,
this is very similar to what i have noticed, but up to now I couldn't figure out where it came from. 
Thanks very much for clearing it up!

> I have been tracking down an issue commonly referred to as the 3-sec
> connect() delay. It exists since recent 2.6.x kernels and has never
> been fixed even though it disappeared in recent releases unless
> sched_child_runs_first is set to 1 again.
>
> What happens is that if a client attemps to open many connections to
> a socket with only minimal delay inbetween attemps some SYNs are
> randomly dropped on the server side causing the client to resend after
> the 3 sec TCP timeout and thus causing connect()s to be randomly delayed.
>
> Facts:
>  - Issue can be reproduced over loopback or real networks.
>  - Enabling SO_LINGER on the client side will make the issue disappear!!
>  - While the issue is appearing, the acceptq seems to be overflowing. Both
>    LISTENOVERFLOWS and LISTENDROPS are increasing although not by the exact
>    number of delay occurences. inetdiag reports sk_max_ack_backlog to be 0
>    therefore one possibility that comes to mind is that sk_ack_backlog
>    underflows due to a race.
>  - The issue disappeared in recent kernels, I bisected it down to the following
>    commit:
> 	commit 2bba22c50b06abe9fd0d23933b1e64d35b419262
> 	Author: Mike Galbraith <efault@gmx.de>
> 	Date:   Wed Sep 9 15:41:37 2009 +0200
>
> 	    sched: Turn off child_runs_first
> 	    
> 	    Set child_runs_first default to off.
>
>    Setting kernel.sched_child_runs_first=1 makes the isssue reappear in recent
>    kernels.  This hardens the theory of a race condition.
>  - It looks like that the issue can only be reproduced if the server
>    socket sends out data immediately after the connection has been established
>    but I cannot proof this theory.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [RFC] random SYN drops causing connect() delays
  2010-04-12  8:39 ` Thomas Graf
@ 2010-04-28  1:56   ` David Miller
  2010-04-28  4:44     ` Thomas Graf
  0 siblings, 1 reply; 7+ messages in thread
From: David Miller @ 2010-04-28  1:56 UTC (permalink / raw)
  To: tgraf; +Cc: netdev

From: Thomas Graf <tgraf@infradead.org>
Date: Mon, 12 Apr 2010 04:39:03 -0400

> On Mon, Apr 12, 2010 at 04:06:33AM -0400, Thomas Graf wrote:
>>  - While the issue is appearing, the acceptq seems to be overflowing. Both
>>    LISTENOVERFLOWS and LISTENDROPS are increasing although not by the exact
>>    number of delay occurences. inetdiag reports sk_max_ack_backlog to be 0
>>    therefore one possibility that comes to mind is that sk_ack_backlog
>>    underflows due to a race.
> 
> Forget about the underflow thought, inetdiag was reporting falsely.
> sk_max_ack_backlog is set to 128 as it should and the listen overflow
> happens normally. Still the fact remains that while the issue is appearing
> listen overflows are counted.

I can't reproduce on my system even with sched_child_runs_first set to '1'.

Are you running identd or something like that which intercepts the connections
to port 22 before 'sshd' actually gets it?

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [RFC] random SYN drops causing connect() delays
  2010-04-28  1:56   ` David Miller
@ 2010-04-28  4:44     ` Thomas Graf
  2010-04-28  5:52       ` Eric Dumazet
  0 siblings, 1 reply; 7+ messages in thread
From: Thomas Graf @ 2010-04-28  4:44 UTC (permalink / raw)
  To: David Miller; +Cc: netdev

On Tue, Apr 27, 2010 at 06:56:02PM -0700, David Miller wrote:
> I can't reproduce on my system even with sched_child_runs_first set to '1'.
> 
> Are you running identd or something like that which intercepts the connections
> to port 22 before 'sshd' actually gets it?

No, sshd is listening on the port directly.

I am having more difficulties to reproduce the issue with the latest git tree. It
still happens but I sometimes have to run the test several times to get a single
delayed connection attempt.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [RFC] random SYN drops causing connect() delays
  2010-04-28  4:44     ` Thomas Graf
@ 2010-04-28  5:52       ` Eric Dumazet
  2010-04-28  6:11         ` Thomas Graf
  0 siblings, 1 reply; 7+ messages in thread
From: Eric Dumazet @ 2010-04-28  5:52 UTC (permalink / raw)
  To: Thomas Graf; +Cc: David Miller, netdev

Le mercredi 28 avril 2010 à 00:44 -0400, Thomas Graf a écrit :
> On Tue, Apr 27, 2010 at 06:56:02PM -0700, David Miller wrote:
> > I can't reproduce on my system even with sched_child_runs_first set to '1'.
> > 
> > Are you running identd or something like that which intercepts the connections
> > to port 22 before 'sshd' actually gets it?
> 
> No, sshd is listening on the port directly.
> 
> I am having more difficulties to reproduce the issue with the latest git tree. It
> still happens but I sometimes have to run the test several times to get a single
> delayed connection attempt.

On machine/kernel reproducing the behavior, please send

grep . /proc/sys/net/ipv4/*




^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [RFC] random SYN drops causing connect() delays
  2010-04-28  5:52       ` Eric Dumazet
@ 2010-04-28  6:11         ` Thomas Graf
  0 siblings, 0 replies; 7+ messages in thread
From: Thomas Graf @ 2010-04-28  6:11 UTC (permalink / raw)
  To: Eric Dumazet; +Cc: David Miller, netdev

On Wed, Apr 28, 2010 at 07:52:46AM +0200, Eric Dumazet wrote:
> On machine/kernel reproducing the behavior, please send
> 
> grep . /proc/sys/net/ipv4/*

net.ipv4.route.gc_thresh = 262144
net.ipv4.route.max_size = 4194304
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_timeout = 300
net.ipv4.route.gc_interval = 60
net.ipv4.route.redirect_load = 20
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 20480
net.ipv4.route.error_cost = 1000
net.ipv4.route.error_burst = 5000
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_pmtu = 552
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.secret_interval = 600
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.retrans_time = 99
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.unres_qlen = 3
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.anycast_delay = 99
net.ipv4.neigh.default.proxy_delay = 79
net.ipv4.neigh.default.locktime = 99
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.retrans_time = 99
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.unres_qlen = 3
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.anycast_delay = 99
net.ipv4.neigh.lo.proxy_delay = 79
net.ipv4.neigh.lo.locktime = 99
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.mcast_solicit = 3
net.ipv4.neigh.eth0.ucast_solicit = 3
net.ipv4.neigh.eth0.app_solicit = 0
net.ipv4.neigh.eth0.retrans_time = 99
net.ipv4.neigh.eth0.base_reachable_time = 30
net.ipv4.neigh.eth0.delay_first_probe_time = 5
net.ipv4.neigh.eth0.gc_stale_time = 60
net.ipv4.neigh.eth0.unres_qlen = 3
net.ipv4.neigh.eth0.proxy_qlen = 64
net.ipv4.neigh.eth0.anycast_delay = 99
net.ipv4.neigh.eth0.proxy_delay = 79
net.ipv4.neigh.eth0.locktime = 99
net.ipv4.neigh.eth0.retrans_time_ms = 1000
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
net.ipv4.neigh.eth1.mcast_solicit = 3
net.ipv4.neigh.eth1.ucast_solicit = 3
net.ipv4.neigh.eth1.app_solicit = 0
net.ipv4.neigh.eth1.retrans_time = 99
net.ipv4.neigh.eth1.base_reachable_time = 30
net.ipv4.neigh.eth1.delay_first_probe_time = 5
net.ipv4.neigh.eth1.gc_stale_time = 60
net.ipv4.neigh.eth1.unres_qlen = 3
net.ipv4.neigh.eth1.proxy_qlen = 64
net.ipv4.neigh.eth1.anycast_delay = 99
net.ipv4.neigh.eth1.proxy_delay = 79
net.ipv4.neigh.eth1.locktime = 99
net.ipv4.neigh.eth1.retrans_time_ms = 1000
net.ipv4.neigh.eth1.base_reachable_time_ms = 30000
net.ipv4.neigh.pan0.mcast_solicit = 3
net.ipv4.neigh.pan0.ucast_solicit = 3
net.ipv4.neigh.pan0.app_solicit = 0
net.ipv4.neigh.pan0.retrans_time = 99
net.ipv4.neigh.pan0.base_reachable_time = 30
net.ipv4.neigh.pan0.delay_first_probe_time = 5
net.ipv4.neigh.pan0.gc_stale_time = 60
net.ipv4.neigh.pan0.unres_qlen = 3
net.ipv4.neigh.pan0.proxy_qlen = 64
net.ipv4.neigh.pan0.anycast_delay = 99
net.ipv4.neigh.pan0.proxy_delay = 79
net.ipv4.neigh.pan0.locktime = 99
net.ipv4.neigh.pan0.retrans_time_ms = 1000
net.ipv4.neigh.pan0.base_reachable_time_ms = 30000
net.ipv4.neigh.virbr0.mcast_solicit = 3
net.ipv4.neigh.virbr0.ucast_solicit = 3
net.ipv4.neigh.virbr0.app_solicit = 0
net.ipv4.neigh.virbr0.retrans_time = 99
net.ipv4.neigh.virbr0.base_reachable_time = 30
net.ipv4.neigh.virbr0.delay_first_probe_time = 5
net.ipv4.neigh.virbr0.gc_stale_time = 60
net.ipv4.neigh.virbr0.unres_qlen = 3
net.ipv4.neigh.virbr0.proxy_qlen = 64
net.ipv4.neigh.virbr0.anycast_delay = 99
net.ipv4.neigh.virbr0.proxy_delay = 79
net.ipv4.neigh.virbr0.locktime = 99
net.ipv4.neigh.virbr0.retrans_time_ms = 1000
net.ipv4.neigh.virbr0.base_reachable_time_ms = 30000
net.ipv4.neigh.virbr1.mcast_solicit = 3
net.ipv4.neigh.virbr1.ucast_solicit = 3
net.ipv4.neigh.virbr1.app_solicit = 0
net.ipv4.neigh.virbr1.retrans_time = 99
net.ipv4.neigh.virbr1.base_reachable_time = 30
net.ipv4.neigh.virbr1.delay_first_probe_time = 5
net.ipv4.neigh.virbr1.gc_stale_time = 60
net.ipv4.neigh.virbr1.unres_qlen = 3
net.ipv4.neigh.virbr1.proxy_qlen = 64
net.ipv4.neigh.virbr1.anycast_delay = 99
net.ipv4.neigh.virbr1.proxy_delay = 79
net.ipv4.neigh.virbr1.locktime = 99
net.ipv4.neigh.virbr1.retrans_time_ms = 1000
net.ipv4.neigh.virbr1.base_reachable_time_ms = 30000
net.ipv4.neigh.virbr2.mcast_solicit = 3
net.ipv4.neigh.virbr2.ucast_solicit = 3
net.ipv4.neigh.virbr2.app_solicit = 0
net.ipv4.neigh.virbr2.retrans_time = 99
net.ipv4.neigh.virbr2.base_reachable_time = 30
net.ipv4.neigh.virbr2.delay_first_probe_time = 5
net.ipv4.neigh.virbr2.gc_stale_time = 60
net.ipv4.neigh.virbr2.unres_qlen = 3
net.ipv4.neigh.virbr2.proxy_qlen = 64
net.ipv4.neigh.virbr2.anycast_delay = 99
net.ipv4.neigh.virbr2.proxy_delay = 79
net.ipv4.neigh.virbr2.locktime = 99
net.ipv4.neigh.virbr2.retrans_time_ms = 1000
net.ipv4.neigh.virbr2.base_reachable_time_ms = 30000
net.ipv4.neigh.tun0.mcast_solicit = 3
net.ipv4.neigh.tun0.ucast_solicit = 3
net.ipv4.neigh.tun0.app_solicit = 0
net.ipv4.neigh.tun0.retrans_time = 99
net.ipv4.neigh.tun0.base_reachable_time = 30
net.ipv4.neigh.tun0.delay_first_probe_time = 5
net.ipv4.neigh.tun0.gc_stale_time = 60
net.ipv4.neigh.tun0.unres_qlen = 3
net.ipv4.neigh.tun0.proxy_qlen = 64
net.ipv4.neigh.tun0.anycast_delay = 99
net.ipv4.neigh.tun0.proxy_delay = 79
net.ipv4.neigh.tun0.locktime = 99
net.ipv4.neigh.tun0.retrans_time_ms = 1000
net.ipv4.neigh.tun0.base_reachable_time_ms = 30000
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.ip_dynaddr = 0
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.ip_local_port_range = 32768	61000
net.ipv4.igmp_max_memberships = 20
net.ipv4.igmp_max_msf = 10
net.ipv4.inet_peer_threshold = 65664
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_fack = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_mem = 573408	764544	1146816
net.ipv4.tcp_wmem = 4096	16384	4194304
net.ipv4.tcp_rmem = 4096	87380	4194304
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_adv_win_scale = 2
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_frto = 2
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_abc = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.tcp_dma_copybreak = 4096
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.cipso_cache_enable = 1
net.ipv4.cipso_cache_bucket_size = 10
net.ipv4.cipso_rbm_optfmt = 0
net.ipv4.cipso_rbm_strictvalid = 1
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.tcp_cookie_size = 0
net.ipv4.tcp_thin_linear_timeouts = 0
net.ipv4.tcp_thin_dupack = 0
net.ipv4.udp_mem = 573408	764544	1146816
net.ipv4.udp_rmem_min = 4096
net.ipv4.udp_wmem_min = 4096
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.accept_redirects = 1
net.ipv4.conf.eth0.secure_redirects = 1
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.eth0.accept_local = 0
net.ipv4.conf.eth0.src_valid_mark = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_accept = 0
net.ipv4.conf.eth0.arp_notify = 0
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.promote_secondaries = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.accept_redirects = 1
net.ipv4.conf.eth1.secure_redirects = 1
net.ipv4.conf.eth1.shared_media = 1
net.ipv4.conf.eth1.rp_filter = 1
net.ipv4.conf.eth1.send_redirects = 1
net.ipv4.conf.eth1.accept_source_route = 0
net.ipv4.conf.eth1.accept_local = 0
net.ipv4.conf.eth1.src_valid_mark = 0
net.ipv4.conf.eth1.proxy_arp = 0
net.ipv4.conf.eth1.medium_id = 0
net.ipv4.conf.eth1.bootp_relay = 0
net.ipv4.conf.eth1.log_martians = 0
net.ipv4.conf.eth1.tag = 0
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.eth1.arp_announce = 0
net.ipv4.conf.eth1.arp_ignore = 0
net.ipv4.conf.eth1.arp_accept = 0
net.ipv4.conf.eth1.arp_notify = 0
net.ipv4.conf.eth1.proxy_arp_pvlan = 0
net.ipv4.conf.eth1.disable_xfrm = 0
net.ipv4.conf.eth1.disable_policy = 0
net.ipv4.conf.eth1.force_igmp_version = 0
net.ipv4.conf.eth1.promote_secondaries = 0
net.ipv4.conf.pan0.forwarding = 1
net.ipv4.conf.pan0.mc_forwarding = 0
net.ipv4.conf.pan0.accept_redirects = 1
net.ipv4.conf.pan0.secure_redirects = 1
net.ipv4.conf.pan0.shared_media = 1
net.ipv4.conf.pan0.rp_filter = 1
net.ipv4.conf.pan0.send_redirects = 1
net.ipv4.conf.pan0.accept_source_route = 0
net.ipv4.conf.pan0.accept_local = 0
net.ipv4.conf.pan0.src_valid_mark = 0
net.ipv4.conf.pan0.proxy_arp = 0
net.ipv4.conf.pan0.medium_id = 0
net.ipv4.conf.pan0.bootp_relay = 0
net.ipv4.conf.pan0.log_martians = 0
net.ipv4.conf.pan0.tag = 0
net.ipv4.conf.pan0.arp_filter = 0
net.ipv4.conf.pan0.arp_announce = 0
net.ipv4.conf.pan0.arp_ignore = 0
net.ipv4.conf.pan0.arp_accept = 0
net.ipv4.conf.pan0.arp_notify = 0
net.ipv4.conf.pan0.proxy_arp_pvlan = 0
net.ipv4.conf.pan0.disable_xfrm = 0
net.ipv4.conf.pan0.disable_policy = 0
net.ipv4.conf.pan0.force_igmp_version = 0
net.ipv4.conf.pan0.promote_secondaries = 0
net.ipv4.conf.virbr0.forwarding = 1
net.ipv4.conf.virbr0.mc_forwarding = 0
net.ipv4.conf.virbr0.accept_redirects = 1
net.ipv4.conf.virbr0.secure_redirects = 1
net.ipv4.conf.virbr0.shared_media = 1
net.ipv4.conf.virbr0.rp_filter = 1
net.ipv4.conf.virbr0.send_redirects = 1
net.ipv4.conf.virbr0.accept_source_route = 0
net.ipv4.conf.virbr0.accept_local = 0
net.ipv4.conf.virbr0.src_valid_mark = 0
net.ipv4.conf.virbr0.proxy_arp = 0
net.ipv4.conf.virbr0.medium_id = 0
net.ipv4.conf.virbr0.bootp_relay = 0
net.ipv4.conf.virbr0.log_martians = 0
net.ipv4.conf.virbr0.tag = 0
net.ipv4.conf.virbr0.arp_filter = 0
net.ipv4.conf.virbr0.arp_announce = 0
net.ipv4.conf.virbr0.arp_ignore = 0
net.ipv4.conf.virbr0.arp_accept = 0
net.ipv4.conf.virbr0.arp_notify = 0
net.ipv4.conf.virbr0.proxy_arp_pvlan = 0
net.ipv4.conf.virbr0.disable_xfrm = 0
net.ipv4.conf.virbr0.disable_policy = 0
net.ipv4.conf.virbr0.force_igmp_version = 0
net.ipv4.conf.virbr0.promote_secondaries = 0
net.ipv4.conf.virbr1.forwarding = 1
net.ipv4.conf.virbr1.mc_forwarding = 0
net.ipv4.conf.virbr1.accept_redirects = 1
net.ipv4.conf.virbr1.secure_redirects = 1
net.ipv4.conf.virbr1.shared_media = 1
net.ipv4.conf.virbr1.rp_filter = 1
net.ipv4.conf.virbr1.send_redirects = 1
net.ipv4.conf.virbr1.accept_source_route = 0
net.ipv4.conf.virbr1.accept_local = 0
net.ipv4.conf.virbr1.src_valid_mark = 0
net.ipv4.conf.virbr1.proxy_arp = 0
net.ipv4.conf.virbr1.medium_id = 0
net.ipv4.conf.virbr1.bootp_relay = 0
net.ipv4.conf.virbr1.log_martians = 0
net.ipv4.conf.virbr1.tag = 0
net.ipv4.conf.virbr1.arp_filter = 0
net.ipv4.conf.virbr1.arp_announce = 0
net.ipv4.conf.virbr1.arp_ignore = 0
net.ipv4.conf.virbr1.arp_accept = 0
net.ipv4.conf.virbr1.arp_notify = 0
net.ipv4.conf.virbr1.proxy_arp_pvlan = 0
net.ipv4.conf.virbr1.disable_xfrm = 0
net.ipv4.conf.virbr1.disable_policy = 0
net.ipv4.conf.virbr1.force_igmp_version = 0
net.ipv4.conf.virbr1.promote_secondaries = 0
net.ipv4.conf.virbr2.forwarding = 1
net.ipv4.conf.virbr2.mc_forwarding = 0
net.ipv4.conf.virbr2.accept_redirects = 1
net.ipv4.conf.virbr2.secure_redirects = 1
net.ipv4.conf.virbr2.shared_media = 1
net.ipv4.conf.virbr2.rp_filter = 1
net.ipv4.conf.virbr2.send_redirects = 1
net.ipv4.conf.virbr2.accept_source_route = 0
net.ipv4.conf.virbr2.accept_local = 0
net.ipv4.conf.virbr2.src_valid_mark = 0
net.ipv4.conf.virbr2.proxy_arp = 0
net.ipv4.conf.virbr2.medium_id = 0
net.ipv4.conf.virbr2.bootp_relay = 0
net.ipv4.conf.virbr2.log_martians = 0
net.ipv4.conf.virbr2.tag = 0
net.ipv4.conf.virbr2.arp_filter = 0
net.ipv4.conf.virbr2.arp_announce = 0
net.ipv4.conf.virbr2.arp_ignore = 0
net.ipv4.conf.virbr2.arp_accept = 0
net.ipv4.conf.virbr2.arp_notify = 0
net.ipv4.conf.virbr2.proxy_arp_pvlan = 0
net.ipv4.conf.virbr2.disable_xfrm = 0
net.ipv4.conf.virbr2.disable_policy = 0
net.ipv4.conf.virbr2.force_igmp_version = 0
net.ipv4.conf.virbr2.promote_secondaries = 0
net.ipv4.conf.tun0.forwarding = 1
net.ipv4.conf.tun0.mc_forwarding = 0
net.ipv4.conf.tun0.accept_redirects = 1
net.ipv4.conf.tun0.secure_redirects = 1
net.ipv4.conf.tun0.shared_media = 1
net.ipv4.conf.tun0.rp_filter = 1
net.ipv4.conf.tun0.send_redirects = 1
net.ipv4.conf.tun0.accept_source_route = 0
net.ipv4.conf.tun0.accept_local = 0
net.ipv4.conf.tun0.src_valid_mark = 0
net.ipv4.conf.tun0.proxy_arp = 0
net.ipv4.conf.tun0.medium_id = 0
net.ipv4.conf.tun0.bootp_relay = 0
net.ipv4.conf.tun0.log_martians = 0
net.ipv4.conf.tun0.tag = 0
net.ipv4.conf.tun0.arp_filter = 0
net.ipv4.conf.tun0.arp_announce = 0
net.ipv4.conf.tun0.arp_ignore = 0
net.ipv4.conf.tun0.arp_accept = 0
net.ipv4.conf.tun0.arp_notify = 0
net.ipv4.conf.tun0.proxy_arp_pvlan = 0
net.ipv4.conf.tun0.disable_xfrm = 0
net.ipv4.conf.tun0.disable_policy = 0
net.ipv4.conf.tun0.force_igmp_version = 0
net.ipv4.conf.tun0.promote_secondaries = 0
net.ipv4.ip_forward = 1
net.ipv4.xfrm4_gc_thresh = 2097152
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ipfrag_time = 30
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.rt_cache_rebuild_count = 4
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_max_dist = 64

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-04-28  6:11 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-04-12  8:06 [RFC] random SYN drops causing connect() delays Thomas Graf
2010-04-12  8:39 ` Thomas Graf
2010-04-28  1:56   ` David Miller
2010-04-28  4:44     ` Thomas Graf
2010-04-28  5:52       ` Eric Dumazet
2010-04-28  6:11         ` Thomas Graf
2010-04-14 11:37 ` Lennart Schulte

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.