From: Ttttabcd <ttttabcd@protonmail.com>
To: Neal Cardwell <ncardwell@google.com>
Cc: Netdev <netdev@vger.kernel.org>
Subject: Re: Why not use all the syn queues? in the function "tcp_conn_request", I have some questions.
Date: Sun, 09 Sep 2018 01:14:29 +0000 [thread overview]
Message-ID: <h5f-P98uUtKSvllrZiLyahcU9K1QGgximMo-uv29sG-03My7AceKWcCbVurJZ70HSCEq_L614s59I7qo90nL_2vPjFfHQY1tgg_LAUFtMGM=@protonmail.com> (raw)
In-Reply-To: <CADVnQymHJ5VGpawQMWtcvO6YUTC-tV9bWcb0meu=c0MKmQdyhQ@mail.gmail.com>
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Sunday, 9 September 2018 02:24, Neal Cardwell <ncardwell@google.com> wrote:
> By default, and essentially always in practice (AFAIK), Linux
> installations enable syncookies. With syncookies, there is essentially
> no limit on the syn queue, or number of incomplete passive connections
> (as the man page you quoted notes). So in practice the listen()
> parameter usually controls only the accept queue.
>
>
> That discussion pertains to a code path that is relevant if syncookies
> are disabled, which is very uncommon (see above).
>
Yes, when I tested, I disabled syncookies. I want to know how the kernel will handle syn attacks if syncookies are disabled.
> Keep in mind that the semantics of the listen() argument and the
> /proc/sys/net/ipv4/tcp_max_syn_backlog sysctl knob, as described in
> the man page, are part of the Linux kernel's user-visible API. So, in
> essence, they cannot be changed. Changing the semantics of system
> calls and sysctl knobs breaks applications and system configuration
> scripts. :-)
So, as you said
Is there a historical issue with two variables controlling the syn queue?
prev parent reply other threads:[~2018-09-09 6:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-04 5:31 Why not use all the syn queues? in the function "tcp_conn_request", I have some questions Ttttabcd
2018-09-04 7:23 ` Eric Dumazet
2018-09-04 13:06 ` Neal Cardwell
2018-09-05 0:20 ` Ttttabcd
2018-09-08 15:23 ` Ttttabcd
2018-09-08 18:24 ` Neal Cardwell
2018-09-09 1:14 ` Ttttabcd [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='h5f-P98uUtKSvllrZiLyahcU9K1QGgximMo-uv29sG-03My7AceKWcCbVurJZ70HSCEq_L614s59I7qo90nL_2vPjFfHQY1tgg_LAUFtMGM=@protonmail.com' \
--to=ttttabcd@protonmail.com \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.