Re: SYN trouble, hardware or software?
Andi Kleen (ak@muc.de)
Wed, 22 Jul 1998 21:26:03 +0200
On Wed, Jul 22, 1998 at 08:26:55PM +0200, SL Baur wrote:
> Andi Kleen <ak@muc.de> writes in linux-kernel@vger.rutgers.edu:
>
> > Geert Uytterhoeven <Geert.Uytterhoeven@cs.kuleuven.ac.be> writes:
> >> On Wed, 22 Jul 1998, Chris Black wrote:
> >> > Jul 21 20:47:58 isrec-insect kernel: Warning: possible SYN flood from
> >> > 192.168.1.12 on 192.168.1.1:20817. Sending cookies.
> ...
> > The warning simply means that connection requests are comming in faster
> > than the server can process them.
>
> I got the following on 2.0.34 while debugging some network software I
> was writing. At no time did I have more than one client at a time
> trying to connect to the server. The listen queue is short, but that
> shouldn't matter if only one client at a time is trying to connect, or
> should it?
>
> Jul 19 23:19:12 altair kernel: Warning: possible SYN flood from 127.0.0.1 on 127.0.0.1:23000. Sending cookies.
> Jul 19 23:29:22 altair kernel: Warning: possible SYN flood from 127.0.0.1 on 127.0.0.1:23000. Sending cookies.
If you use listen(1) that's quite possible, especially with a single threaded
server. I would always use at least 10-20.
That pitfall got fixed in 2.1 by changing the semantics of the listen argument
- it now counts ESTABLISHED sockets in the queue instead of SYN_RECV sockets
(following the change in BSDI 3.0) This means Linux can always use a big
backlog for simple SYNs.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html