Re: Too many sockets in SYN_RECV

[Marek Podmaka <marki@marki-online.net>]

Hello,

Tuesday, December 6, 2011, 11:52:07, Thomas Goirand wrote:

> Have you tried using syn cookies? That normally helps a lot when you
> have a great amount of connections. I'm not sure if the Debian kernel
> uses it by default though (you might need to rebuild the kernel???).

I have just enabled them (they are compiled in debian kernel, but
disabled by default) and it seems to help.
Can you explain why syncookies do help also in my case of many
connections (without any DDoS attack)? Or the other way - why the
kernel can't handle the new connections without syncookies?

Now the netstat -ts shows this:
    55980975 SYN cookies sent
    58244121 SYN cookies received
    18497897 invalid SYN cookies received
    2518647 resets received for embryonic SYN_RECV sockets
    3 packets pruned from receive queue because of socket buffer overrun
    766 ICMP packets dropped because they were out-of-window
    67 ICMP packets dropped because socket was locked
    976666560 TCP sockets finished time wait in fast timer
    168877183 TCP sockets finished time wait in slow timer
    89850676 passive connections rejected because of time stamp
    424051 packets rejects in established connections because of timestamp
    1164228384 delayed acks sent
    648215 delayed acks further delayed because of locked socket
    Quick ack mode was activated 13416055 times
    4049190 times the listen queue of a socket overflowed
    4049190 SYNs to LISTEN sockets dropped
    1042838538 packets directly queued to recvmsg prequeue.
    5771 bytes directly in process context from backlog
    9404314 bytes directly received in process context from prequeue
    2120925297 packet headers predicted
    322307 packets header predicted and directly queued to user
    1124450655 acknowledgments not containing data payload received
    1805039253 predicted acknowledgments
    1 times recovered from packet loss due to fast retransmit
    20223 times recovered from packet loss by selective acknowledgements
    2547 bad SACK blocks received
    Detected reordering 9 times using FACK
    199 congestion windows fully recovered without slow start
    2 congestion windows partially recovered using Hoe heuristic
    2752149 congestion windows recovered without slow start by DSACK
    5702588 congestion windows recovered without slow start after partial ack
    130 TCP data loss events
    TCPLostRetransmit: 2
    6085 timeouts after reno fast retransmit
    2529709 timeouts after SACK recovery
    134114 timeouts in loss state
    20274 fast retransmits
    38 forward retransmits
    2307669 retransmits in slow start
    36174127 other TCP timeouts
    10001 SACK retransmits failed
    202 packets collapsed in receive queue due to low socket buffer
    16775872 DSACKs sent for old packets
    14552 DSACKs sent for out of order packets
    11816825 DSACKs received
    80 DSACKs for out of order packets received
    5 connections reset due to unexpected SYN
    38344636 connections reset due to unexpected data
    245406 connections reset due to early user close
    2455128 connections aborted due to timeout
    TCPSACKDiscard: 43862
    TCPDSACKIgnoredOld: 2118496
    TCPDSACKIgnoredNoUndo: 1514802
    TCPSackShifted: 156
    TCPSackMerged: 328
    TCPSackShiftFallback: 6766189



-- 
  bYE, Marki