Re: Too many sockets in SYN_RECV

[Marek Podmaka <marki@marki-online.net>]

Hello,

Wednesday, December 7, 2011, 16:23:17, Thomas Goirand wrote:

> On 12/07/2011 06:30 PM, Marek Podmaka wrote:
>> Or the other way - why the
>> kernel can't handle the new connections without syncookies?

> Without syncookies, you got resources exhaustion. Not necessarily
> memory, but just internal kernel resources.

> Without having a look into the kernel code, I'd picture in my mind an
> internal table with tcp connections that have received a SYN, but not
> yet an ACK, or something similar. And there's a limit that you could
> reach. Passed that limit, the kernel would start ignoring SYN packets,
> and you can't connect anymore.

Thanks for the explanation and also for the explanation of the
syncookies (which I was little familiar with).

Then I suppose the long connection times were because of the first
SYN being dropped and only retransmitted SYN packets (after few seconds
timeout) got accepted and replied by the server.

The question is why kernel just stopped at 512 SYN_RECV connections
when all limits were at least 1024 (for example
/proc/sys/net/ipv4/tcp_max_syn_backlog) and I was not able to raise
that limit of 512.


-- 
  bYE, Marki