--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: linux-image-2.6.26-1-686: No warning when half-open TCP queue is full
- From: Olaf van der Spek <OlafvdSpek@GMail.Com>
- Date: Sat, 21 Mar 2009 19:47:36 +0100
- Message-id: <20090321184736.2946.91278.reportbug@router>
Package: linux-image-2.6.26-1-686
Version: 2.6.26-13lenny2
Severity: normal
Hi,
When the half-open TCP connection queue is full and syn cookies are enabled, you get a message like "kernel: possible SYN flooding on port 2710. Sending cookies."
However when syn cookies are disabled, you don't get any message (in kern.log), although connections to your server are timing out.
Could such a message be added?
Maybe with a suggestion to increase the size of that queue or to enable syn cookies.
Greetings,
Olaf
-- Package-specific info:
** Version:
Linux version 2.6.26-1-686 (Debian 2.6.26-13lenny2) (dannf@debian.org) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Fri Mar 13 18:08:45 UTC 2009
** Command line:
root=/dev/hda1 ro quiet
** Not tainted
** Kernel log:
[ 2.311239] rtc_cmos 00:04: rtc core: registered rtc_cmos as rtc0
[ 2.311239] rtc0: alarms up to one day
[ 2.311239] cpuidle: using governor ladder
[ 2.311239] cpuidle: using governor menu
[ 2.311239] No iBFT detected.
[ 2.311239] TCP cubic registered
[ 2.311239] NET: Registered protocol family 17
[ 2.311239] Using IPI No-Shortcut mode
[ 2.311240] registered taskstats version 1
[ 2.311240] rtc_cmos 00:04: setting system clock to 2009-03-21 08:26:10 UTC (1237623970)
[ 2.311240] Freeing unused kernel memory: 244k freed
[ 2.615240] thermal: Unknown symbol acpi_processor_set_thermal_limit
[ 3.008555] SCSI subsystem initialized
[ 3.052601] aic7xxx 0000:00:06.0: enabling device (0006 -> 0007)
[ 3.052634] PCI: No IRQ known for interrupt pin A of device 0000:00:06.0. Probably buggy MP table.
[ 3.065606] aic7xxx: probe of 0000:00:06.0 failed with error -16
[ 3.086545] Uniform Multi-Platform E-IDE driver
[ 3.086562] ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
[ 3.087790] PIIX4: IDE controller (0x8086:0x7111 rev 0x01) at PCI slot 0000:00:07.1
[ 3.087860] PIIX4: not 100% native mode: will probe irqs later
[ 3.087881] ide0: BM-DMA at 0xffa0-0xffa7
[ 3.087899] ide1: BM-DMA at 0xffa8-0xffaf
[ 3.087911] Probing IDE interface ide0...
[ 3.204905] usbcore: registered new interface driver usbfs
[ 3.204905] usbcore: registered new interface driver hub
[ 3.204905] Linux Tulip driver version 1.1.15-NAPI (Feb 27, 2007)
[ 3.207197] usbcore: registered new device driver usb
[ 3.218101] 8139cp: 10/100 PCI Ethernet driver v1.3 (Mar 22, 2004)
[ 3.231794] USB Universal Host Controller Interface driver v3.0
[ 3.389469] hda: WDC WD200BB-60CVB0, ATA DISK drive
[ 3.725308] hda: host max PIO4 wanted PIO255(auto-tune) selected PIO4
[ 3.726178] hda: UDMA/33 mode selected
[ 3.727069] Probing IDE interface ide1...
[ 4.459970] hdc: LTN486S, ATAPI CD/DVD-ROM drive
[ 4.795793] hdc: host max PIO4 wanted PIO255(auto-tune) selected PIO4
[ 4.795878] hdc: MWDMA2 mode selected
[ 4.796042] ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
[ 4.796126] ide1 at 0x170-0x177,0x376 on irq 15
[ 4.801573] PCI: No IRQ known for interrupt pin D of device 0000:00:07.2. Probably buggy MP table.
[ 4.801573] uhci_hcd 0000:00:07.2: Found HC with no IRQ. Check BIOS/PCI 0000:00:07.2 setup!
[ 4.801573] uhci_hcd 0000:00:07.2: init 0000:00:07.2 fail, -19
[ 4.806966] tulip0: EEPROM default media type Autosense.
[ 4.806978] tulip0: Index #0 - Media 10baseT (#0) described by a 21142 Serial PHY (2) block.
[ 4.806988] tulip0: Index #1 - Media 10baseT-FDX (#4) described by a 21142 Serial PHY (2) block.
[ 4.806998] tulip0: Index #2 - Media 100baseTx (#3) described by a 21143 SYM PHY (4) block.
[ 4.807007] tulip0: Index #3 - Media 100baseTx-FDX (#5) described by a 21143 SYM PHY (4) block.
[ 4.813428] eth0: Digital DS21142/43 Tulip rev 65 at Port 0xec00, 00:10:6f:02:39:a5, IRQ 19.
[ 4.813672] 8139cp 0000:00:12.0: This (id 10ec:8139 rev 10) is not an 8139C+ compatible chip
[ 4.813672] 8139cp 0000:00:12.0: Try the "8139too" driver instead.
[ 4.814022] 8139cp 0000:00:14.0: This (id 10ec:8139 rev 10) is not an 8139C+ compatible chip
[ 4.814022] 8139cp 0000:00:14.0: Try the "8139too" driver instead.
[ 4.821628] 8139too Fast Ethernet driver 0.9.28
[ 4.825619] eth1: RealTek RTL8139 at 0xe400, 00:02:44:52:fe:db, IRQ 19
[ 4.825619] eth1: Identified 8139 chip type 'RTL-8100B/8139D'
[ 4.825619] eth2: RealTek RTL8139 at 0xe800, 00:10:a7:05:2d:47, IRQ 17
[ 4.825619] eth2: Identified 8139 chip type 'RTL-8139B'
[ 4.873461] libata version 3.00 loaded.
[ 4.921469] hda: max request size: 128KiB
[ 5.071451] hda: 39102336 sectors (20020 MB) w/2048KiB Cache, CHS=38792/16/63
[ 5.071467] hda: cache flushes not supported
[ 5.071591] hda: hda1 hda2 < hda5 >
[ 5.100779] hdc: ATAPI 48X CD-ROM drive, 120kB Cache
[ 5.100797] Uniform CD-ROM driver Revision: 3.20
[ 5.365144] PM: Starting manual resume from disk
[ 5.437127] kjournald starting. Commit interval 5 seconds
[ 5.439392] EXT3-fs: mounted filesystem with ordered data mode.
[ 7.236350] udevd version 125 started
[ 8.694499] piix4_smbus 0000:00:07.3: Found 0000:00:07.3 device
[ 8.747037] input: PC Speaker as /class/input/input0
[ 8.790654] Linux agpgart interface v0.103
[ 8.812446] pci_hotplug: PCI Hot Plug PCI Core version: 0.5
[ 8.823500] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[ 8.854313] agpgart: Detected an Intel 440GX Chipset.
[ 8.855524] agpgart: AGP aperture is 4M @ 0xff400000
[ 9.105092] Error: Driver 'pcspkr' is already registered, aborting...
[ 10.237029] Adding 859436k swap on /dev/hda5. Priority:-1 extents:1 across:859436k
[ 10.730556] EXT3 FS on hda1, internal journal
[ 11.265684] loop: module loaded
[ 12.405260] Bridge firewalling registered
[ 12.405933] br0: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature.
[ 12.442272] device eth0 entered promiscuous mode
[ 12.452622] device eth1 entered promiscuous mode
[ 12.464290] eth1: link up, 100Mbps, full-duplex, lpa 0x45E1
[ 12.470077] device eth2 entered promiscuous mode
[ 12.473542] eth2: link up, 100Mbps, full-duplex, lpa 0x45E1
[ 12.484789] br0: port 3(eth2) entering learning state
[ 12.484805] br0: port 2(eth1) entering learning state
[ 12.484813] br0: port 1(eth0) entering learning state
[ 27.482386] br0: topology change detected, propagating
[ 27.482401] br0: port 3(eth2) entering forwarding state
[ 27.482408] br0: topology change detected, propagating
[ 27.482415] br0: port 2(eth1) entering forwarding state
[ 27.482422] br0: topology change detected, propagating
[ 27.482429] br0: port 1(eth0) entering forwarding state
[ 30.263769] NET: Registered protocol family 10
[ 30.264660] lo: Disabled Privacy Extensions
[ 40.325400] eth2: no IPv6 routers present
[ 40.502205] eth0: no IPv6 routers present
[ 41.033747] eth1: no IPv6 routers present
[ 41.126277] br0: no IPv6 routers present
** Loaded modules:
Module Size Used by
ipv6 235300 25
bridge 40024 0
loop 12748 0
evdev 8000 0
snd_pcm 62596 0
snd_timer 17800 1 snd_pcm
snd 45604 2 snd_pcm,snd_timer
soundcore 6368 1 snd
snd_page_alloc 7816 1 snd_pcm
intel_agp 22332 1
shpchp 25528 0
pci_hotplug 23460 1 shpchp
agpgart 28776 1 intel_agp
pcspkr 2432 0
i2c_piix4 7216 0
i2c_core 19828 1 i2c_piix4
ext3 105512 1
jbd 39444 1 ext3
mbcache 7108 1 ext3
ide_cd_mod 27652 0
cdrom 30176 1 ide_cd_mod
ide_disk 10496 3
ata_generic 4676 0
libata 140384 1 ata_generic
dock 8304 1 libata
8139too 20320 0
ide_pci_generic 3908 0 [permanent]
uhci_hcd 18672 0
8139cp 16800 0
mii 4896 2 8139too,8139cp
tulip 44064 0
usbcore 118160 2 uhci_hcd
piix 6568 0 [permanent]
ide_core 96168 4 ide_cd_mod,ide_disk,ide_pci_generic,piix
aic7xxx 117592 0
scsi_transport_spi 19840 1 aic7xxx
scsi_mod 129356 3 libata,aic7xxx,scsi_transport_spi
thermal_sys 10856 0
** PCI devices:
not available
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages linux-image-2.6.26-1-686 depends on:
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii initramfs-tools [linux-initra 0.92o tools for generating an initramfs
ii module-init-tools 3.4-1 tools for managing Linux kernel mo
Versions of packages linux-image-2.6.26-1-686 recommends:
ii libc6-i686 2.7-18 GNU C Library: Shared libraries [i
Versions of packages linux-image-2.6.26-1-686 suggests:
ii grub 0.97-47lenny2 GRand Unified Bootloader (Legacy v
pn linux-doc-2.6.26 <none> (no description available)
-- debconf information:
linux-image-2.6.26-1-686/preinst/abort-overwrite-2.6.26-1-686:
shared/kernel-image/really-run-bootloader: true
linux-image-2.6.26-1-686/postinst/bootloader-error-2.6.26-1-686:
linux-image-2.6.26-1-686/postinst/depmod-error-initrd-2.6.26-1-686: false
linux-image-2.6.26-1-686/prerm/removing-running-kernel-2.6.26-1-686: true
linux-image-2.6.26-1-686/postinst/old-system-map-link-2.6.26-1-686: true
linux-image-2.6.26-1-686/preinst/abort-install-2.6.26-1-686:
linux-image-2.6.26-1-686/preinst/lilo-has-ramdisk:
linux-image-2.6.26-1-686/preinst/bootloader-initrd-2.6.26-1-686: true
linux-image-2.6.26-1-686/prerm/would-invalidate-boot-loader-2.6.26-1-686: true
linux-image-2.6.26-1-686/preinst/elilo-initrd-2.6.26-1-686: true
linux-image-2.6.26-1-686/postinst/kimage-is-a-directory:
linux-image-2.6.26-1-686/postinst/old-dir-initrd-link-2.6.26-1-686: true
linux-image-2.6.26-1-686/postinst/create-kimage-link-2.6.26-1-686: true
linux-image-2.6.26-1-686/preinst/lilo-initrd-2.6.26-1-686: true
linux-image-2.6.26-1-686/postinst/old-initrd-link-2.6.26-1-686: true
linux-image-2.6.26-1-686/preinst/overwriting-modules-2.6.26-1-686: true
linux-image-2.6.26-1-686/postinst/depmod-error-2.6.26-1-686: false
linux-image-2.6.26-1-686/postinst/bootloader-test-error-2.6.26-1-686:
linux-image-2.6.26-1-686/preinst/failed-to-move-modules-2.6.26-1-686:
linux-image-2.6.26-1-686/preinst/initrd-2.6.26-1-686:
--- End Message ---
--- Begin Message ---
- To: 520667-done@bugs.debian.org
- Cc: Olaf van der Spek <OlafvdSpek@GMail.Com>
- Subject: Re: linux-image-2.6.26-1-686: No warning when half-open TCP queue is full
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Sat, 10 Jul 2010 15:03:00 +0200
- Message-id: <20100710130257.GA4654@galadriel.inutil.org>
- In-reply-to: <20100225180939.GA3724@galadriel.inutil.org>
- References: <20090321184736.2946.91278.reportbug@router> <20100225180939.GA3724@galadriel.inutil.org>
On Thu, Feb 25, 2010 at 07:09:39PM +0100, Moritz Muehlenhoff wrote:
> On Sat, Mar 21, 2009 at 07:47:36PM +0100, Olaf van der Spek wrote:
> > Package: linux-image-2.6.26-1-686
> > Version: 2.6.26-13lenny2
> > Severity: normal
> >
> > Hi,
> >
> > When the half-open TCP connection queue is full and syn cookies are enabled, you get a message like "kernel: possible SYN flooding on port 2710. Sending cookies."
> > However when syn cookies are disabled, you don't get any message (in kern.log), although connections to your server are timing out.
> > Could such a message be added?
> > Maybe with a suggestion to increase the size of that queue or to enable syn cookies.
>
> That should be discussed with the upstream developers, the Debian BTS is not
> the best way to change this. You can reach them at linux-net@vger.kernel.org
Closing.
Cheers,
Moritz
--- End Message ---