[4241] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Eric Schenk)
Fri Aug 30 18:13:32 1996
To: "Theodore Y. Ts'o" <tytso@mit.edu>
cc: linux-net@vger.rutgers.edu
In-reply-to: Your message of "Fri, 30 Aug 1996 13:49:42 EDT."
<9608301749.AA26556@dcl.MIT.EDU>
Date: Fri, 30 Aug 1996 13:57:47 -0400
From: "Eric Schenk" <schenk@cs.toronto.edu>
"Theodore Y. Ts'o" <tytso@MIT.EDU> writes:
> Date: Thu, 29 Aug 1996 14:47:47 -0400
> From: "Eric Schenk" <schenk@cs.toronto.edu>
>
> I've been checking through the RFC's and it appears that we can use a
> seperate set of timeouts for the initial establishment of the connection,
> as opposed to timeouts for estalbished connections. Currently we only use
> a seperate timeout for connections initiated by the local box. Even then,
> this timeout is perhaps a bit long, somewhere around the 13 minute mark
> in 2.0.x. BSD uses a 75 second timeout for this, but this is perhaps
> a bit short, especially for on-demand links over a busy phone line.
>
>Why not make this a run-time configurable option, via the sysctl
>interface? If you have a direct connection to the internet, then you'll
>want a different timeout than if you're doing on-demand links. In fact,
>probably the right thing to do is to set up the defaults for a direct
>connection to the internet, and have the daemon which does the on-demand
>dialing to set the timeout if the link is down, and change the tiemout
>to something else once the link is up.....
Yes, this is probably the right way to do things. I'm not sure if a
sysctl patch is the "right thing" for the 2.0.x series, but certainly
it is for the 2.1.x serires. I'll look at this on the weekend, maybe
if the change is small enough Linus will take it for 2.0.x as well.
If not, maybe I'll try and make a seperate patch available.
There is a slight complication since currently the timeout is
implemented as a retransmission counter, so you can't actually pick
just any timeout, in fact, you can only get times of the form
sum i=1..n min(3^i,120)
for different values of n. It is probably a good idea for 2.1.x to make
this a real timeout, rather than a retransmission count, expecially since
the retransmission count leads to a variable timeout on real links,
depending on the speed of the underlying medium.
-- eric
---------------------------------------------------------------------------
Eric Schenk www: http://www.cs.toronto.edu/~schenk
Department of Computer Science email: schenk@cs.toronto.edu
University of Toronto
