[4257] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Eric Schenk)
Sat Aug 31 15:33:20 1996
To: Speed Racer <shagboy@dns.bluesky.net>
cc: linux-net@vger.rutgers.edu
In-reply-to: Your message of "Sat, 31 Aug 1996 15:08:44 EDT."
<Pine.SUN.3.95.960831150726.4627A-100000@dns.bluesky.net>
Date: Sat, 31 Aug 1996 15:21:26 -0400
From: "Eric Schenk" <schenk@cs.toronto.edu>
Speed Racer <shagboy@dns.bluesky.net> writes:
>On Thu, 29 Aug 1996, Eric Schenk wrote:
>
>> I've been checking through the RFC's and it appears that we can use a
>> seperate set of timeouts for the initial establishment of the connection,
>> as opposed to timeouts for estalbished connections. Currently we only use
>> a seperate timeout for connections initiated by the local box. Even then,
>> this timeout is perhaps a bit long, somewhere around the 13 minute mark
>> in 2.0.x. BSD uses a 75 second timeout for this, but this is perhaps
>> a bit short, especially for on-demand links over a busy phone line.
>
>How about we make it easy to change in a header file somewhere? It
>doesn't have to be an option for "make config", just something like
>#define SYN_TIMEOUT 600 /* timeout in seconds */
>
>Would this be acceptable?
We already do this, except we only do this for outgoing connections,
not incoming connections, and the time is set in the number
of retransmits before failure, which as I mentioned in another post
only gives you times of the form:
sum i=1..n min(3^i,120), for n >= 1
I have a patch that fixes things so that we do the same timeouts
on incoming as well as outgoing connections. I'm planning to send
this to Linus sometime on the weekend, along with a few other things.
All in all though, I like Ted's suggestion of making this run time
settable through the sysctrl interface.
-- eric
