Re: Maximum sockets & a SYN question

• Next message: John Newman: "memory tester and BP6 problems"
• Previous message: Keith Owens: "Re: SCSI emulation module unload problem."
• In reply to: Alan Cox: "Re: Maximum sockets & a SYN question"
• Next in thread: Stephen C. Tweedie: "Re: Maximum sockets & a SYN question"
• Reply: Stephen C. Tweedie: "Re: Maximum sockets & a SYN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 10 Mar 2000, Alan Cox wrote:

> > How many tcp sockets (outgoing and incoming) can a process create/manage?
>
> How much memory do you have ?
>

1 gig.
 
> >From about 2.2.12 onwards the default is 1024 file descriptors per process
> configurable via /proc/sys and rlimit to higher values.
>
> Your real constraints are more likely to be the scalability of poll() if
> it is using poll/select [poll scales better than select in 2.2.x] and the
> memory footprint per socket (reckon on 64K of system resources average
> per socket - its a bit high but armwaving is best done upwards not downwards)
>

So, assuming that we raise the file descriptors to an appropriate number,
we could theoretically hold 8000 sockets in 500 megs of memory? At what
point does poll() start getting dicey?
 
> > Is there a way to adjust the amount of time an un-ACKed SYN will remain in
> > the queue to be processed?
>
> With syn cookies that is a meaningless question. When syn cookies kick in the
> following occurs:
>
> The received syn frame is processed.
> If the frame is valid a cookie is constructed holding the state
<mini-snip>
> throw away the PAWS, SACK and time stamping features on such connections as well
> as using a limited range of MSS values.
>

Hmmmm....we did some testing by syn-flooding my workstation with and
without syn-cookies, and while the number of incoming syn_recv was much
higher without syn_cookies enabled, we still saw (using netstat -na) a
steadily higher number of incoming syn_recvs. Is this normal? We assumed
that because of that, the syn_cookies were not completely working (or
aren't a panacea for syn flooding). Based on your description, it would
seem that it would stop flooding in its tracks. Perhaps there was a
problem in our admittedly un-scientific test.

Thanks,
Matt Zito

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: John Newman: "memory tester and BP6 problems"
• Previous message: Keith Owens: "Re: SCSI emulation module unload problem."
• In reply to: Alan Cox: "Re: Maximum sockets & a SYN question"
• Next in thread: Stephen C. Tweedie: "Re: Maximum sockets & a SYN question"
• Reply: Stephen C. Tweedie: "Re: Maximum sockets & a SYN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:17 EST