Hi, Wang Jian,
Here is a compare on the site which have this LAST_ACK problem.
The fist number is the established connection and the second one is
the conection is the LAST_ACK stage.
[root@cl /root]# netstat -n|grep EST|wc -l;netstat -n|grep ACK|wc -l
45
137
[root@cl /root]# netstat -n|grep EST|wc -l;netstat -n|grep ACK|wc -l
43
264
[root@cl /root]# netstat -n|grep EST|wc -l;netstat -n|grep ACK|wc -l
47
740
It is in about 1 min,LAST_ACK keep on growing very fast.
[root@cl /root]# echo 1 > /proc/sys/net/ipv4/tcp_last_ack_retries
[root@cl /root]# netstat -n|grep EST|wc -l;netstat -n|grep ACK|wc -l
61
98
[root@cl /root]# netstat -n|grep EST|wc -l;netstat -n|grep ACK|wc -l
58
82
After enable the tcp_last_ack_retries, the number of LAST_ACT connection
seems being controled.
Regards,
Christopher Li
On Sun, 9 Apr 2000, Wang Jian wrote:
> Hello all,
>
> The attachment is a patch to fix DoS effect on a large smtp server, I
> think it is useful so I post it here.
>
> It seems that this problem has been discussed a few times in kernel
> list and networking list but no cure is made.
>
> The LAST_ACK DoS is something like blocking server with thousands of
> sockets left in LAST_ACK state.
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Apr 15 2000 - 21:00:12 EST