Re: question about linux tcp request queue handling

From: Paul Albrecht (
Date: Mon Jul 07 2003 - 23:14:48 EST

Andi Kleen writes:

> The 4.4BSD-Lite code described in Stevens is long outdated.

I was referring to volume one subtitled: "The Protocols." It doesn't
describe implementation and the examples are not limited to bsd-lite.

>All modern BSDs (and probably most other Unixes too) do it in a similar way
to what
> Nivedita described.

Linux doesn't operate in the manner Nivedita describes ... the tcp layer on
the server side moves to the syn_recd state, but doesn't accept the ack back
from client. Instead it times out and sends its syn/ack back to the client
and again ignores the client's ack, ... Eventually, either there's room on
backlog queue and the server side moves to the established state or the
server side stops resending the its syn/ack. This doesn't seem to make much
sense. If the tcp layer can send the syn/ack it seems like it should
probably respond to the client's ack.

>The keywords are "syn flood attack" and "DoS".

I'd be interested in a more specific reference detailing the changes
required to the listen syscall as a consequence of the changes required for
avoidance of syn flood attacks. Thanks.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Jul 07 2003 - 22:00:31 EST