Summary ndd /dev/tcp tcp_conn_req_max_q

From: clifford thurber (cliffordt@raremedium.com)
Date: Thu Oct 14 1999 - 15:58:09 CDT


Hello,
Sorry for the direct cut and paste summary but this is pretty much it in a
nutshell. This is documented in Sun Expert issue 6 I believe.

tcp_conn_req_max [is] replaced. This value is well-known as it normally
needs to be increased for Web servers in older releases of Solaris 2. It no
longer exists in Solaris 2.6, and patch 103582-12 adds this feature to
Solaris 2.5.1. The change is part of a fix that prevents denial of service
from SYN flood attacks. There are now two separate queues of partially
complete connections instead of one.

tcp_conn_req_max_q0 is the maximum number of connections with handshake
incomplete. A SYN flood attack could only affect this queue, and a special
algorithm makes sure that valid connections can still get through.

tcp_conn_req_max_q is the maximum number of completed connections waiting to
return from an accept call as soon as the right process gets some CPU time.

Thanks to all who replied.
Clifford



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:29 CDT