| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Dec 2014 07:18:21 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Ulrich Windl <Ulrich.Windl@...uni-regensburg.de> Cc: netdev@...r.kernel.org Subject: Re: Q: need effective backlog for listen() On Mon, 2014-12-08 at 13:51 +0100, Ulrich Windl wrote: > (not subscribed to the list, plese keep me on CC:) > > Hi! > > I have a problem I could not find the answer. I suspect the problem > arises from Linux derivating from standard functionality... > > I have written a server that should accept n TCP connections at most. > I was expecting that the backlog parameter of listen will cause extra > connection requests either > 1) to be refused > or > 2) to time out eventually > > (The standard seems to say that extra connections are refused) > > However none of the above see ms true. Even if my server delays > accept()ing new connections, no client ever sees a "connection > refused" or "connection timed out". Is there any chance to signal the > client that no more connections are accepted at the moment? This 'standard' makes no sense to me, in light of SYNFLOOD attacks. It actually makes SYNFLOOD attacks very effective. Have you tried to disable syncookies for a start ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists