| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 09 Sep 2018 01:14:29 +0000 From: Ttttabcd <ttttabcd@...tonmail.com> To: Neal Cardwell <ncardwell@...gle.com> Cc: Netdev <netdev@...r.kernel.org> Subject: Re: Why not use all the syn queues? in the function "tcp_conn_request", I have some questions. Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, 9 September 2018 02:24, Neal Cardwell <ncardwell@...gle.com> wrote: > By default, and essentially always in practice (AFAIK), Linux > installations enable syncookies. With syncookies, there is essentially > no limit on the syn queue, or number of incomplete passive connections > (as the man page you quoted notes). So in practice the listen() > parameter usually controls only the accept queue. > > > That discussion pertains to a code path that is relevant if syncookies > are disabled, which is very uncommon (see above). > Yes, when I tested, I disabled syncookies. I want to know how the kernel will handle syn attacks if syncookies are disabled. > Keep in mind that the semantics of the listen() argument and the > /proc/sys/net/ipv4/tcp_max_syn_backlog sysctl knob, as described in > the man page, are part of the Linux kernel's user-visible API. So, in > essence, they cannot be changed. Changing the semantics of system > calls and sysctl knobs breaks applications and system configuration > scripts. :-) So, as you said Is there a historical issue with two variables controlling the syn queue?
Powered by blists - more mailing lists