Re: multinet - syn flood
- From: rejoc <rejoc@xxxxxxxxxxx>
- Date: Mon, 09 Oct 2006 19:03:08 +0200
mckinneyj@xxxxxxxx a écrit :
rejoc wrote:As I have no access to the code and the server is not defined via multinet server-config, I'll change the value of somaxconn.Multinet V4.4 A-X, VMS AXP 7.3-2
Suppose there are clients, trying to connect to the VMS/multinet system
by initiating a socket connection with a SYN but not going further.
On the VMS side, we can see these sockets in a SYN_RCVD state.
As far as I understand, as soon as there are as many such sockets as
"backlog", no more connections can be setup on that particular IP port.
The process listening on the port is not declared through the multinet
conf/serv mechanisms but the process starts at boot time and declares
itself to multinet and listens to a particular port. How can I increase
the backlog parameter in this case ? (I have no access the the sources)
What is the value of the timeout for sockets in the SYN_RCVD state. Can
it be changed (lowered) ?
By default, connections in a SYN_RCVD state will timeout after 75
seconds. This value is defined by the kernel parameter TCP_CONNINIT.
$ mu set/kernel TCP_CONNINIT
Parameter tcp_conninit (0x86DE4B50), Value = 150
The parameter is global and affects both incoming and outgoing
connections (so be careful if you choose to lower it as you may find
that you have problems establishing some wanted connections). The value
is in half-second units. You may change it as follows.
$ mu set/kernel TCP_CONNINIT 120
Parameter tcp_conninit (0x86DE4B50), Old Value = 150, New Value = 120
BACKLOG is not a global parameter. It is established for each
individual service. You don't say exactly how the listener is
configured - if it is a service defined via MultiNet's SERVER-CONFIG
utility you can increase the backlog simply by
$ mu conf/serv
SERVER-CONFIG> select YOUR-SERVER
SERVER-CONFIG> set backlog NNN
and restart either the MULTINET_SERVER or your server if it is
You might also want to consider the value of the MultiNet kernel
variable SOMAXCONN. It controls the number of concurrent permissible
connections in an embryonic state on a per port basis.
If you're not using the MULTINET_SERVER to field your connection
requests then you would have to control backlog and max connections in
your server application's code.
Regarding embryonic state of the connctions, is the "embryonic TCP connections dropped" counter incremented only when a SYN_RCVD connection times-out ?
Thanks for your help.
- Prev by Date: Re: OT: Babylon-5 (was Heads up: La Fiorina's book coming out nextweek)
- Next by Date: Re: OT: Babylon-5 (was Heads up: La Fiorina's book coming out next week)
- Previous by thread: Re: multinet - syn flood
- Next by thread: Re: multinet - syn flood