* syncookies load testing
@ 2013-05-14 1:15 Alex Flex
2013-05-14 1:24 ` Alex Flex
0 siblings, 1 reply; 2+ messages in thread
From: Alex Flex @ 2013-05-14 1:15 UTC (permalink / raw)
To: netfilter
Hello Netfilter,
As some of you may know iam doing some work with syn cookies in my LAN..
Id like to understand the process better which is why i have a few
questions:
Assume the system has conntrack off.
a.) I noticed that while creating a synflood with syn cookies enabled
VRS syn cookies disabled the output of netstat remains exactly the same
(even on different hardware architecture) ... :
[root@cl-t055-211cl ~]# netstat -nat | awk '{print $6}' | sort | uniq -c
| sort -n
[...]
256 SYN_RECV
Could anybody explain to me why this is so?
b.) From my understanding the syn back log is the memory of half open
connections, could anybody tell me what effect this has on syn cookies?
and if there is anyway to monitor its usage?
Thanks
Alex
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: syncookies load testing
2013-05-14 1:15 syncookies load testing Alex Flex
@ 2013-05-14 1:24 ` Alex Flex
0 siblings, 0 replies; 2+ messages in thread
From: Alex Flex @ 2013-05-14 1:24 UTC (permalink / raw)
To: netfilter
Oh and one other thing i was wondering,
In regards to the sysctl variable: net.ipv4.tcp_synack_retries... Would
anybody know if tweaking this have any effect over the behaviour when
syncookies are being sent? Are there syn ack replies as well?
Thanks
Alex
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-05-14 1:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-14 1:15 syncookies load testing Alex Flex
2013-05-14 1:24 ` Alex Flex
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox