Tuning TCP and SYN backlog queue size Hi! I am trying some experiment related to handling a TCP SYN flooding. I use one computer to flood a second one, wishing it could handle a maximum of requests. Thus, I tried to tune the TCP parameters (such as tcp_max_backlog_size, tcp_max_rmem, etc.) as I have seen in several guides like the TCP Tuning Guide (http://www-didc.lbl.gov/TCP-tuning/TCP-tuning.html). Still, while my backlog queue size is configured to receive up to 2048 messages, in practice it blocks at 1537 packets (the number seems precise), which is also 82998 kbytes as my SYN packets are 54 byte long. Then, I get NET: xxxx messages suppressed. For example, out of 20000 packets sent in 10s, I get 14877 messages suppressed. (Note, as the SYN requests stay only 9s in my backlog queue, the figures do not even fit: 20*1537/9=3415 packets, so 1707 packets have not been dropped but did not get in the backlog queue neither!?) At the same time, I can make a ping -f without loosing a single packet. Does anyone have some explications about that? How can I increase the SYN backlog size at the maximum of the capacities of my host? Thanks in advance for any help, Emmanuel - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
