These connections are from outside the network, and the IP's are legitimate ones which should be connecting. I don't know whether the IP's which I could see are the real ones or spoofed ones. sysctl -a says net.ipv4.tcp_syncookies = 1 cat /proc/sys/net/ipv4/tcp_syncookies also gives 1 Isn't this sufficient to enable syncookies? Thanks and Regards Puneet ---------------------------------------- > To: puneet.agr@xxxxxxxxxxx > CC: dave.jing.tian@xxxxxxxxx; me@xxxxxxxxxxx; kernelnewbies@xxxxxxxxxxxxxxxxx > Subject: Re: lots of connections in SYN_RECV state > From: Valdis.Kletnieks@xxxxxx > Date: Fri, 7 Nov 2014 13:10:05 -0500 > > On Fri, 07 Nov 2014 23:11:26 +0530, Puneet Agarwal said: > >> I use linux kernel 2.6. I have enabled SYN cookies already. But that does not >> seem to solve the problem. Overall request latency is very high with these many >> half open connections. > > So, out of curiosity, where are all these half open connections coming > from? Are they from addresses in your local network? Outside sites that > *should* be connecting? Places you've never heard and and probably *shouldn't* > be connecting? > > (Also, if you have properly implemented syncookies, you shouldn't *have* any > half-open connections. That's the whole point of syncookies....) > _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
