Hi ,
How to get access to min kenel git as i need to add some patches for reviews.
Bhagaban
On Sat, Nov 8, 2014 at 10:30 PM, <kernelnewbies-request@xxxxxxxxxxxxxxxxx> wrote:
Send Kernelnewbies mailing list submissions to
kernelnewbies@xxxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
or, via email, send a message with subject or body 'help' to
kernelnewbies-request@xxxxxxxxxxxxxxxxx
You can reach the person managing the list at
kernelnewbies-owner@xxxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Kernelnewbies digest..."
Today's Topics:
1. Re: Eudyptula challenge status (Drew Fustini)
2. RE: lots of connections in SYN_RECV state (Puneet Agarwal)
3. Re: lots of connections in SYN_RECV state
(Valdis.Kletnieks@xxxxxx)
4. Re: lots of connections in SYN_RECV state (Dave Tian)
5. RE: lots of connections in SYN_RECV state (Puneet Agarwal)
----------------------------------------------------------------------
Message: 1
Date: Fri, 7 Nov 2014 11:04:28 -0600
From: Drew Fustini <pdp7pdp7@xxxxxxxxx>
Subject: Re: Eudyptula challenge status
To: Dan <qsdconsulting@xxxxxxxxx>
Cc: kernelnewbies <kernelnewbies@xxxxxxxxxxxxxxxxx>
Message-ID:
<CAEf4M_B6W3GJ8P_ShhpoL8QqtGEZ7h18p92BxuH0foQOQYj2Wg@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8
Yup, I submitted my current task 4 weeks ago, sent a note last week,
and got reply the next day (Nov 1) with same sentiment: relax -
everything is ok, it's a slow process, and it's not a race.
On Tue, Nov 4, 2014 at 8:59 PM, Dan <qsdconsulting@xxxxxxxxx> wrote:
> Ramon Fried <ramon.fried <at> tandemg.com> writes:
>
>>
>>
>> Hey all.
>> Tasks are pending for a long time. Anyone has Info regarding the queue?
>> Thanks.
>> Ramon
>>
>>
>> _______________________________________________
>> Kernelnewbies mailing list
>> Kernelnewbies <at> kernelnewbies.org
>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>>
>
>
> I've been on challenge 5 for about a month and a half. I sent him a follow
> up email a few weeks ago and he replied "Relax, things are slow, there's no
> rush..."
>
> His response times before that were usually less than 2 days.
>
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@xxxxxxxxxxxxxxxxx
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
------------------------------
Message: 2
Date: Fri, 7 Nov 2014 23:11:26 +0530
From: Puneet Agarwal <puneet.agr@xxxxxxxxxxx>
Subject: RE: lots of connections in SYN_RECV state
To: Dave Tian <dave.jing.tian@xxxxxxxxx>, Silvan Jegen
<me@xxxxxxxxxxx>
Cc: "kernelnewbies@xxxxxxxxxxxxxxxxx"
<kernelnewbies@xxxxxxxxxxxxxxxxx>
Message-ID: <SNT153-W7011B59E54B5FD99A3604699850@xxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
I use linux kernel 2.6. I have enabled SYN cookies already. But that does not seem to solve the problem. Overall request latency is very high with these many half open connections.
Thanks and Regards
Puneet
----------------------------------------
> Subject: Re: lots of connections in SYN_RECV state
> From: dave.jing.tian@xxxxxxxxx
> Date: Fri, 7 Nov 2014 23:49:35 +0800
> CC: puneet.agr@xxxxxxxxxxx; kernelnewbies@xxxxxxxxxxxxxxxxx
> To: me@xxxxxxxxxxx
>
> Latest kernel provides a TCP SYN Cookie feature to defense from SYN flooding.
>
> -daveti
>
>
>> On Nov 6, 2014, at 11:58 PM, Silvan Jegen <me@xxxxxxxxxxx> wrote:
>>
>> 2014-11-06 16:15,Puneet Agarwal:
>>> Is there a way to check the reason, why they do not answer to the
>>> SYN-ACK's?
>>
>> I don't think so. After all, they just don't answer and they won't tell
>> you why (AFAIK there is no way to ask them why either)...
>>
>> You could try to check for patterns in the incoming IP addresses to see
>> from how many different places these connections are being made. I think
>> that way it should be possible to figure out from which geographic
>> location these problematic connections are coming from as well. What you
>> would do with these findings I am not sure though.
>>
>> If these connection negatively impact the performance of your servers
>> you should definitely look into to countermeasures mentioned in the RFC
>> here.
>>
>> http://tools.ietf.org/html/rfc4987
>>
>>
>> _______________________________________________
>> Kernelnewbies mailing list
>> Kernelnewbies@xxxxxxxxxxxxxxxxx
>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
------------------------------
Message: 3
Date: Fri, 07 Nov 2014 13:10:05 -0500
From: Valdis.Kletnieks@xxxxxx
Subject: Re: lots of connections in SYN_RECV state
To: Puneet Agarwal <puneet.agr@xxxxxxxxxxx>
Cc: Dave Tian <dave.jing.tian@xxxxxxxxx>, Silvan Jegen
<me@xxxxxxxxxxx>, "kernelnewbies@xxxxxxxxxxxxxxxxx"
<kernelnewbies@xxxxxxxxxxxxxxxxx>
Message-ID: <9736.1415383805@xxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"
On Fri, 07 Nov 2014 23:11:26 +0530, Puneet Agarwal said:
> I use linux kernel 2.6. I have enabled SYN cookies already. But that does not
> seem to solve the problem. Overall request latency is very high with these many
> half open connections.
So, out of curiosity, where are all these half open connections coming
from? Are they from addresses in your local network? Outside sites that
*should* be connecting? Places you've never heard and and probably *shouldn't*
be connecting?
(Also, if you have properly implemented syncookies, you shouldn't *have* any
half-open connections. That's the whole point of syncookies....)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20141107/85f1f4aa/attachment-0001.bin
------------------------------
Message: 4
Date: Sat, 8 Nov 2014 07:48:14 +0800
From: Dave Tian <dave.jing.tian@xxxxxxxxx>
Subject: Re: lots of connections in SYN_RECV state
To: Valdis.Kletnieks@xxxxxx
Cc: Puneet Agarwal <puneet.agr@xxxxxxxxxxx>, Silvan Jegen
<me@xxxxxxxxxxx>, kernelnewbies@xxxxxxxxxxxxxxxxx
Message-ID: <3C9C05E5-9B76-4C85-ABB5-D6A9D345E871@xxxxxxxxx>
Content-Type: text/plain; charset=utf-8
Oops, my bad. I remember seeing sth on LWN for the 3.x kernel talking about a new feature related with TCP SYN. Thought this pretty old stuff was the one?
-daveti
> On Nov 8, 2014, at 12:58 AM, Valdis.Kletnieks@xxxxxx wrote:
>
> On Fri, 07 Nov 2014 23:49:35 +0800, Dave Tian said:
>> Latest kernel provides a TCP SYN Cookie feature to defense from SYN flooding.
>
> If by "latest" you mean "since Andi Kleen submitted a patch for 2.1.44",
> back in July 1997....
------------------------------
Message: 5
Date: Sat, 8 Nov 2014 07:35:30 +0530
From: Puneet Agarwal <puneet.agr@xxxxxxxxxxx>
Subject: RE: lots of connections in SYN_RECV state
To: "Valdis.Kletnieks@xxxxxx" <valdis.kletnieks@xxxxxx>
Cc: Dave Tian <dave.jing.tian@xxxxxxxxx>, Silvan Jegen
<me@xxxxxxxxxxx>, "kernelnewbies@xxxxxxxxxxxxxxxxx"
<kernelnewbies@xxxxxxxxxxxxxxxxx>
Message-ID: <SNT153-W6599D6BF8CD3550AB9FB9899820@xxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
These connections are from outside the network, and the IP's are legitimate ones which should be connecting.
I don't know whether the IP's which I could see are the real ones or spoofed ones.
sysctl -a says
net.ipv4.tcp_syncookies = 1
cat /proc/sys/net/ipv4/tcp_syncookies also gives 1
Isn't this sufficient to enable syncookies?
Thanks and Regards
Puneet
----------------------------------------
> To: puneet.agr@xxxxxxxxxxx
> CC: dave.jing.tian@xxxxxxxxx; me@xxxxxxxxxxx; kernelnewbies@xxxxxxxxxxxxxxxxx
> Subject: Re: lots of connections in SYN_RECV state
> From: Valdis.Kletnieks@xxxxxx
> Date: Fri, 7 Nov 2014 13:10:05 -0500
>
> On Fri, 07 Nov 2014 23:11:26 +0530, Puneet Agarwal said:
>
>> I use linux kernel 2.6. I have enabled SYN cookies already. But that does not
>> seem to solve the problem. Overall request latency is very high with these many
>> half open connections.
>
> So, out of curiosity, where are all these half open connections coming
> from? Are they from addresses in your local network? Outside sites that
> *should* be connecting? Places you've never heard and and probably *shouldn't*
> be connecting?
>
> (Also, if you have properly implemented syncookies, you shouldn't *have* any
> half-open connections. That's the whole point of syncookies....)
>
------------------------------
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
End of Kernelnewbies Digest, Vol 48, Issue 10
*********************************************
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
