On Mon, 14 Sep 1998, Marc Slemko wrote:

: > Actually, yes.  I have in my repertoire an underpowered box who really needs
: > a lower limit if only to protect itself from a major DOS attack via the
: > classic "open a lot of connections to make it spawn lots of children from
: > inetd."  On the flip side, I also have a production web server that needs it
: 
: No setting of somaxconn will prevent this.  somaxconn has nothing to do
: with the number of concurrent connections allowed.

No, SOMAXCONN has to do with the listen() backlog.  If someone fires 128
open connections in a two-second period and fills the backlog, I have to
wait that long for the queue to clear (and all the swapping about with
fork-exec pairs from inetd that it implies).  That's a system slowdown at
best.

-- 
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)