Subject: Questions on TCP backlog
To: Tech Net <>
From: B. James Phillippe <>
List: tech-net
Date: 10/18/2001 16:51:07

Aplogies for what may be silly questions - I'm new to BSD and just
beginning to dig through the code.  I have a few questions regarding TCP
and sockets as implemented in the 1.5.2 release.

1.) uipc_socket2.c:sonewconn1()
	Why are new connections allowed up to 3/2 the connection backlog?

2.) IPv4 TCP ~ general connection request handling
	I have just started reading through this code so perhaps this
	question is asked too early.  In any case, I'm trying to understand
	the mechanism used to queue new connection requests.  Specifically,
	I am interested to know the design WRT SYN flood type attacks
	against local sockets.  Is state tracked for SYN's, or is there
	some kind of mechanism similar to SYN cookies which obviates state
	tracking until the last stage of the 3WHS?

3.) SYN Flood resistance for routing
	This question is predicated on the above, I suppose.  Also, I have
	yet to dig through any packet filtering code...  Is there a
	mechanism within the IP forwarding layer that can extend SYN Flood
	resistance to hosts behind the router/firewall?

Thanks for any helpful info.
# bryan at terran dot org                      Support the American Red Cross