Subject: Questions on TCP backlog
To: Tech Net <firstname.lastname@example.org>
From: B. James Phillippe <email@example.com>
Date: 10/18/2001 16:51:07
Aplogies for what may be silly questions - I'm new to BSD and just
beginning to dig through the code. I have a few questions regarding TCP
and sockets as implemented in the 1.5.2 release.
Why are new connections allowed up to 3/2 the connection backlog?
2.) IPv4 TCP ~ general connection request handling
I have just started reading through this code so perhaps this
question is asked too early. In any case, I'm trying to understand
the mechanism used to queue new connection requests. Specifically,
I am interested to know the design WRT SYN flood type attacks
against local sockets. Is state tracked for SYN's, or is there
some kind of mechanism similar to SYN cookies which obviates state
tracking until the last stage of the 3WHS?
3.) SYN Flood resistance for routing
This question is predicated on the above, I suppose. Also, I have
yet to dig through any packet filtering code... Is there a
mechanism within the IP forwarding layer that can extend SYN Flood
resistance to hosts behind the router/firewall?
Thanks for any helpful info.
# bryan at terran dot org Support the American Red Cross
# http://www.terran.org/~bryan http://www.redcross.org