Subject: Re: New sysctl "net.listen_backlog"?
To: Marc Slemko <firstname.lastname@example.org>
From: Todd Vierling <email@example.com>
Date: 09/14/1998 20:08:13
On Mon, 14 Sep 1998, Marc Slemko wrote:
: > Actually, yes. I have in my repertoire an underpowered box who really needs
: > a lower limit if only to protect itself from a major DOS attack via the
: > classic "open a lot of connections to make it spawn lots of children from
: > inetd." On the flip side, I also have a production web server that needs it
: No setting of somaxconn will prevent this. somaxconn has nothing to do
: with the number of concurrent connections allowed.
No, SOMAXCONN has to do with the listen() backlog. If someone fires 128
open connections in a two-second period and fills the backlog, I have to
wait that long for the queue to clear (and all the swapping about with
fork-exec pairs from inetd that it implies). That's a system slowdown at
-- Todd Vierling (Personal firstname.lastname@example.org; Bus. email@example.com)