Skip to content

Commit 5ea8ea2

Browse files
Eric Dumazetdavem330
Eric Dumazet
authored and
davem330
committedOct 29, 2016
tcp/dccp: drop SYN packets if accept queue is full
Per listen(fd, backlog) rules, there is really no point accepting a SYN, sending a SYNACK, and dropping the following ACK packet if accept queue is full, because application is not draining accept queue fast enough. This behavior is fooling TCP clients that believe they established a flow, while there is nothing at server side. They might then send about 10 MSS (if using IW10) that will be dropped anyway while server is under stress. Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Neal Cardwell <ncardwell@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
·
v6.14v4.10-rc1
1 parent 58effd7 commit 5ea8ea2

File tree

4 files changed

+3
-20
lines changed

4 files changed

+3
-20
lines changed
 

‎include/net/inet_connection_sock.h

-5
Original file line numberDiff line numberDiff line change
@@ -289,11 +289,6 @@ static inline int inet_csk_reqsk_queue_len(const struct sock *sk)
289289
return reqsk_queue_len(&inet_csk(sk)->icsk_accept_queue);
290290
}
291291

292-
static inline int inet_csk_reqsk_queue_young(const struct sock *sk)
293-
{
294-
return reqsk_queue_len_young(&inet_csk(sk)->icsk_accept_queue);
295-
}
296-
297292
static inline int inet_csk_reqsk_queue_is_full(const struct sock *sk)
298293
{
299294
return inet_csk_reqsk_queue_len(sk) >= sk->sk_max_ack_backlog;

‎net/dccp/ipv4.c

+1-7
Original file line numberDiff line numberDiff line change
@@ -588,13 +588,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
588588
if (inet_csk_reqsk_queue_is_full(sk))
589589
goto drop;
590590

591-
/*
592-
* Accept backlog is full. If we have already queued enough
593-
* of warm entries in syn queue, drop request. It is better than
594-
* clogging syn queue with openreqs with exponentially increasing
595-
* timeout.
596-
*/
597-
if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
591+
if (sk_acceptq_is_full(sk))
598592
goto drop;
599593

600594
req = inet_reqsk_alloc(&dccp_request_sock_ops, sk, true);

‎net/dccp/ipv6.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -325,7 +325,7 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
325325
if (inet_csk_reqsk_queue_is_full(sk))
326326
goto drop;
327327

328-
if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
328+
if (sk_acceptq_is_full(sk))
329329
goto drop;
330330

331331
req = inet_reqsk_alloc(&dccp6_request_sock_ops, sk, true);

‎net/ipv4/tcp_input.c

+1-7
Original file line numberDiff line numberDiff line change
@@ -6298,13 +6298,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
62986298
goto drop;
62996299
}
63006300

6301-
6302-
/* Accept backlog is full. If we have already queued enough
6303-
* of warm entries in syn queue, drop request. It is better than
6304-
* clogging syn queue with openreqs with exponentially increasing
6305-
* timeout.
6306-
*/
6307-
if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) {
6301+
if (sk_acceptq_is_full(sk)) {
63086302
NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
63096303
goto drop;
63106304
}

0 commit comments

Comments
 (0)
Please sign in to comment.