diff options
author | Eric Dumazet <edumazet@google.com> | 2016-10-26 09:27:57 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-10-29 15:09:21 -0400 |
commit | 5ea8ea2cb7f1d0db15762c9b0bb9e7330425a071 (patch) | |
tree | 46fb718cf8da30f0cbb023e19081921cac3832a0 /net/ipv4/tcp_input.c | |
parent | 58effd7168e9b74252650a008b5229c7cf224c7b (diff) | |
download | lwn-5ea8ea2cb7f1d0db15762c9b0bb9e7330425a071.tar.gz lwn-5ea8ea2cb7f1d0db15762c9b0bb9e7330425a071.zip |
tcp/dccp: drop SYN packets if accept queue is full
Per listen(fd, backlog) rules, there is really no point accepting a SYN,
sending a SYNACK, and dropping the following ACK packet if accept queue
is full, because application is not draining accept queue fast enough.
This behavior is fooling TCP clients that believe they established a
flow, while there is nothing at server side. They might then send about
10 MSS (if using IW10) that will be dropped anyway while server is under
stress.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_input.c')
-rw-r--r-- | net/ipv4/tcp_input.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index a27b9c0e27c0..f2c59c8e57ff 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6298,13 +6298,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops, goto drop; } - - /* Accept backlog is full. If we have already queued enough - * of warm entries in syn queue, drop request. It is better than - * clogging syn queue with openreqs with exponentially increasing - * timeout. - */ - if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) { + if (sk_acceptq_is_full(sk)) { NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); goto drop; } |