Connection Queue

1875阅读 0评论2011-11-08 linuxty
分类:LINUX

 
已完成连接队列(completed connection queue)
(1)三次握手已经完成,但还未被应用层接收(accept),但也处于ESTABLISHED状态.
(2)队列长度由listen的backlog参数和内核的 net.core.somaxconn 参数共同决定.
(3)当这个队列满了之后,不管未完成连接队列是否已满,是否启用syncookie,都不在接收新的SYN请求.(该特性跟内核版本有关)
(4)如果client端向已完成连接队列的socket发送包,内核将保存数据到socket的接收缓冲区,等应用层accept之后,传给应用层.

未完成连接队列(incomplete connection queue)
(1)半连接状态,处于SEND_RCVD状态.
(2)由内核参数 net.ipv4.tcp_max_syn_backlog 设置.
(3)如果启用了syncookie,在未完成连接队列满了之后,新的SYN请求将使用syncookie机制.
 
 
注:不同平台对于backlog的解释都不一样,这儿用的linux-2.6.18,还是有能力了看代码靠谱啊
---------------------------------------------------------------------------------------------------------------
int listen(int sockfd, int backlog);
       The  behaviour  of  the  backlog  parameter  on TCP sockets changed with Linux 2.2.  Now it specifies the queue length for completely established sockets waiting to be accepted,instead of the number of  incomplete  connection  requests. The maximum length of the queue for incomplete sockets can be set using the tcp_max_syn_backlog sysctl.  When syncookies are enabled there is no logical maximum length and this  sysctl  setting  is  ignored.See tcp(7) for more information.
       If the socket is of type AF_INET, and the backlog argument is greater than the constant SOMAXCONN (128 in Linux2.0 & 2.2), it is silently truncated to SOMAXCONN.
 
tcp_max_syn_backlog (integer; default: see below)
        The  maximum  number of queued connection requests which have still not received an acknowledgement from the connecting client.  If this number is exceeded,  the  kernel  will  begin  dropping  requests.   The default  value  of 256 is increased to 1024 when the memory present in the system is adequate or greater (>= 128Mb), and reduced to 128 for those systems with very low memory (<= 32Mb).  It is recommended that if  this  needs  to  be  increased  above  1024, TCP_SYNQ_HSIZE in include/net/tcp.h be modified to keep TCP_SYNQ_HSIZE*16<=tcp_max_syn_backlog, and the kernel be recompiled.

tcp_syncookies (Boolean)
Enable TCP syncookies.  The kernel must be compiled with CONFIG_SYN_COOKIES.  Send out syncookies  when the syn backlog queue of a socket overflows.  The syncookies feature attempts to protect a socket from a SYN flood attack.
--------------------------------------------------------------------------------------------------------------
上一篇:Apache Timeout
下一篇:LB SESSION