[KLUG Members] SYNACK timeout

Adam Tauno Williams members@kalamazoolinux.org
Sat, 1 Nov 2003 13:38:45 -0500

Previous message: [KLUG Members] SYNACK timeout
Next message: [KLUG Members] SGI Question.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If I'm running a server and a client contacts me, here's what
> happens for us to establish a TCP connection:
> 1. client sends server a SYN
> 2. server sends client a SYNACK
> 3. client sends server an ACK
> On my server, it looks like the timeout between 2 and 3 is about
> eight minutes.  That is, a client can send me a SYN and tie up an
> incoming connection for about eight minutes.
> I want to change this to 20 seconds.
> Anyone know what I have to tweak to make that happen?

It would be a sysctl parameter, if one is available for this purpose;  I'm not
certain one is.

FIN (connection closing timeouts) can be adjusted via net.ipv4.tcp_fin_timeout,
but I don't think there is a correspong SYNACK timeout value (perhaps this is
defined as a static value in an RFC somewhere?).  If your worried about
connection request floods you can adjust tcp_max_syn_backlog up.

Check out the /usr/src/linux-*/Documentation/networking/ip-sysctl.txt file
(should be in your kernel source), and I've got a document on some related stuff
on the KLUG ftp server - ftp://ftp.kalamazoolinux.org/pub/pdf/PerfTune2001.pdf

Previous message: [KLUG Members] SYNACK timeout
Next message: [KLUG Members] SGI Question.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]