TCP connection queue and backlog parameters

原文： https://www.programmersought.com/article/3841592816/

There is one hereSO_BACKLOGParameters, this article explains the specific use of this parameter.

TCP connection queue

Let's take a look at the TCP three-way handshake process:

1. When the client sends a SYN packet to the server via connect, the client maintains a socket waiting queue, and the server maintains a SYN queue.
2. At this point, the state of the semi-link is entered. If the socket waits for the queue to be full, the server will discard, and the client will return the connection time out; as long as the client does not receive the SYN+ACK, after 3s, the client will send again, if Still not received, will continue to send after 9s;
3. The length of the semi-join syn queue ismax(64, /proc/sys/net/ipv4/tcp_max_syn_backlog) Decide
4. When the server receives the SYN packet of the client, it will return SYN, and the ACK packet will be confirmed. The client's TCP protocol stack will wake up the socket waiting queue and issue a connect call.
5. After the client returns the ACK packet, the server enters a new queue called accept. The length of the queue ismin(backlog, somaxconn)By default, the value of somaxconn is 128, which means that up to 129 ESTAB connections are waiting for accept(), while the value of backlog isint listen(int sockfd, int backlog) The second parameter in the designation, the meaning of the backlog in listen, please see here. It should be noted that some Linux hairstyle versions may have truncating methods for somaxcon errors;
6. After the accept queue is full, even if the client continues to send ACK packets to the server, it will not be corresponding. At this time, the server passes/proc/sys/net/ipv4/tcp_abort_on_overflow To decide how to return, 0 means to discard the ACK directly, 1 means to send RST to notify the client; correspondingly, the client will return separatelyread timeout Orconnection reset by peer. The above is just a theory. If the server does not call accept() in time, when the queue is full, the server will not respond to the SYN and return ETIMEDOUT as described in the theory. according toThisThe description of the document, the actual situation is not the case, the server will randomly ignore the received SYN, the number of connections established can be increased indefinitely, but the client will encounter delays and timeouts.

As you can see, the entire TCP stack has the following two queues:

1. One is a half open (syn queue) queue (max (tcp_max_syn_backlog, 64)), which is used to save SYN_SENT and SYN_RECV information, the size of which passes/proc/sys/net/ipv4/tcp_max_syn_backlogSpecified, the default value is 512, but this setting is valid if the system's syncookies function is disabled. The common TCP SYN FLOOD malicious DOS attack method on the Internet is to establish a large number of semi-connected state requests, and then discard them, so that the syns queue cannot save other normal requests. .
2. The other one is accept queue(min(somaxconn, backlog)), which saves the request of the full connection state, and its size is passed./proc/sys/net/core/somaxconnSpecifies that when using the listen function, the kernel will take the smaller of the two based on the incoming backlog parameter and the system parameter somaxconn.