On Mon, 2017-08-28 at 23:47 -0400, Harsha Chenji wrote: > So I have ubuntu 12.04 x32 in a VM with syncookies turned off. I tried > to do a syn flood (with netwox) on 3 different processes. Each of them > returns a different value with netstat -na | grep -c RECV : > > nc -l 5555 returns 16 (netcat-traditional) > apache2 port 80 returns 256 > vsftpd on 21 returns 64. > net.ipv4.tcp_max_syn_backlog is 512. > > Why do these different processes on different ports have different > queue lengths for incomplete connections? Where exactly in the kernel > is this decided?
See 2nd argument in listen() system call, ie backlog man listen Without a synflood, just look at "ss -t state listening" The backlog is the 2nd column (Send)
