>From: Geoff Mulligan, geoff @
>There are two pertinent kernel variables that are settable via ndd
>tcp_conn_req_max - which sets the maximum number of connections queued
>per listener (default 32). It has a maximum allowed value of 1024.
>tcp_ip_abort_cinterval - sets the number of milliseconds to hold the
>queued connections before dropping them (default 180 seconds). It has a
>minimum allowed value of 1 second and a max of 4294967 seconds or about
>I've written (and now testing) a program (synsave) that dynamically
>adjusts the tcp_ip_abort_cinterval value depending on the number of half
>open connections (hocs) queued on the system. When the number of hocs
>exceeds a threshold value the program adjusts the value downward to more
>agressively drop these connections. When the number of hocs drops to a
>sane level the program will adjust tcp_ip_abort_cinterval back to its
Seems to me I saw someone an improvement to this approch that might
the possibility of dropping legitimate but pokey connections. Keep a list
of valid connections completed and allow the normal timeout should the
have originated from one of these while shortening the timeout for
have never heard from before.
Please remember to always flame via private eMail - the rest of the group
is just not interested.