drop unnecessary SYN backlog configuration

This doesn't do anything on modern Linux kernel versions when SYN cookies are enabled.
reduce conntrack SYN timeouts to match TCP/IP stack
2024-04-24 17:03:58 -04:00 · 2024-04-24 10:45:02 -04:00
1 changed files with 2 additions and 1 deletions
--- a/sysctl.d/local.conf
+++ b/sysctl.d/local.conf
@ -15,13 +15,14 @@ net.ipv4.tcp_notsent_lowat = 131072
 net.ipv4.tcp_fin_timeout = 30
 net.ipv4.tcp_rfc1337 = 1
 net.ipv4.tcp_tw_reuse = 1
-net.ipv4.tcp_max_syn_backlog = 65536

 # 31s with initial 1s RTO
 net.ipv4.tcp_syn_retries = 4
+net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 31

 # 15s with initial 1s RTO
 net.ipv4.tcp_synack_retries = 3
+net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 15

 # 102.2s with minimum 0.2s RTO
 net.ipv4.tcp_retries2 = 8
Author	SHA1	Message	Date
Daniel Micay	43ec3244f4	drop unnecessary SYN backlog configuration This doesn't do anything on modern Linux kernel versions when SYN cookies are enabled.	2024-04-24 17:03:58 -04:00
Daniel Micay	f3ae109eac	reduce conntrack SYN timeouts to match TCP/IP stack	2024-04-24 10:45:02 -04:00