In RHEL 8 and later, SYN_RECV sockets are not created and "Possible SYN flooding" is not logged when the accept backlog is full.

Solution Unverified - Updated -

Issue

In RHEL8 and later, the following behaviors are observed when the accept queue (defined by the backlog argument in listen()) is full:

  • When the backlog is full, SYN_RECV sockets are not created, and SYN cookies are not sent.

  • The message "Possible SYN flooding on port..." is not logged, even if net.ipv4.tcp_syncookies is set to 2.

Environment

  • Red Hat Enterprise Linux 8 and later

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content