Chris Stathis Chris Stathis - 2 months ago 15
Linux Question

In context of linux TCP system calls, what is an "incomplete connection request"?

The linux man page for

listen()
says:


The behavior of the backlog argument on TCP sockets changed with Linux 2.2. Now it speci‐
fies the queue length for completely established sockets waiting to be accepted, instead
of the number of incomplete connection requests. The maximum length of the queue for
incomplete sockets can be set using /proc/sys/net/ipv4/tcp_max_syn_backlog. When syncook‐
ies are enabled there is no logical maximum length and this setting is ignored. See
tcp(7) for more information.


In this context, what is meant by "completely established sockets" vs. "incomplete connection requests"?

Answer

The TCP protocol establishes connections with the so called three-way handshake, when host A initiates a connection to host B:

  • A to B: SYN
  • B to A: SYN + ACK
  • A to B: ACK

An incomplete connection request is a connection for which a SYN has been sent, but the host has not received the SYN-ACK (either because the first or the second message, or their retrials, were lost).

This is different to the current semantics of the argument to listen(), "Completely established sockets", which specifies the number of connections already accepted by the TCP protocol, but not processed by the application (with an accept()), that can be queued before TCP ignores further connection requests.