From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id E38123B2A4; Tue, 10 Sep 2019 18:35:21 -0400 (EDT) Received: by mail-io1-xd2c.google.com with SMTP id r8so16403931iol.10; Tue, 10 Sep 2019 15:35:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=zCKgFCrxlWb8aIWdmtilsKMD/ES91ReJqoaAIUS5mso=; b=fp6kd56OtQVjcxeh7/Shfkyyq1tCSYlFXQiBoIgW+RfrWPOaczAxb3JOALGGukqvWG F7oGDDSgv5P8iVkLmg6md4mUtsfANw1QZadfqdre3GgPyHYYRkw/XiF9jBABWksX+Ye0 DPjm2459I9W/qAVQN4wqBashoPlhLgTo63z75oV/q4IATKjyeYIyov9/xfGlzSNVu9Nr rhth8l4fgvDBvNN0rUhk8Gu9aVBjaHirKFtidsCra8n8L8Fh1NMJQvmKzNHCEEJJfthM Do62MqmcAvMTUgDmWtiQ1QWNzg1q/nNJh4qF2zNFgE4vrGmGEYutb/vhuSbExyHgN5gt RYfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=zCKgFCrxlWb8aIWdmtilsKMD/ES91ReJqoaAIUS5mso=; b=l6s8lP90W0W39t2maOlyKoABIokisKmUf1ySSnkZpkn42vg2iQZxGv4hOBggp3lqFH 6OcsDJcYo9pjNLaYqoL3vxx8N6la3gu9nc18kBxOBFoh6VeECHjdBW4qlywh3zXokwe1 mLDUXACQej3+MmgG4/qnX06HI+PuUBKSGnyoW+Mr736MGWnTSgfmM4Q0QDmdPwxXgHWu jiBqrc7Xg9emNtvPcq+gZa1gh14V0+JH/i6Hg/ONxiPicyVVs4iLEzRZTBy+EnGMq6lP FqIgpPhxBQGiPKyJwr8fVMqNJDRfntDF6pt1xfGBNrrnBM+3VHzEx2GyF7f25awc6dkS w8QQ== X-Gm-Message-State: APjAAAWj8NDjf/x3pzi4GBvwF2opeX4QnI3OvvCHnvrGt2hRkoMZoCa2 7457y0UE73UIfgrejA5/HgneJ1I/XADO5toEhYULbV8ZVd0= X-Google-Smtp-Source: APXvYqwq8im3EKUggBiVT6H1UA+SoDQOc2tqjjuhJVUnn7jEC8QvvMn4IQIFstPrdyjN5YjxX7snA+jncut7v9d8NmM= X-Received: by 2002:a02:a516:: with SMTP id e22mr34257892jam.77.1568154921200; Tue, 10 Sep 2019 15:35:21 -0700 (PDT) MIME-Version: 1.0 References: <_WFBkuGQ2t1nbWOuKjsSzjHC5Yc60ZcSTKLdJOyJKIRBiHaLkI4uYnZeUOuKuhaq-zLb3ZQ5IuEmBfSjSelCnZOJJ34oJdAN-rl8MXbF-s4=@soltysiak.com> In-Reply-To: <_WFBkuGQ2t1nbWOuKjsSzjHC5Yc60ZcSTKLdJOyJKIRBiHaLkI4uYnZeUOuKuhaq-zLb3ZQ5IuEmBfSjSelCnZOJJ34oJdAN-rl8MXbF-s4=@soltysiak.com> From: Dave Taht Date: Tue, 10 Sep 2019 23:35:10 +0100 Message-ID: To: =?UTF-8?Q?Maciej_So=C5=82tysiak?= Cc: Mikael Abrahamsson , cerowrt-devel , bloat Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] Revising the synflood limit X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Sep 2019 22:35:22 -0000 I'm not sure if it is a "nice catch" or not yet. It's merely me (now us) tying two anomalies together that might be connected. Can you convert that -j drop to a -j log to see where they come from? For example I was failing to negotiate ecn while at this conference, which also meant a dropped syn. On Tue, Sep 10, 2019 at 7:08 PM Maciej So=C5=82tysiak wrote: > > > OK, I started a topic over there. It would be good to know how many > > other firewall tools set a syn limit by default, but that would take > > way more research. > > > > https://forum.openwrt.org/t/the-synflood-limit-is-too-low-for-the-moder= n-internet/43957 > Nice catch! I've 10 to 15 devices on my network. Just in 24h I see I had = 10k SYN's rejected! > --=20 Dave T=C3=A4ht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740