SYN floods? from Jon Drukman on 1999-06-24 (squid-users)

From: Jon Drukman <jsd@dont-contact.us>
Date: Thu, 24 Jun 1999 14:52:04 -0700

Recently I have been getting a bunch of complaints about my Squid machine,
which I am using strictly in http-accelerator mode. (We are running
SQUID2.2-STABLE2 on FreeBSD as img.gamespot.com to accelerate images for
www.gamespot.com.)

First, the complaints were that we were flooding a bunch of identd
requests. I rebuilt squid without the identd code. Now I am getting
complaints about SYN floods. I can't make it happen and since I only get a
complaint once every few days I'm assuming it's a transient problem. Does
anybody know anything about this?

Question 2: Since I'm running in accelerator-only mode, do I need the
dnsservers at all? If not, how can I disable them?

Question 3: I always get the "WARNING! Your cache is running out of
filedescriptors" message even though I have allocated 16000+ descriptors to
the process. Is that not enough?

Question 4: When I start squid, I get the following series of messages:

1999/06/24 17:46:31| realconf line 18: ident_lookup_access deny all
1999/06/24 17:46:31| aclParseAccessLine: ACL name 'all' not found.
1999/06/24 17:46:31| realconf line 18: ident_lookup_access deny all
1999/06/24 17:46:31| aclParseAccessLine: Access line contains no ACL's,
skipping
1999/06/24 17:46:31| realconf line 19: http_access deny all
1999/06/24 17:46:31| aclParseAccessLine: ACL name 'all' not found.
1999/06/24 17:46:31| realconf line 19: http_access deny all
1999/06/24 17:46:31| aclParseAccessLine: Access line contains no ACL's,
skipping
1999/06/24 17:46:31| realconf line 20: icp_access deny all
1999/06/24 17:46:31| aclParseAccessLine: ACL name 'all' not found.
1999/06/24 17:46:31| realconf line 20: icp_access deny all
1999/06/24 17:46:31| aclParseAccessLine: Access line contains no ACL's,
skipping

These are troubling because there are only 16 lines in the configuration file!

Here is the complete configuration file:

http_port 80
icp_port 0
cache_mem 8 MB
cache_dir /data1/squid/cache 500 16 256
cache_access_log /dev/null
cache_log /usr/local/squid/logs/squid-cache.log
cache_store_log none
emulate_httpd_log on
pid_filename /usr/local/squid/logs/squid.pid
cache_mgr jsd
cache_effective_user nobody
cache_effective_group nobody
visible_hostname www.gamespot.com
httpd_accel_host www.west.gamespot.com
httpd_accel_port 80
append_domain .gamespot.com

Thanks for reading.

Jon Drukman
Director Of Technology
GameSpot
Received on Thu Jun 24 1999 - 15:38:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:58 MST