Re: [squid-users] is anyone listening to my queries summary o f events

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 22 Aug 2001 00:01:08 +0200

khiz code wrote:

> browser used child proxy as its proxy
> cache.log reports
> a > of child proxy
> after almost every request we get the same
> 2001/08/21 11:05:56| clientReadRequest: FD 17: no data to process
> ((11) Resource
> temporarily unavailable
> b> cache.log of parent proxy
> NO SUCH "Resource unavail Messages"
> not even once !!!!

Not nessesarily. Anyway, as I said the message is fairly expeced, and is
only printed if you enable more detailed debugging than the default ALL,1.

> under load i cpatured netstat -an
> then did grep SYN_RECV | wc -l
> the o/p was abt 1024 to 1030
> this is at putting the machine atload for not more than 10 mins
> does this indicate a SYN flood
> do i need to increase tcp_max_syn_backlog in /proc
> or do i need to change tcp_syncookies

If you have large amounts of SYN_RECV you for sure have a problem with
SYNs. Possibilities:

a) Someone is SYN flooding your server

b) You have some networking problem, causing return traffic for some/many
clients to get lost

To diagnose further, try to figure out is there is any pattern in the
source IP's of the SYN_RECV sockets.

--
Henrik Nordstrom
Squid Hacker
Received on Tue Aug 21 2001 - 18:03:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:53 MST