Re: [squid-users] is anyone listening to my queries summary o f events

From: khiz code <khizcode@dont-contact.us>
Date: Wed, 22 Aug 2001 06:02:30 -0700 (PDT)

hi all
well henrick i had enabled debug level 2 in both the parent and the
child proxy !!!!
so how come i didnt get those resourceunavailable messages fro the
parent??

iwill surely check out the SYN problem
u think increasing tcp_max_syn_backlog wud help me
i simply used aroute map on the 7513 cisco box to direct all port 80
traffic to the squid box
the squid box had ipchainsenabled with the appropriate redirection rule
to make it accept packets

here r the rules
ipchains -A input -s localhost/32 -d localhost/32 -j ACCEPT
ipchaiuns -A input -p tcp -d 0/0 80 -j REDIRECT 3128
ipchaiuns -A input -s 0/0 -d 0/0 -j ACCEPT
????????
any problems with the rules
the squid box has only one defalut gateway andthat is the 7513
router??????

expexting futher guidance
rgds
khizcode
--- Henrik Nordstrom <hno@hem.passagen.se> wrote:
> khiz code wrote:
>
> > browser used child proxy as its proxy
> > cache.log reports
> > a > of child proxy
> > after almost every request we get the same
> > 2001/08/21 11:05:56| clientReadRequest: FD 17: no data to process
> > ((11) Resource
> > temporarily unavailable
> > b> cache.log of parent proxy
> > NO SUCH "Resource unavail Messages"
> > not even once !!!!
>
> Not nessesarily. Anyway, as I said the message is fairly expeced, and
> is
> only printed if you enable more detailed debugging than the default
> ALL,1.
>
> > under load i cpatured netstat -an
> > then did grep SYN_RECV | wc -l
> > the o/p was abt 1024 to 1030
> > this is at putting the machine atload for not more than 10 mins
> > does this indicate a SYN flood
> > do i need to increase tcp_max_syn_backlog in /proc
> > or do i need to change tcp_syncookies
>
> If you have large amounts of SYN_RECV you for sure have a problem
> with
> SYNs. Possibilities:
>
> a) Someone is SYN flooding your server
>
> b) You have some networking problem, causing return traffic for
> some/many
> clients to get lost
>
> To diagnose further, try to figure out is there is any pattern in the
> source IP's of the SYN_RECV sockets.
>
> --
> Henrik Nordstrom
> Squid Hacker
>

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Received on Wed Aug 22 2001 - 07:02:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:53 MST