Re: [squid-users] Dual Processor.

From: Marc Elsen <marc.elsen@dont-contact.us>
Date: Fri, 12 Jul 2002 09:38:27 +0200

>>>Marc Elsen wrote:
>>>
>
>>>>Francisco Obispo wrote:
>>>>
>>>>
>>>>>About the "kernel: NET: XX messages suppressed." I didn't find any other
>>>>>related messages.. I think is due to heavy load ( > 4000 hosts).
>>>>>
>>>>Could be, did you look in /var/log/messages just above
>>>>for each of those ...suppressed... lines ?
>>>>
>>>>
>>>>
>>
>>>Yes ... but I never found any other "errors" from kernel... everything
>>>looked normal..
>>>...
>>>
>>
>>
>> Strange, you may also want to look the output of the :
>>
>> # dmesg
>>

>Hi..

>I've checked dmesg and found this..

>TCP: drop open request from 150.187.68.9/4656
>NET: 463 messages suppressed.
>TCP: drop open request from 150.187.42.2/1458
>NET: 597 messages suppressed.
>TCP: drop open request from 150.187.12.2/37834
>NET: 563 messages suppressed.
>TCP: drop open request from 150.187.37.17/2418
>NET: 476 messages suppressed.
>TCP: drop open request from 150.188.6.101/4227
>NET: 467 messages suppressed.
>TCP: drop open request from 150.187.2.5/4080
>NET: 554 messages suppressed.
>TCP: drop open request from 150.187.68.9/1154
>NET: 531 messages suppressed.
>TCP: drop open request from 150.187.37.17/2657
>NET: 454 messages suppressed.
>TCP: drop open request from 150.187.42.2/2313
>NET: 400 messages suppressed.
>TCP: drop open request from 150.187.68.9/1331
>NET: 522 messages suppressed.
>TCP: drop open request from 150.187.108.3/3483
>NET: 362 messages suppressed.
>TCP: drop open request from 150.187.68.9/1381
>NET: 495 messages suppressed.
>TCP: drop open request from 150.187.54.5/4310
>NET: 340 messages suppressed.
>TCP: drop open request from 150.187.67.21/1610
>NET: 447 messages suppressed.
>TCP: drop open request from 150.187.8.30/1673
>NET: 489 messages suppressed.
>TCP: drop open request from 150.187.29.70/1531

>what should I do to avoid this problem?

>THanks..
 

 It indicates that the rate at which your kernel is receiving requests
 for new tcp connections is way too high.

 The output is suspicious :

 Check :

 # netstat -a

 on your system, to see whether perhaps there are many tcp
 connections in a strange state, such as for instance SYN_RECV.

 In the worst case your system may be under SYN flood attacks,
 for instance.

 You can try enabling tcp_syncookies, in that case :

  echo "1" >/proc/sys/net/ipv4/tcp_syncookies

 M.
Received on Fri Jul 12 2002 - 01:42:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:13 MST