Re: [squid-users] squidaio_queue_request: WARNING - Queue congestion

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Fri, 19 Feb 2010 00:00:45 +0100

tor 2010-02-18 klockan 11:49 -0800 skrev Tory M Blue:

> Okay I've found some issues that I had not seen before,
>
> Feb 18 18:37:06 kvm0 kernel: nf_conntrack: table full, dropping packet.

And this is exactly what I wanted you to look out for...

> I would like to kick the netfilter team and fedora team in the shins.
> The issue was my squid boxes are virtual and the errors were being
> logged on the domain box (not domain as in MS). So now I'm trying to
> go through the system and remove all this garbage. This server does
> not need to track the connections and or log them. There does not seem
> to be a simple way to disable, just a lot of sysctl options and I'm
> unclear if these will do it entirely.

There is no sysctl to block conntrack.

What you need is to either

a) Make sure conntrack is not loaded in the kernel.

b) If conntrack needs to be loaded then make sure to add suitable
NOTRACK rules in iptables to avoid tracking any flows that do not need
to be tracked..

Regards
Henrik
Received on Thu Feb 18 2010 - 23:01:05 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 19 2010 - 12:00:06 MST