On Fri, 23 May 1997, Edward Henigin wrote:
>
> How can you check to see if the listen queue is overflowing?
> is there a command available to report the currently used/available
> listen queues?
>
> Ed
If a Linux box with SYN/RST cookies starts reporting possible syn attacks
(to syslog - probably in /var/log/messages), it means the listen queue
became full.
> On Thu, May 22, 1997 at 08:55:25PM -0300, Michael 'Moose' Dinn said:
> > Have you tried increasing your TCP Listen Queue? This sounds like the
> > listen queue is overflowing. On Solaris, you can use "ndd" to increase
> > it, on Linux, you need a kernel/libc(?)/squid rebuild.
On Linux it is a parameter to the listen call. From 'man listen'
SYNOPSIS
#include <sys/socket.h>
int listen(int s, int backlog);
So, to fix this on a linux squid, you'd just have to check that the
backlog parameter is set to something sensible in comm.c (the linux kernel
can do upto 128 without any modification to the kernel source).
Regards,
Mark
---------------------------------------------------------------------------
Mark Cooke The views expressed above are mine and are not
Systems Programmer necessarily representative of university policy
University Of Birmingham URL: http://www.sr.bham.ac.uk/~mpc/
---------------------------------------------------------------------------
Received on Fri May 23 1997 - 10:15:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:15 MST