Listen queue overflow: 193 already in queue awaiting acceptance
-
From the forums back in 2020, but there was never a conclusion.
link textSep 27 21:57:05 pfSense kernel: sonewconn: pcb 0xffffa00050cc3540 (10.10.10.1:443 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (28 occurrences), euid 0, rgid 0, jail 0
Every couple of days I will see the above flood my logs. It is a remote system. A reboot fixes it, but why am I seeing them in the first place? What is the root cause?
Avahi is not installed.
DHCPD, dpinger, ipsec, ntpd, pfb_dnsbl, pfb_filter, syslogd, tailscale and unbound are the only services running.
Ideas?
Si vis pacem, para pactum.
-
Because some service is unable to service the incoming connection requests fast enough. Or more commonly it's stopped servicing requests at all and so the socket queues fill up fast. I'd guess Unbound from that list. Had the service stopped? Was the box still able to resolve?
Steve
-
@stephenw10 Unbound is still working with no issues resolving.
-
But was it before the reboot?
It might not be that. Check the other logs, did something stop or get blocked?
-
@stephenw10 it was.
I remoted in, and was able to resolve websites and blocks. -
@mtarbox said in Listen queue overflow: 193 already in queue awaiting acceptance:
(10.10.10.1:443 (proto 6)):
That implies the webgui itself. I assume that is the LAN IP of the firewall?
The fact it's shown as protocol 6 is odd though.
-
@stephenw10 No, it is the Unbound webserver virtual ip address.
-
Oh, the pfBlocker server. Hmm well check the logs for that then. That almost certainly stopped since it serves only tiny ad replacements. I'd be amazed if it ever got overloaded.
-
@stephenw10 Hmmm, I will have to wait it does it again..
Thank you for taking the time, and I will report back the next time it does it.
