Listen queue overflow error



  • Hello All,

    We are using Pfsense 2.4.2-RELEASE. We have offloaded the SSL certificate in Certificate Manager on pfsense to redirect the requests from port 80 to port 443. We have also configured ACL on frontend. We have noticed that our site receives 25000 to 30000 requests per minute.

    In our kernal logs, we are getting the error "sonewconn: pcb 0xfffff80139c013a0: Listen queue overflow: 193 already in queue awaiting acceptance (16575 occurrences)". It also causes our website to be down.

    We tried the solutions given on the following links, but we have not got any success with them.

    https://forum.netgate.com/topic/85937/pfsense-2-2-3-internet-is-very-slow-via-squid3/4
    https://forum.netgate.com/topic/122775/suricata-log-browser-memory-error/5

    Does anyone have an idea about what could be the cause of this issue and how to solve it?

    Thanks in anticipation,
    Keval shah

    0_1528121577595_1528111919168-error1.jpg

    0_1528121585062_1528111938591-error2.jpg

    0_1528121595468_1528111949876-error3.jpg


  • Rebel Alliance Developer Netgate

    There isn't enough information here to say what's happening. First, you need to upgrade to 2.4.3-p1.

    Next, you need to be more specific about your configuration. How is that redirect configured? It sounds like maybe you're using HAProxy, in which case this thread belongs in the Cache/Proxy category under Packages.

    There are ways to tune the settings to work around that error but we can't say what specific settings are needed unless we know more about what is running on there.



  • Yes @jimp, we're using HAProxy to run websites and offloading SSLs over there. We use "redirect scheme https code 301 if !{ ssl_fc }" code in Advanced pass thru option in frontend to redirect the requests from port 80 to port 443.

    The site was running in Windows Server 2012 R2 IIS before, so recently we migrated those sites to pfsense for advanced security. And after that all sites went down and found this issue in logs. Our SSLs are bought from COMODO.

    Please tell me if you want more information regarding this.