sonewconn: pcb Listen queue overflow

sloppymike

Hi,

we see following error messages in the systems log

sonewconn: pcb 0xfffff8014de53498: Listen queue overflow: 193 already in queue awaiting acceptance (107 occurrences)

and tried to identify the process following https://blog.tyk.nu/blog/fun-with-freebsd-listen-queue-overflow/ but

 netstat -Aan | grep 8014de53498

gives no result. Is there another way to trace the error?

cheers,

mike

stephenw10

Usually that is the result of some package, are you running any packages?

You might try have to try that very shortly after seeing the error. You could also try using the -L switch to see which queues are largest before you actually hit the limit.

Steve

sloppymike

Yes we run

haproxy
openvpn
pfBlockerNG 2.1.1_8
zabbix-agent

We see connection drops for webservices behind haproxy and while investigating we found these log entries. From my understanding i don't find the pcb id because the process does not exist anymore so it can not be haproxy as it has a long uptime, right?

I found some issues regarding pfBlockerNG and as it seems to restart it might is the cause

Furthermore i try to find out what kind of limit we hit. Sockets? Networkcard? and can pgBlocker be the reason for connection drops of haproxy services?

Cheers,

Mike

stephenw10

It's probably connections coming in faster than HAProxy can service them. Once the queue values is exhausted it starts throwing that error.

You can increase that value quite substantially without a problem but it may just delay the problem.

Set a system tunable kern.ipc.soacceptqueue to something larger that the default 128. Try 512.

See if that eliminates the error or simply delays it's appearance.

Steve

Redy321

This post is deleted!