sonewconn: pcb: Listen queue overflow messages in kernel log

fcapizzo · Dec 1, 2020, 10:32 PM

I'm seeing messages like the one below in my kernel logs for pfSense:

sonewconn: pcb 0xfffff8006747c570: Listen queue overflow: 8 already in queue awaiting acceptance (4 occurrences)

The number of occurrences changes in these messages (anywhere from 1-4 occurrences), but the pcb address and and "8 already in queue waiting acceptance" are consistent in the messages.

I found this post from June and ran netstat -LaAn, but nothing matched that pcb address. I don't believe I'm having any performance issues, but I'm not exactly sure of that. Any ideas how I can troubleshoot?

For reference, I'm running 2.4.5-RELEASE-p1 (amd64) on a NetGate RCC-VE 2440.

kiokoman · Dec 1, 2020, 11:36 PM

system tunable, kern.ipc.soacceptqueue , set to something larger that the default 128. Try 512
do you have additional package like haproxy ?

with netstat -Lan
do you see something that's over 128 ?

is TCP offloading / TSO / LRO disabled under system / advanced / networking ?

fcapizzo · Dec 1, 2020, 11:40 PM

Hi @kiokoman. I checked my tunable parameters, and I currently don't have a kern.ipc.soacceptqueue tunable. I will add it and try 512 to start.

With netstat -Lan, I have nothing with a Listen value over 128.

LRO and Checksum/TCP offloading are all disabled.

stephenw10 · Dec 2, 2020, 12:27 AM

Mmm, something is trying to accept connections faster than they can be serviced. What packages do you have installed?

Try to address the issue at the root rather then just increasing the queue size.

Steve

fcapizzo · Dec 2, 2020, 1:38 AM

I added the system tunable kern.ipc.soacceptqueue, set it to 512, and applied the settings. I am still receiving those messages.

@stephenw10, I have the following packages installed:
Avahi
bandwidthd
openvpn-client-export
pfBlockerNG-devel (currently disabled)
Status_Traffic_Totals

It looks like a couple of the packages have updates available, so I will update those. I'll also remove pfBlockerNG since I'm not using it. That's all just housekeeping, but I don't think that will help/resolve the situation (but who knows!).

Also @stephenw10, I'm not sure how to address the issue at the root, which is why I'm asking on the forums.

stephenw10 · Dec 2, 2020, 4:10 PM

Of those Avahi is the only thing actively listening for connections. If you disable that do the error stop?

Steve

fcapizzo · Dec 2, 2020, 5:03 PM

@stephenw10 I disabled Avahi temporarily, but the error still happens.

I also updated packages, and removed pfBlockerNG, but the errors are still there. I find it odd that running netstat -LaAn could not find anything with the matching pcb address. Maybe I'm not searching for it correctly?

stephenw10 · Dec 2, 2020, 5:44 PM

Mmm, that should show it but I have found it very difficult to actually catch it. You have to be almost real time.

fcapizzo · Dec 13, 2020, 2:42 PM

I'm still getting this error, but interestingly it's with a different address:

sonewconn: pcb 0xfffff8006f614740: Listen queue overflow: 8 already in queue awaiting acceptance (3 occurrences)

Just like the initial error, I'm trying to search for that address via a shell command:

netstat -LaAn | grep fffff8006f614740

...but I still don't see any process using that address.

@stephenw10 , I think you're correct in that I probably need to catch the issue at the moment it occurs, but if that's the case the chances are slim to none.

I'll have to check some other resources online for any hints, but at least I don't have any perceivable problems with my LAN or internet.

stephenw10 · Dec 13, 2020, 2:42 PM

Yes, those values you're seeing are small, 8 queued, 4 occurrences. Often if you hit a problem like that you will see far higher numbers there. If you are not seeing any actual connectivity issues you might choose to ignore it.
You should not be seeing it though.

Steve