From owner-freebsd-net@FreeBSD.ORG  Thu Jul 25 12:51:31 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 3F185E4D
 for <freebsd-net@freebsd.org>; Thu, 25 Jul 2013 12:51:31 +0000 (UTC)
 (envelope-from andre@freebsd.org)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id A60902708
 for <freebsd-net@freebsd.org>; Thu, 25 Jul 2013 12:51:30 +0000 (UTC)
Received: (qmail 54684 invoked from network); 25 Jul 2013 13:39:30 -0000
Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2])
 (envelope-sender <andre@freebsd.org>)
 by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
 for <lev@FreeBSD.org>; 25 Jul 2013 13:39:30 -0000
Message-ID: <51F11F47.2000008@freebsd.org>
Date: Thu, 25 Jul 2013 14:51:19 +0200
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: lev@FreeBSD.org
Subject: Re: A huge amount of "sonewconn: pcb 0xfffffe0053916dc8: Listen queue
 overflow: 193 already in queue awaiting acceptance" in logs recently
 (9-STABLE)
References: <932442845.20130725144622@serebryakov.spb.ru>
In-Reply-To: <932442845.20130725144622@serebryakov.spb.ru>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2013 12:51:31 -0000

On 25.07.2013 12:46, Lev Serebryakov wrote:
> Hello, Freebsd-net.
>
>   I have 9.1-STABLE r253105 system, which started to flood logs with
>   "sonewconn: pcb 0xfffffe0053916dc8: Listen queue overflow: 193 already in
> queue awaiting acceptance" messages (there are thousnds of it, if you take
> "last message was repeated 600 times" in account).
>
>   Nothing was changed in settings for long time.
>
>   How could I determine, which connections (listen port, at least) cause
> these messages?

This means the rate of incoming connection attempts is grater than the speed
of the application accepting them.  Typically you either suffer from a DoS
attack or your server is undersized for the amount of traffic it is receiving.

A change to rate-limit the number of these messages is in the works to prevent
it filling from the logs too fast.

-- 
Andre