One way to debug this would be to run wireshark to see where the bogus SYN packets are coming from. Lukasz On Wed, Mar 16, 2016, at 11:27, Lukasz Janyst wrote: > Isn't it a sign of either a DOS attack or a network problem? I would > guess that a restart of the service helps because, by closing the > listening socket, you close the corresponding kernel SYN queue. > > Lukasz > > On Wed, Mar 16, 2016, at 00:39, Marian Zvada wrote: > > Hi Folks, > > > > we're seeing these two types of kernel messages which are obviously > > connected to xrootd process on US regional redirectors running on the > > port 1094: > > > > --- > > kernel: TCPv6: Possible SYN flooding on port 1094. Sending cookies. > > kernel: possible SYN flooding on port 1094. Sending cookies. > > --- > > > > This is happening intermittently on both US regional redirectors > > cmsxrootd1.fnal.gov and xrootd.unl.edu. Both are behind DNS aliased host > > cmsxrootd.fnal.gov. We're pretty confident that this typically occurs in > > syslog when redirector is giving very long waits for access to files > > through xrootd. > > > > Simple restart of service bring response time back to normal. We also > > didn't notice any significant increase in use of memory nor cpu on the > > machines itself so we're wondering if anyone from the list or developers > > may explain if this is something to worry about. It is also hard to > > catch so maybe if you have any idea what to watch next time and record > > (besides core file) that'll help. Luckily, we at least know when we're > > getting warning state of the xrootd-fallback SAM test this 'flooding' is > > likely happening again... > > > > FNAL and UNL regional redirectors run xrootd-4.3.0-0.rc3.el6.x86_64 and > > along slowness seen and odd kernel records in system logs there is > > nothing obvious in the xrootd and cmsd logs to report. Maybe do you know > > which specific xrootd process chain might trigger this kernel errors? > > > > Any feedback is very welcome! > > > > Thanks, > > Marian > > > > ######################################################################## > > Use REPLY-ALL to reply to list > > > > To unsubscribe from the XROOTD-L list, click the following link: > > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1