Yeah but what to do when you have a very loaded squid server with more than 15000 req/min ...you will notice in /var/log/messages that kernel is sending syn cookies and slowing down requests coming to port 3128 !
On Sat, Apr 23, 2011 at 7:51 PM, Jim Binder <[email protected]> wrote: > syn cookies are a feature of the tcp stack to delay setting up full tcp state > to avoid resource starvation and to avoid syn floods (lots of syns never > completed freezing out good new connections.) > > James S. Binder > > 408.761.1403 (cell) > > > > > On Apr 23, 2011, at 9:02 AM, Marcus Kool <[email protected]> wrote: > >> When a TCP connection is established, TCP SYN packets are exchanged. >> Blocking SYN packets is the same as blocking all TCP traffic. >> >> >> Andreas Braathen wrote: >>> I tried it, but it did not change anything. Squid still sends SYN packets >>> to establish state with destination. >>> Any other suggestions? >>>> edit /etc/sysctl.conf >>>> change net.ipv4.tcp_syncookies=1 to net.ipv4.tcp_syncookies=0 and >>>> reboot. dont forget to remove the # from the beginning of the line. >>>> >>>> On Sat, Apr 23, 2011 at 5:39 PM, Andreas Braathen >>>> <[email protected]> wrote: >>>>> Squid is sending SYN packets to destination when receiving GET request >>>>> from internals hosts. I want Squid to forward the GET request. How is >>>>> this possible? >>>>> >
