What causes “SYN to LISTEN sockets dropped”?
Solution 1
These counters ultimately come from the kernel and map to the LINUX_MIB_LISTENOVERFLOWS
and LINUX_MIB_LISTENDROPS
counters. You can see from the source of net/ipv4/tcp_ipv4.c(tcp_v4_syn_recv_sock) around line #1392 that when LINUX_MIB_LISTENOVERFLOWS
is incremented, LINUX_MIB_LISTENDROPS
will also be incremented but there are exit conditions where only the latter can be incremented so it's not a bug that they don't match.
In the same file you can see there's this code:
1291 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1292 {
1293 /* Never answer to SYNs send to broadcast or multicast */
1294 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1295 goto drop;
1296
1297 return tcp_conn_request(&tcp_request_sock_ops,
1298 &tcp_request_sock_ipv4_ops, sk, skb);
1299
1300 drop:
1301 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1302 return 0;
1303 }
So you can see at least one cause is a SYN to a broadcast or multicast address.
Solution 2
Usually wmem and rmem defaults are 212992 bytes. Apparently not enough on busy server. Raised to 8MB and the problem disappeared.
sysctl -w net.core.wmem_default=8388608
sysctl -w net.core.rmem_default=8388608
Related videos on Youtube
Serge James Web Developer
Updated on September 18, 2022Comments
-
Serge James Web Developer over 1 year
I've recently used Heroku to purchase an ssl certificate for my website (using free dynos). I'm relatively new to web programming and this is my first time trying to get a website secure. I've run into multiple problems but my main one is that when I type into Google the name of my business (jsm websites.com), I click on the link to my website but it sends me to the insecure version of my website (just http, not https). I'm really confused as to why this is happening, as the ssl certificate has been issued without problems and also I can access the secure version of my website when I manually type into the url bar "https://www.jsm-websites.com". Also, some of the links on google that link to additional pages on my website (such as to the about page or the discover features page) send me to the secure version of my website. Is there a way to just delete the insecure version of my website so that google will just send people to the secure version? Or do I need to do some fancy coding to direct people there manually? Thanks for your help, if I've not explained myself well please send me a question. P.S. I am using goormide as my development environment and the url I am using is www.jsm-websites.com.
-
cYrixmorten over 3 yearsSounds like you should take a look at your DNS provider, the place where you bought your domain. Here you should be able to force any visitors to the secure endpoint. It is also possible to get Heruko to manage your DNS if you look at the settings tab for your dyno.
-
Serge James Web Developer over 3 yearsThanks for this, yes I had a look at the domain and played around with a few things. Thanks so much for your help and time :) I really appreciate it.
-
-
edlerd over 9 yearsThanks for the explanation. From the code i see two possibilities for growing LINUX_MIB_LISTENOVERFLOWS: 1) syn to broadcast as mentioned by you 2) Still in SYN_RECV, just remove it silently. (i honestly dont understand what is meant there). As the counts diverge on 2 of 5 proxies (which are all configured in the same way), can you suggest a cause for the behaviour?
-
bodgit over 9 yearsNothing definitive, however I would monitor the value of both counters over time and see what the general rate and pattern is. Bear in mind there is a separate yet similar code path for TCP & IPv6 so you might have non-unicast IPv6 traffic causing the counters to increase.
-
edlerd over 9 yearsi was monitoring the numbers again today. so the result is, that the SYNs to LISTEN sockets dropped is increased by ~100k, while the other counter is unchanged. Also I can see the first value change every couple of seconds. Any idea how to identify the reason?
-
andresp about 5 yearsIf you are already setting net.ipv4.tcp_rmem and net.ipv4.tcp_wmem and you are only serving TCP traffic, is there a point in also setting the net core values?
-
andresp about 5 yearsAccording to IBM those net.core properties are superseeded by the TCP ones for TCP connections: ibm.com/support/knowledgecenter/en/linuxonibm/liaag/wkvm/… so there is no point in setting them if you already set the ones for TCP.
-
Serge James Web Developer over 3 yearsThanks so much for your help! My website is working great now, thank you very much :)
-
Shantun Parmar over 3 yearsyour welcome if you face any problem further you can let me know