From f14f6334fda7b78191c9ab23d2bdef2bf5597860 Mon Sep 17 00:00:00 2001
From: jfesler <jfesler@gigo.com>
Date: Sun, 28 Jun 2020 21:08:45 -0700
Subject: experimental code to watchdog and reset nfqueue

---
 README.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index d8c9b1c..2598334 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,27 @@ The `preferred_lft 0` is important to mark the address as a deprecated address.
 This means only use the address for incoming connections; not for outgoing.
 
 
+UBUNTU 18 NOTES ON NFQUEUE HANGS
+--------------------------------
+
+We're seeing reports of the daemon wedging.  So far, my observations
+on my own ubuntu 18 system are that the recv() calls against the
+iptables nfqueue hang.
+
+The master branch (not pushed to the rsync server) specifically
+adds in a watchdog function; after a configurable numbrer of seconds,
+it will disconnect the nfqueue and reattach.  If it does this
+too many times, it will abort.
+
+You can tune this with these options:
+
+     -w 60    - How long we can go without seeing a packet
+     -W 1440  - How many times we can reset the socket without seeing a pocket
+
+For most of you, I'm monitoring your web sites. At minimum I should
+be hitting your mirror once every 30 minutes; somehow you should
+see and accept traffic in the time above (1 day!).
+
 
 REQUIREMENTS
 ------------
-- 
cgit v1.2.3