System information
190 System Analysis and Tuning Guide
When the kernel queue becomes full, all new packets are dropped, causing exist-
ing connections to fail. The 'fail-open' feature, available since SUSE Linux En-
terprise Server 11 SP3, allows a user to temporarily disable the packet inspec-
tion and maintain the connectivity under heavy network traffic. For reference, see
https://home.regit.org/netfilter-en/using-nfqueue-and-
libnetfilter_queue/.
For more information, see the home page of the Netfilter and iptables project,
http://www.netfilter.org
16.4 For More Information
• Eduardo Ciliendo, Takechika Kunimasa: “Linux Performance and
Tuning Guidelines” (2007), esp. sections 1.5, 3.5, and 4.7: http://
www.redbooks.ibm.com/redpapers/abstracts/redp4285.html
• John Heffner, Matt Mathis: “Tuning TCP for Linux 2.4 and 2.6” (2006): http://
www.psc.edu/networking/projects/tcptune/#Linux