The Wire · Showcase
CONNTRACK CRISIS AVERTED: ARCH DEPLOYS SILENT-DROP DETECTION
By RepoJournal · Filed · About Arch Linux
Arch infrastructure just plugged a networking time bomb that was silently killing TCP connections on redirect.archlinux.org without anyone knowing.
The conntrack table on the redirect service was filling up faster than anyone realized, and when it hits capacity, the kernel doesn't error out or warn you - it just drops new connections silently [1]. Arch deployed a two-part fix overnight: a Prometheus alert that fires when conntrack entries exceed 80% of the system limit [2], and an immediate increase to the conntrack limit on redirect.archlinux.org itself to prevent the table from filling in the first place [3] [4]. This catches the problem before users do. On the package side, the Haskell ecosystem continues its steady march with data-fix, tasty-inspection-testing, hspec-expectations, and tf-random all moving through staging [5] [6] [7] [8], while fish 4.8.0 hit testing [9] and archweb received a routine update [10].
Action items
- → Monitor conntrack alert in Prometheus for any services with similar patterns archlinux/infrastructure [monitor]
- → Watch fish 4.8.0 in testing for any shell integration issues before promotion archlinux/packages [monitor]
References
- [1] prometheus: Add alert when conntrack table fills up archlinux/infrastructure
- [2] Merge branch 'add-conntracking-alert' into 'main' archlinux/infrastructure
- [3] Merge branch 'increase-redirect-conntrack-limit' into 'main' archlinux/infrastructure
- [4] Increase conntrack limit for redirect.archlinux.org archlinux/infrastructure
- [5] update haskell-data-fix to 0.3.4-230 in extra-staging-x86_64 archlinux/state
- [6] update haskell-tasty-inspection-testing to 0.2.1-465 in extra-staging-x86_64 archlinux/state
- [7] update haskell-hspec-expectations to 0.8.4-96 in extra-staging-x86_64 archlinux/state
- [8] update haskell-tf-random to 0.5-1222 in extra-staging-x86_64 archlinux/state
- [9] update fish to 4.8.0-1 in extra-testing-x86_64 archlinux/state
- [10] archweb: Update to latest version archlinux/infrastructure
FAQ
- What changed in Arch Linux on July 2, 2026?
- Arch infrastructure just plugged a networking time bomb that was silently killing TCP connections on redirect.archlinux.org without anyone knowing.
- What should Arch Linux teams do about it?
- Monitor conntrack alert in Prometheus for any services with similar patterns • Watch fish 4.8.0 in testing for any shell integration issues before promotion
- Which Arch Linux repositories shipped on July 2, 2026?
- archlinux/infrastructure, archlinux/state