From owner-freebsd-hackers@FreeBSD.ORG Tue Oct 18 05:26:20 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4784E16A41F for ; Tue, 18 Oct 2005 05:26:20 +0000 (GMT) (envelope-from ray@redshift.com) Received: from mail.quickmeet.com (quickmeet.com [216.228.17.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BE9143D45 for ; Tue, 18 Oct 2005 05:26:19 +0000 (GMT) (envelope-from ray@redshift.com) Received: from workstation (workstation [192.168.20.250]) by mail.quickmeet.com (Postfix) with SMTP id 38A2217032; Mon, 17 Oct 2005 22:00:43 -0700 (PDT) Message-Id: <3.0.1.32.20051017222618.00a52d18@pop.redshift.com> X-Mailer: na X-Sender: redshift.com Date: Mon, 17 Oct 2005 22:26:18 -0700 To: "Mike Silbersack" From: ray@redshift.com In-Reply-To: <2718.64.215.82.94.1129600086.squirrel@webmail3.pair.com> References: <3.0.1.32.20051017175115.00a52d18@pop.redshift.com> <3.0.1.32.20051017175115.00a52d18@pop.redshift.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: freebsd-hackers@freebsd.org Subject: Re: Limiting closed port RST response from XXX to 200... X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2005 05:26:20 -0000 At 09:48 PM 10/17/2005 -0400, Mike Silbersack wrote: | > Hi, | > | > On a server I'm benchmark testing, via local host, I'm getting Limiting | > closed | > port RST response from XXXX to 200 packets/sec on the console when I'm | > running a | > lot of local connections very quickly all at once (about 7500 per second). | > I've | > added the following: | > | > net.inet.tcp.log_in_vain: 0 | > net.inet.udp.log_in_vain: 0 | > | > but still does it. Is there any way to disable it short of installing | > ipf? I'd | > like to see what the theoretical limit of the machine is without it | > perhaps | > limiting connections in some manner. | > | > Thanks! | > | > Ray | | Er, if you're seeing those messages, your benchmark is going very awry! | | The kernel is telling you that 7500 junk packets per second are coming in, | but that it has chosen to send RST packets in response to only 200 of | them. What you should be asking is - why are 7500 junk packets per second | coming into the system? This could be due to a flaw in how your benchmark | is setup (if you're trying to connect to a port that has no listening | service or DNS lookups to a nonexistent DNS server?), or it could be some | kernel bug you've uncovered. If it's the latter, then I would be very | interested in helping you get it fixed. | | There is a sysctl for disabling the reset rate limiting, but I would | suggest that you track down the source of the problem before resorting to | disabling the feature. | | Mike "Silby" Silbersack | | Hi Mike, Thanks for the pointers. I will check some of those areas you mention. Since I just threw this machine together real fast, I may have some DNS off the mark or something. BTW, the benchmark I'm using is 'ab' in apache/bin. I'm running it with -c 50 and -n 1000. Seems to only cause the RST thing on small files. Thanks again for the tips. Ray