From owner-freebsd-hackers@FreeBSD.ORG Tue Oct 18 01:48:07 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7459416A41F for ; Tue, 18 Oct 2005 01:48:07 +0000 (GMT) (envelope-from silby@silby.com) Received: from wbm3.pair.net (wbm3.pair.net [209.68.3.66]) by mx1.FreeBSD.org (Postfix) with SMTP id DE00D43D45 for ; Tue, 18 Oct 2005 01:48:06 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 13105 invoked by uid 65534); 18 Oct 2005 01:48:06 -0000 Received: from 64.215.82.94 ([64.215.82.94]) (SquirrelMail authenticated user silby@silby.com) by webmail3.pair.com with HTTP; Mon, 17 Oct 2005 21:48:06 -0400 (EDT) Message-ID: <2718.64.215.82.94.1129600086.squirrel@webmail3.pair.com> In-Reply-To: <3.0.1.32.20051017175115.00a52d18@pop.redshift.com> References: <3.0.1.32.20051017175115.00a52d18@pop.redshift.com> Date: Mon, 17 Oct 2005 21:48:06 -0400 (EDT) From: "Mike Silbersack" To: ray@redshift.com User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-hackers@freebsd.org Subject: Re: Limiting closed port RST response from XXX to 200... X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2005 01:48:07 -0000 > Hi, > > On a server I'm benchmark testing, via local host, I'm getting Limiting > closed > port RST response from XXXX to 200 packets/sec on the console when I'm > running a > lot of local connections very quickly all at once (about 7500 per second). > I've > added the following: > > net.inet.tcp.log_in_vain: 0 > net.inet.udp.log_in_vain: 0 > > but still does it. Is there any way to disable it short of installing > ipf? I'd > like to see what the theoretical limit of the machine is without it > perhaps > limiting connections in some manner. > > Thanks! > > Ray Er, if you're seeing those messages, your benchmark is going very awry! The kernel is telling you that 7500 junk packets per second are coming in, but that it has chosen to send RST packets in response to only 200 of them. What you should be asking is - why are 7500 junk packets per second coming into the system? This could be due to a flaw in how your benchmark is setup (if you're trying to connect to a port that has no listening service or DNS lookups to a nonexistent DNS server?), or it could be some kernel bug you've uncovered. If it's the latter, then I would be very interested in helping you get it fixed. There is a sysctl for disabling the reset rate limiting, but I would suggest that you track down the source of the problem before resorting to disabling the feature. Mike "Silby" Silbersack