From owner-freebsd-hackers Wed Oct 17 10: 5:48 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 2C2F637B401 for ; Wed, 17 Oct 2001 10:05:42 -0700 (PDT) Received: (qmail 47910 invoked by uid 1000); 17 Oct 2001 17:05:38 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 17 Oct 2001 17:05:38 -0000 Date: Wed, 17 Oct 2001 12:05:38 -0500 (CDT) From: Mike Silbersack To: Terry Lambert Cc: David Malone , Zhihui Zhang , Subject: Re: Limiting closed port RST response In-Reply-To: <3BCDB3BE.1B2E6AC6@mindspring.com> Message-ID: <20011017120330.H47595-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 17 Oct 2001, Terry Lambert wrote: > > Could someone be port scanning you? Another possibility is that you > > alot of machines are trying to contact a TCP service on the machine > > in question, which isn't running. > > I've seen this while doing load testing. > > In general, you want the limit threshold to be higher than > the connections per second rate, or you will get this message. > > I have modified my code locally to crank it up to twice the > listen queue depth. Frequently, you are just better off by > turning of the limiting entirely (there's s sysctl; look at > the code in netinet that emits the message, or grep sysctl -A > for "lim"). > > -- Terry Wouldn't fixing your code so that it isn't dropping connections be a better plan? When things are working properly, there should be no need for RSTs to be thrown around the network. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message