Date: Mon, 27 Oct 2014 10:43:20 -0200 From: Tiago Felipe <lists@connectionlost.com.br> To: Gary Palmer <gpalmer@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: dropped due to the socket Message-ID: <544E3DE8.2060602@connectionlost.com.br> In-Reply-To: <20141027122116.GA6851@in-addr.com> References: <544E25E1.8060202@connectionlost.com.br> <544E2ACD.6060901@multiplay.co.uk> <544E2CF8.3090208@connectionlost.com.br> <20141027122116.GA6851@in-addr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0vl2onTpR3dQgfrdq9TsV8ORNXdt4tj9J Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Thanks for the explanation, net.inet.udp.log_in_vain was very well put, now I can debug better. I'll do some more tests and then come back here to the list. Thank you Steven and Gary. []s On 27/10/14 10:21, Gary Palmer wrote: > On Mon, Oct 27, 2014 at 09:31:04AM -0200, Tiago Felipe wrote: >> Maybe, but do not believe it, because when you turn it on, the counter= >=20 >=20 > Turn what on, exactly? >=20 >=20 >> "dropped due to the socket" has gradually increased, this machine acts= >=20 >=20 > Please provide the exact output from the "netstat -s -s" command that > you are talking about. There is no such statistic > "dropped due to the socket". >=20 >=20 >> as pppoe concentrator, mpd5 and netgraph .. >> I have clients with public IP and nat44. >> >> I'm doing tests yet, but I've read a lot about and looked for similar >> problems, could not come to a conclusion ... >=20 >=20 > If you are referring to "dropped due to no socket" it means that=20 > a UDP packet arrived for a port that had no socket listening on it. >=20 > If you are referring to another statistic please provide the *exact* > statistic >=20 > If you want to see what UDP requests are being dropped due to no > socket then run this as root: >=20 > sysctl net.inet.udp.log_in_vain=3D1 >=20 > it may produce a LOT of logs, so to turn it off again to: >=20 > sysctl net.inet.udp.log_in_vain=3D0 >=20 > The log_in_vain output should go to the console and anywhere in syslog > you have configured to receive kern.info syslog events. >=20 > If you have an idle system where the counter is not incrementing > and it is passing no traffic (a VM with no network would be ideal) > you can test the behaviour of the "dropped due to no socket" statistic = > yourself. >=20 > Run: >=20 > netstat -s -s | grep 'dropped due to no socket' > traceroute localhost > netstat -s -s | grep 'dropped due to no socket' >=20 > The 'dropped due to no socket' count should go up by 3, for the 3 > traceroute packets that tried to connect to a port that had no listenin= g > socket. You can use the net.inet.udp.log_in_vain sysctl to see the 3 > traceroute packets during the test if you are interested.=20 >=20 > If you aren't running any firewalls, then as Steve mentioned the most > likely reason is people scanning your box looking for vulnerabilities. = > e.g. I see people try to hit the SIP port (UDP 5060) every day on IPs > that don't run any SIP services. It's also possible that some > customer equipment is hitting ports on your PPPOE termination boxes > as the box is the "other end" of the PPPOE session and the customer > equipment is trying to use that "other end" for services, e.g. DNS, NTP= > or similar, even if your PPP session points them elsewhere for those > services >=20 > Regards, >=20 > Gary >=20 >> >> >> Thank you >> >> On 27/10/14 09:21, Steven Hartland wrote: >>> I assume you mean "dropped due to *no *socket" which means your seein= g >>> requests to a port which isn't open, possibly due to being port scann= ed? >>> >>> On 27/10/2014 11:00, Tiago Felipe wrote: >>>> Good afternoon! >>>> >>>> I have seen "dropped due to the socket" on multiple servers with >>>> Freebsd, this case is a Release 10. >>>> # Netstat -s -s >>>> ... >>>> 4614884 dropped due to the socket >>>> ... >>>> >>>> In this case the current flow is 700mbits download and 80mbits uploa= d, >>>> averaging 130kpps. >>>> >>>> I've done many changes in sysctl.conf and loader.conf, swapped hardw= are >>>> and have not had many improvements. >>>> >>>> Can anyone tell me the reason? I'm looking for it to weeks, but stil= l no >>>> result. >>>> >>>> >>>> Thank you so much. >>>> >>>> >>> >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org= " >> >> --=20 >> []s >> >=20 >=20 --=20 []s --0vl2onTpR3dQgfrdq9TsV8ORNXdt4tj9J Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUTj3rAAoJEMR7HC7H8wTJlioP/i9Hmeh4qsJB18w+hHIY0Nvv 9++jPfEa2V6/CzZpAZ+zVLVJJXyPdUSfVkslT/CdKBersnyLBFgoQ6t+D/P/g1dk T/QwBDB2aprDFsvQneF4mGhh4dziWcuHw35m2vjbd27ikzIjnkGy/HFmJ48Lbfup yo9dWeIrQTe78bEOz4spDHl7cWZNMCTvi5eDIn9aEdBfKjeCD9wo20YqQpGg+Ovg Shjg5KIQBIoMk80XhzQE5pKe4zQsx8b0LS2y7YsmT5djDq5ok2fCesIetGd7Ks1T HbGhv95vjHcKk1g3L77I10RcRwqctNLpmilI5gXbiAvQwmZY/egk0OW50rjmvNiR baiP0TR/jERM5NmVwcKiGzLOE6HFvPDciJpfaT/Y67veR74cJtQCCz4sg5hSjxDo 4J97ALt5b4YIGJDfjOuKXWa4nLl1NqXYWyet0R7pqaQ3DZTJosh13tUgnp7AWmsJ EixjqUryxqw80bjbqNcqsgk/JuA4m5gth0eSt8nJFTGr+hvrm6ttqtHflsW7IeBk kilCmDCsglab90XUW/QEGrhu/WRl58s9erK7ArktI5P0huA7I6I7DVj2HZ++5SCY 2LiVPJ9e3EsN0ISpWHoUQKn6NbB6svB6QJV5tjKHJgnVjzNVYm5LQGADcSZEdG9U hArmco4Fs4xnVncNK2dZ =DCD3 -----END PGP SIGNATURE----- --0vl2onTpR3dQgfrdq9TsV8ORNXdt4tj9J--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?544E3DE8.2060602>