From owner-freebsd-stable@FreeBSD.ORG Tue May 20 12:30:20 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6698037B401 for ; Tue, 20 May 2003 12:30:20 -0700 (PDT) Received: from mail.takas.lt (mail-src.takas.lt [212.59.31.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0246C43FAF for ; Tue, 20 May 2003 12:30:19 -0700 (PDT) (envelope-from razzmatazz@mail.lt) Received: from midway.tamsa ([213.190.36.209]) by mail.takas.lt with Microsoft SMTPSVC(5.0.2195.5329); Tue, 20 May 2003 22:30:17 +0300 Received: from highland.tamsa ([10.0.1.1] helo=highland) by midway.tamsa with smtp (Exim 4.20) id 19IDku-0000CA-Et for freebsd-stable@freebsd.org; Tue, 20 May 2003 22:30:40 +0200 From: Saulius Menkevičius To: X-Mailer: PocoMail 2.6 (1006) - Licensed Version Date: Tue, 20 May 2003 22:33:47 +0200 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: X-OriginalArrivalTime: 20 May 2003 19:30:17.0843 (UTC) FILETIME=[3EAF0C30:01C31F06] Subject: lots of sockets in TIME_WAIT X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2003 19:30:20 -0000 =09Hi there, I have some DDOS(?) attack on my router going where my apache= HTTP server is flooded with short-timed connections from some host.= This results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states= and eventually I'm out of mbufs, which, consequently means I can't= even connect to the router from LAN. The kern.ipc.nmbclusters is 2560,= (I guess high enough for router with DSL connection). =09After some time all mbufs are depleted (system says "All mbuf cluster exhausted"). However, unexpectedly the system panics= shortly in about 10 minutes (+/-) with: /kernel: All mbuf cluster exhausted, please see tuning(7) /kernel: looutput: mbuf allocation failed /kernel: panic: sbappendaddr /kernel: /kernel: syncing disks.... . . =09I don't think this behaviour (a panic) is normal. This crash is= happens often when I'm under such attack and I guess I can easily= give crash dump, kgdb output or something like, if you need. =09System is running 4.8-RELEASE, on iPentium166/mmx with 64MB of= RAM. 4 NICs, BRIDGE on two of them. =09Thanks for any response.. P.S. (is there some sysctl oid for setting TIME_WAIT duration?) -- Saulius Menkevicius, razzmatazz@mail.lt on 05.20.2003