From nobody Sat Aug 31 19:02:11 2024
X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wx4CC1qrJz5MshM
	for <freebsd-stable@mlmmj.nyi.freebsd.org>; Sat, 31 Aug 2024 19:02:31 +0000 (UTC)
	(envelope-from kob6558@gmail.com)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Wx4CB75Xdz4b8s
	for <freebsd-stable@freebsd.org>; Sat, 31 Aug 2024 19:02:30 +0000 (UTC)
	(envelope-from kob6558@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-ot1-x333.google.com with SMTP id 46e09a7af769-70f6cb5518aso973955a34.1
        for <freebsd-stable@freebsd.org>; Sat, 31 Aug 2024 12:02:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1725130948; x=1725735748; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=6o/7yNdm7jTJ3y/SR/QHnx2AdX93/494AAqT7lluRa8=;
        b=Sq4DVBMyrO2yw6PNKOXg3aGM5l4QiTYjbHKdfW3vxIcLT0/GwYQX+f39maFbhMmF9X
         rHbCUNZL8RKewXl5SGHR/0C6jb9rip3kGkxuDQqahBo5RiDJ07beGEuErkNFtwdk2gtG
         eC17YuMimM31Ye9k9ULulq+8GHcrbfsQuQlv/RVf2XGDspSRIHAoiECYkq9NQ+LqExz6
         DxGboEP1U4FuhxYKVWzpw1lfTMhmfpoue6co70+rW0stjBLP18+7Moh3Cq/Ta54fenag
         NeUb5N1gInt46cSOYQvGe+sm7Y7s13p0BQQ/NtgNuLgqWRK38A4JvZ2uHFgGC0tmwKsw
         +tXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1725130948; x=1725735748;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=6o/7yNdm7jTJ3y/SR/QHnx2AdX93/494AAqT7lluRa8=;
        b=rilhmReTDpKSEh4oSvIviO/5wTXOd+8b22luzjYGVcpL+8cwg9jgLmsQg/NAhtSB0J
         OaHvULcr3jzacsuWF6e26+gN8R5lM2BnHH57LFpMKzWH7aUbpc5TeUVl44XKy9pKdoAo
         XBi+gbbTCyXFrr6RaJWCQf8XhdfK4Pv9jX6VHNiGevj4Z8wskGCfOJsqSpuusrM1Z3kA
         /HPNtMKR8sA97KA83g0SgQ/ILKNfTt38oMRLFlLzW4NlRytWtFa9bx/Pevg2l3zsbelp
         OnIq+/j6YNaQQKr+c2Conb1htIaf3XbW4Fg3iHEg+ujKT6ttStlvvMZ2iQ8acGkK79LE
         cTZw==
X-Gm-Message-State: AOJu0Yw9qGZmvdw33tk2HLU5hwto4o06Kg7r1HCD6VOp5ctYZ9AM3/H2
	LHN4Vmc/oR0JxVngdHHRWJaEn9s7EF1qOPf8hplEnWI3HSk+NchBFq2AiekEwjCuLoXCXTFZcJ4
	DhiYdS1hGSFrTndZdveGojNSpFok=
X-Google-Smtp-Source: AGHT+IFIIeEWHP/oHSnuvqfqtkP9rMqKA4HUK6zh34LuOqXJIHdZfy1XzU9PSBTIWzWeySFmLlWmEnYJ0WZBME86tfE=
X-Received: by 2002:a05:6830:3908:b0:704:45b5:6464 with SMTP id
 46e09a7af769-70f71fc8134mr3279849a34.29.1725130947687; Sat, 31 Aug 2024
 12:02:27 -0700 (PDT)
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-stable
List-Help: <mailto:stable+help@freebsd.org>
List-Post: <mailto:stable@freebsd.org>
List-Subscribe: <mailto:stable+subscribe@freebsd.org>
List-Unsubscribe: <mailto:stable+unsubscribe@freebsd.org>
X-BeenThere: freebsd-stable@freebsd.org
Sender: owner-freebsd-stable@FreeBSD.org
MIME-Version: 1.0
References: <27a993d5-c456-4add-8893-3e86af747ab1@twisted.org.uk>
In-Reply-To: <27a993d5-c456-4add-8893-3e86af747ab1@twisted.org.uk>
From: Kevin Oberman <rkoberman@gmail.com>
Date: Sat, 31 Aug 2024 12:02:11 -0700
Message-ID: <CAN6yY1vPXzAP3nTyOB1RM6GLWn5iLkePGMbyaPbtaYG5xqn9DQ@mail.gmail.com>
Subject: Re: How to diagnose "Limiting closed port RST response from 213 to
 205 packets/sec" ?
To: Pete French <pete@twisted.org.uk>
Cc: FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>
Content-Type: multipart/alternative; boundary="00000000000053fd050620ff595a"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4Wx4CB75Xdz4b8s

--00000000000053fd050620ff595a
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 31, 2024 at 7:32=E2=80=AFAM Pete French <pete@twisted.org.uk> w=
rote:

> So I am running some servers with 14.1-STABLE, pretty standard - Apache
> + mysql setup, and I am seeing a lot of the above messages. I have
> always seen these form time to time, but recently I have had compmnaits
> from a customer about the webservers being unavailable, and the times
> they give correspond to bursts of these errors.
>
> I dont see any other errors, and am wondering how to get more info about
> this message. Knowing if its IPv4 or IPv6 would be nice. Knowing the
> port that is closed would be ideal. I have a feeling that the closed
> port is the one which Apaxche is suppsoed to be listenin gon (I cant
> think of nay other ports which would get hammered), but that should
> never be closed.
>
> Any advice ?
>
> -pete.
>

These are not errors. It is telling you that someone is likely doing
something wrong, probably by error but possibly rudely.

I believe that it means that a closed port is receiving a lot of SYNs. See
the discussion on BSD forums
<https://forums.freebsd.org/threads/limiting-closed-port-rst-response.72131=
/>
.


--=20
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

--00000000000053fd050620ff595a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon=
t-family:tahoma,sans-serif;font-size:small">On Sat, Aug 31, 2024 at 7:32=E2=
=80=AFAM Pete French &lt;<a href=3D"mailto:pete@twisted.org.uk">pete@twiste=
d.org.uk</a>&gt; wrote:</div></div><div class=3D"gmail_quote"><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli=
d rgb(204,204,204);padding-left:1ex">So I am running some servers with 14.1=
-STABLE, pretty standard - Apache <br>
+ mysql setup, and I am seeing a lot of the above messages. I have <br>
always seen these form time to time, but recently I have had compmnaits <br=
>
from a customer about the webservers being unavailable, and the times <br>
they give correspond to bursts of these errors.<br>
<br>
I dont see any other errors, and am wondering how to get more info about <b=
r>
this message. Knowing if its IPv4 or IPv6 would be nice. Knowing the <br>
port that is closed would be ideal. I have a feeling that the closed <br>
port is the one which Apaxche is suppsoed to be listenin gon (I cant <br>
think of nay other ports which would get hammered), but that should <br>
never be closed.<br>
<br>
Any advice ?<br>
<br>
-pete.<br></blockquote><div><br></div><div style=3D"font-family:tahoma,sans=
-serif;font-size:small" class=3D"gmail_default">These are not errors. It is=
 telling you that someone is likely doing something wrong, probably by erro=
r but possibly rudely.</div><div style=3D"font-family:tahoma,sans-serif;fon=
t-size:small" class=3D"gmail_default"><br></div><div style=3D"font-family:t=
ahoma,sans-serif;font-size:small" class=3D"gmail_default">I believe that it=
 means that a closed port is receiving a lot of SYNs. See the discussion on=
 <a href=3D"https://forums.freebsd.org/threads/limiting-closed-port-rst-res=
ponse.72131/">BSD forums</a>.<br></div></div><br clear=3D"all"><br><span cl=
ass=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmai=
l_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><=
div><div dir=3D"ltr">Kevin Oberman, Part time kid herder and retired Networ=
k Engineer<br>E-mail: <a href=3D"mailto:rkoberman@gmail.com" target=3D"_bla=
nk">rkoberman@gmail.com</a><br></div><div>PGP Fingerprint: D03FB98AFA78E3B7=
8C1694B318AB39EF1B055683</div></div></div></div></div></div></div></div></d=
iv>

--00000000000053fd050620ff595a--