From owner-freebsd-current@FreeBSD.ORG Sat Aug 16 01:22:08 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02C6D106566B for ; Sat, 16 Aug 2008 01:22:08 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [64.7.153.18]) by mx1.freebsd.org (Postfix) with ESMTP id DB1EC8FC17 for ; Sat, 16 Aug 2008 01:22:07 +0000 (UTC) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smarthost1.sentex.ca (8.14.2/8.14.2) with ESMTP id m7G1M4jE098244; Fri, 15 Aug 2008 21:22:05 -0400 (EDT) (envelope-from mike@sentex.net) Received: from mdt-xp.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.8/8.13.3) with ESMTP id m7G1M4od052103 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 Aug 2008 21:22:04 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <200808160122.m7G1M4od052103@lava.sentex.ca> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Fri, 15 Aug 2008 21:22:00 -0400 To: Erol Akarsu From: Mike Tancsa In-Reply-To: <136625.5517.qm@web45211.mail.sp1.yahoo.com> References: <136625.5517.qm@web45211.mail.sp1.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Scanned-By: MIMEDefang 2.64 on 64.7.153.18 Cc: freebsd-current@freebsd.org Subject: Re: Limiting icmp unreach response fron 348 to 200 packets/sec X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Aug 2008 01:22:08 -0000 At 09:01 PM 8/15/2008, Erol Akarsu wrote: >Hi, > >Thanks for helping this. > >Now, I am getting "Limiting icmp unreach response fron 348 to 200 packets/sec" Hi, These questions are better asked on freebsd-questions@freebsd.org. But the above indicates processes are hitting your freebsd server on ports where nothing is listenting and the FreeBSD box is sending out "port unreachable" messages at a limit of 200 per second, but if it were to answer all bogus requests the rate would have been 348 per second. >In which conditions can we get this? does this effect functionality >of the system? other hosts are accessing ports on your server where nothing is listening. >How can I solve this issue? sysctl -w net.inet.tcp.blackhole=1 sysctl -w net.inet.udp.blackhole=1 to stop all the port unreachable messages, but ultimately find out why your program / application is not listening on that port. ---Mike