From owner-freebsd-questions@FreeBSD.ORG Sun Mar 9 09:45:55 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 317841065674 for ; Sun, 9 Mar 2008 09:45:55 +0000 (UTC) (envelope-from dotyao@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.243]) by mx1.freebsd.org (Postfix) with ESMTP id D790D8FC16 for ; Sun, 9 Mar 2008 09:45:54 +0000 (UTC) (envelope-from dotyao@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so423800anc.13 for ; Sun, 09 Mar 2008 01:45:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:disposition-notification-to:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=autvQQTsOq/gdFzgnviMHOfYrA17xrKxCxKebKAp4Ts=; b=NNo2f2WgaWoNoBStwOKqYkvq3mRCcah/JwptIP/HnowX/BzW1ZU50ZMyzmS0Jh3s7gwDmVfHjc7xL/JLqqES3DTKPjdNlDIeKuZ3Ag6MSDbeLhBmdCBV8hSn2L5DPfpT5T/sAUylpV/OOLfoHNfXwRLGQe6VSwSuXt1iEf/kpUA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:disposition-notification-to:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=N+/FJhSETDOfTTKfdZMp1kUih//yUyhCJJEVDHECHtY4VNk+vbCueSlvbI9eh6CWNB75ZvGR8W0XcMJLuO/QX82P442J4cXcOvKrNZ9A6wmgef18pNYNOikbUfaUjsnxCzexov4FLB82ZL/7LKKBv4+ol2Ac9EIP/sg+YuG9ZJ0= Received: by 10.100.196.17 with SMTP id t17mr8561883anf.63.1205055954159; Sun, 09 Mar 2008 01:45:54 -0800 (PST) Received: from roy.wauee.com ( [222.49.92.171]) by mx.google.com with ESMTPS id s54sm12533612rnb.14.2008.03.09.01.45.52 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 09 Mar 2008 01:45:53 -0800 (PST) Message-ID: <47D42247.103@gmail.com> Date: Sun, 09 Mar 2008 17:45:43 +0000 From: roy lee User-Agent: Thunderbird 2.0.0.12 (X11/20080307) MIME-Version: 1.0 To: Manolis Kiagias References: <47D40943.5080802@gmail.com> <47D3ABD0.5090108@otenet.gr> In-Reply-To: <47D3ABD0.5090108@otenet.gr> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: Re: Large numbers of Limiting open port RST response from 6 to 5 packets/sec X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2008 09:45:55 -0000 Manolis Kiagias 写道: > > > roy lee wrote: >> this is a web server,use nginx, Large numbers of Limiting >> open port RST response from 6 to 5 packets/sec. >> >> I need help. >> >> dmesg: >> Limiting open port RST response from 11 to 5 packets/sec >> Limiting open port RST response from 6 to 5 packets/sec >> Limiting open port RST response from 8 to 5 packets/sec >> Limiting open port RST response from 6 to 5 packets/sec >> Limiting open port RST response from 8 to 5 packets/sec >> Limiting open port RST response from 7 to 5 packets/sec >> Limiting open port RST response from 7 to 5 packets/sec >> Limiting open port RST response from 14 to 5 packets/sec >> Limiting open port RST response from 11 to 5 packets/sec >> Limiting open port RST response from 9 to 5 packets/sec >> Limiting open port RST response from 12 to 5 packets/sec >> Limiting open port RST response from 6 to 5 packets/sec >> ....... >> >> uname -a >> FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar >> 8 20:41:05 UTC 2008 roy@qz14253.tmdxy.org:/usr/obj/usr/src/sys/ >> qz2kernel i386 >> >> >> >> sysctl.conf: >> net.inet.icmp.drop_redirect=1 >> net.inet.icmp.log_redirect=1 >> net.inet.tcp.msl=2500 >> net.inet.icmp.icmplim=5 >> kern.ipc.somaxconn=32768 >> kern.ipc.shmall=32768 >> kern.ipc.shmmax=134217728 >> kern.ipc.semmap=256 >> >> > ICMP packets are rate-limited by the kernel, but you limited them even > more with this: > > net.inet.icmp.icmplim=5 > > This is the cause of your messages. Adjust it to about 500. > > if sysctl net.inet.icmp.icmplim=500 , the services will stop, twisted log : writev() failed (32: Broken pipe) while sending request to upstream