From owner-freebsd-stable  Fri Jun  9 19:59:13 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from mail.rdc1.ne.home.com (ha1.rdc1.ne.home.com [24.2.4.66])
	by hub.freebsd.org (Postfix) with ESMTP id 6AD7637BBBB
	for <freebsd-stable@FreeBSD.ORG>; Fri,  9 Jun 2000 19:59:03 -0700 (PDT)
	(envelope-from damascus@eden.rutgers.edu)
Received: from athena ([24.3.219.36]) by mail.rdc1.ne.home.com
          (InterMail vM.4.01.02.00 201-229-116) with ESMTP
          id <20000610025902.QLUH14727.mail.rdc1.ne.home.com@athena>
          for <freebsd-stable@FreeBSD.ORG>; Fri, 9 Jun 2000 19:59:02 -0700
Message-Id: <4.2.2.20000609224908.03774100@email.eden.rutgers.edu>
X-Sender: damascus@email.eden.rutgers.edu
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 
Date: Fri, 09 Jun 2000 22:58:03 -0500
To: freebsd-stable@FreeBSD.ORG
From: Carroll Kong <damascus@eden.rutgers.edu>
Subject: 3.4-release box stalling out
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

	Hi there.  3.4-Release, 64 megs of ram, using ipfilter 3.4.4 with ipnat.
	Mbufs were at default.
	Max users were at 64.
	using ICMP_bandwidth limiting,
	tcp synfin blocking
	tcp_rst restrict.

	Those were the most notable kernel configuration options.  The rest was 
default.  Slow degradation of TCP/IP socket opening requests.  I.e.  Takes 
a long time to ssh in.  (and it is not network traffic as I can ssh to the 
box next to it fine.).  It gets so bad, that soon almost all requests are 
rejected.  OS does not note any wide range DoS attacks.  Is there an easy 
way for me to check?  netstat -a i guess?  My best guess is not enough 
mbufs.  (sorry, when I did netstat -m, i didn't see the peak.. :(  ).  I am 
using ipfilter with full stateful goodness.  So maybe it is overflowing 
somehow?  I also thought maybe tcp_rst restrict might be doing something 
since even though we are not a web server, we are running port 80 
requests?  ( I guess no relation?).  I guess I will run pstat -T; netstat 
-m next time it happens.
	I checked 3.4-release errata and no mention of any issues.  Is there 
something I missed?  I tried to be as descriptive as possible.  If this 
report is not sufficient, could someone please tell me what else I should 
describe?  Thanks guys!

-Carroll Kong



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message