From owner-freebsd-hackers  Wed Oct 17  9:36:41 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by hub.freebsd.org (Postfix) with ESMTP id E960937B408
	for <freebsd-hackers@freebsd.org>; Wed, 17 Oct 2001 09:36:36 -0700 (PDT)
Received: from mindspring.com (dialup-209.245.132.242.Dial1.SanJose1.Level3.net [209.245.132.242])
	by falcon.mail.pas.earthlink.net (8.11.5/8.9.3) with ESMTP id f9HGaQD29656;
	Wed, 17 Oct 2001 09:36:26 -0700 (PDT)
Message-ID: <3BCDB3BE.1B2E6AC6@mindspring.com>
Date: Wed, 17 Oct 2001 09:37:18 -0700
From: Terry Lambert <tlambert2@mindspring.com>
Reply-To: tlambert2@mindspring.com
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: David Malone <dwmalone@maths.tcd.ie>
Cc: Zhihui Zhang <zzhang@cs.binghamton.edu>,
	freebsd-hackers@freebsd.org
Subject: Re: Limiting closed port RST response
References: <Pine.SOL.4.21.0110171141520.608-100000@onyx> <20011017171016.A66131@walton.maths.tcd.ie>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

David Malone wrote:
> > I was using FreeBSD a while ago, suddenly a lot of messages show up:
> >
> > Limiting closed port RST responses from 224 to 200 packets per seconds.
> >
> > These messages persist even after reboot. What happened? What should I do?
> 
> Could someone be port scanning you? Another possibility is that you
> alot of machines are trying to contact a TCP service on the machine
> in question, which isn't running.

I've seen this while doing load testing.

In general, you want the limit threshold to be higher than
the connections per second rate, or you will get this message.

I have modified my code locally to crank it up to twice the
listen queue depth.  Frequently, you are just better off by
turning of the limiting entirely (there's s sysctl; look at
the code in netinet that emits the message, or grep sysctl -A
for "lim").

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message