From owner-freebsd-questions@FreeBSD.ORG Sun Mar 9 10:39:27 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9493106566C for ; Sun, 9 Mar 2008 10:39:27 +0000 (UTC) (envelope-from dotyao@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.227]) by mx1.freebsd.org (Postfix) with ESMTP id 667958FC18 for ; Sun, 9 Mar 2008 10:39:27 +0000 (UTC) (envelope-from dotyao@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so1456934wxd.7 for ; Sun, 09 Mar 2008 03:39:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:disposition-notification-to:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=Z4JRAV393nPGxwYlrmQtO2c8xf14/GRW0XFdz6G+skU=; b=oMWCyGbLnpOSzQenRLT9PTYYengza346uc5Z5xl6Z4mf/hBLL7+7cppsFjhp16wUr1SAnxVA+/elA30FfXX+Yk2S56GMVeYjPFNRx3czB5apbbnOVKn4WfboOpRRxVWOp0+DAHBKPx5ro8tVphLIpby2mJLHEspxfq68sfdbFLQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:disposition-notification-to:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=U0MuVUIeWwgnsE2KgUBIDvaGopWl+9dy4TvXPcqkXp70Uimk/fZnuY1unRESU/i+4J6KT48+g9hEw+WNdSUeXYNC7CQG2gIy73cWD4nRcAzfNYvnTwKB2Tm7Hs//hfn+4UGEyt+7tfjo7ClvlbbMiUGxGNBWRg5jP4lnv4CYHcc= Received: by 10.100.167.3 with SMTP id p3mr8524234ane.90.1205059166794; Sun, 09 Mar 2008 03:39:26 -0700 (PDT) Received: from roy.wauee.com ( [222.49.92.171]) by mx.google.com with ESMTPS id i52sm12591605rne.9.2008.03.09.03.39.23 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 09 Mar 2008 03:39:26 -0700 (PDT) Message-ID: <47D42ED2.20605@gmail.com> Date: Sun, 09 Mar 2008 18:39:14 +0000 From: roy lee User-Agent: Thunderbird 2.0.0.12 (X11/20080307) MIME-Version: 1.0 To: Manolis Kiagias References: <47D40943.5080802@gmail.com> <47D3ABD0.5090108@otenet.gr> <47D42247.103@gmail.com> <47D3B52C.4040304@otenet.gr> In-Reply-To: <47D3B52C.4040304@otenet.gr> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: Re: Large numbers of Limiting open port RST response from 6 to 5 packets/sec X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2008 10:39:27 -0000 Manolis Kiagias 写道: > roy lee wrote: >> Manolis Kiagias 写道: >>> >>> >>> roy lee wrote: >>>> this is a web server,use nginx, Large numbers of Limiting >>>> open port RST response from 6 to 5 packets/sec. >>>> >>>> I need help. >>>> >>>> dmesg: >>>> Limiting open port RST response from 11 to 5 packets/sec >>>> Limiting open port RST response from 6 to 5 packets/sec >>>> Limiting open port RST response from 8 to 5 packets/sec >>>> Limiting open port RST response from 6 to 5 packets/sec >>>> Limiting open port RST response from 8 to 5 packets/sec >>>> Limiting open port RST response from 7 to 5 packets/sec >>>> Limiting open port RST response from 7 to 5 packets/sec >>>> Limiting open port RST response from 14 to 5 packets/sec >>>> Limiting open port RST response from 11 to 5 packets/sec >>>> Limiting open port RST response from 9 to 5 packets/sec >>>> Limiting open port RST response from 12 to 5 packets/sec >>>> Limiting open port RST response from 6 to 5 packets/sec >>>> ....... >>>> >>>> uname -a >>>> FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar >>>> 8 20:41:05 UTC 2008 roy@qz14253.tmdxy.org:/usr/obj/usr/src/sys/ >>>> qz2kernel i386 >>>> >>>> >>>> >>>> sysctl.conf: >>>> net.inet.icmp.drop_redirect=1 >>>> net.inet.icmp.log_redirect=1 >>>> net.inet.tcp.msl=2500 >>>> net.inet.icmp.icmplim=5 >>>> kern.ipc.somaxconn=32768 >>>> kern.ipc.shmall=32768 >>>> kern.ipc.shmmax=134217728 >>>> kern.ipc.semmap=256 >>>> >>>> >>> ICMP packets are rate-limited by the kernel, but you limited them >>> even more with this: >>> >>> net.inet.icmp.icmplim=5 >>> >>> This is the cause of your messages. Adjust it to about 500. >>> >>> >> if sysctl net.inet.icmp.icmplim=500 , the services will stop, >> twisted log : writev() failed (32: Broken pipe) while sending request >> to upstream > This is weird. We use 500 on a production web server (large torrent > site). Kernel default is 200, you may wish to use this value. > > Revised to 200,At present normal,I will continue to follow. thank you!