Date: Mon, 17 Oct 2005 21:48:06 -0400 (EDT) From: "Mike Silbersack" <silby@silby.com> To: ray@redshift.com Cc: freebsd-hackers@freebsd.org Subject: Re: Limiting closed port RST response from XXX to 200... Message-ID: <2718.64.215.82.94.1129600086.squirrel@webmail3.pair.com> In-Reply-To: <3.0.1.32.20051017175115.00a52d18@pop.redshift.com> References: <3.0.1.32.20051017175115.00a52d18@pop.redshift.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi, > > On a server I'm benchmark testing, via local host, I'm getting Limiting > closed > port RST response from XXXX to 200 packets/sec on the console when I'm > running a > lot of local connections very quickly all at once (about 7500 per second). > I've > added the following: > > net.inet.tcp.log_in_vain: 0 > net.inet.udp.log_in_vain: 0 > > but still does it. Is there any way to disable it short of installing > ipf? I'd > like to see what the theoretical limit of the machine is without it > perhaps > limiting connections in some manner. > > Thanks! > > Ray Er, if you're seeing those messages, your benchmark is going very awry! The kernel is telling you that 7500 junk packets per second are coming in, but that it has chosen to send RST packets in response to only 200 of them. What you should be asking is - why are 7500 junk packets per second coming into the system? This could be due to a flaw in how your benchmark is setup (if you're trying to connect to a port that has no listening service or DNS lookups to a nonexistent DNS server?), or it could be some kernel bug you've uncovered. If it's the latter, then I would be very interested in helping you get it fixed. There is a sysctl for disabling the reset rate limiting, but I would suggest that you track down the source of the problem before resorting to disabling the feature. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2718.64.215.82.94.1129600086.squirrel>