Limiting closed port RST response from XXX to 200...
Mike Silbersack
silby at silby.com
Mon Oct 17 18:48:07 PDT 2005
> Hi,
>
> On a server I'm benchmark testing, via local host, I'm getting Limiting
> closed
> port RST response from XXXX to 200 packets/sec on the console when I'm
> running a
> lot of local connections very quickly all at once (about 7500 per second).
> I've
> added the following:
>
> net.inet.tcp.log_in_vain: 0
> net.inet.udp.log_in_vain: 0
>
> but still does it. Is there any way to disable it short of installing
> ipf? I'd
> like to see what the theoretical limit of the machine is without it
> perhaps
> limiting connections in some manner.
>
> Thanks!
>
> Ray
Er, if you're seeing those messages, your benchmark is going very awry!
The kernel is telling you that 7500 junk packets per second are coming in,
but that it has chosen to send RST packets in response to only 200 of
them. What you should be asking is - why are 7500 junk packets per second
coming into the system? This could be due to a flaw in how your benchmark
is setup (if you're trying to connect to a port that has no listening
service or DNS lookups to a nonexistent DNS server?), or it could be some
kernel bug you've uncovered. If it's the latter, then I would be very
interested in helping you get it fixed.
There is a sysctl for disabling the reset rate limiting, but I would
suggest that you track down the source of the problem before resorting to
disabling the feature.
Mike "Silby" Silbersack
More information about the freebsd-hackers
mailing list